Hacker News new | ask | show | jobs
by aneth 5157 days ago
Given the fact that your signature is on the card, this seem rather ineffective. Approximate signatures are easy to forge and no merchant will deny a transaction based on a different signature.

In fact, that is not the purpose of your signature. The purpose is that you are signing a contract and agreeing to pay. It has nothing to do with security or fraud and merchants are not supposed to check signature matches - only that you signed.

A smiley face is a valid signature, as long as it is you and you agree to the credit card contract.
1 comments
hammock 5157 days ago
Actually, signing the receipt has everything to do with fraud. If you use a credit card in a transaction you are required to pay regardless of whether you sign an agreement saying so. The difference is, if the merchant does not collect your signature, they are liable for any chargebacks AKA reports of fraud whereas the bank would be if the merchant did collect the signature. [1][2]

My point in bringing up the signature line on the back of the card is that, while it might not meet your personal standard of effectiveness, it is an example of "a pin at checkout is a good one to reduce fraud. However it is more work for the consumer, and reduces the bank's liability." Signature verification is an old-fashioned, and perhaps imperfect, nonetheless established method of security.

If you have ever used traveler's checks, you will know that they also use signature-matching as the method of security/verification.

[1] http://www.npr.org/templates/story/story.php?storyId=9227832... [2] http://minnesota.cbslocal.com/2012/02/14/good-question-why-d...

link
aneth 5157 days ago
Because if you did not sign, there is no written contract for that transaction, so there is far less of a case that the charge is valid. Regardless of what the signature looks like, you are liable if it was you (or someone you authorized) who signed and you are not liable otherwise. You are even liable if you charged for the transaction but did not sign - there is just no written, signed contract, so you are presumed not to have agreed to the charge.

None of the above is legal advice as IANAL, however I do believe it is correct.

Do you really think a merchant can verify those electronic scribbles on a tiny, crappy pen input device? No. Any mark made by you with the intent to sign is a legal signature.

Read more here:

http://www.npr.org/templates/story/story.php?storyId=9227832...

link
jacquesm 5157 days ago
You are entirely correct. The difference between online payments and any POS transaction can be summed up in three words, 'card not present'.

3DS attempts to create a 'cardholder present' situation, hence the shift of liability.

link
hammock 5156 days ago
Did you think I was arguing a smiley face is not a valid signature?
link