Monday, August 6, 2018

No autographs, please


Beginning April 14, 2018, some of the major credit card companies eliminated the need to sign receipts, for any amount. American Express, Mastercard, Visa, and Discover had a previous signature requirement for any purchase over $50. The major card companies ended the requirement hoping to expedite customer experience at checkout. Since the announcement, it seems as if every store now has a different requirement at checkout. Some checkouts are as simple as tap and go-some still require a signature.

Signing

Signing the keypads was a holdover from the credit receipt days when your signature acknowledged that you were responsible for the charge. This carried over to the electronic signature pads, which really just became an acknowledgment of the purchase. Even if someone did steal your card they could sign any name. Credit card companies and merchants would use the signature to settle sale disputes, but with advancement, in fraud detection technology they say signatures are no longer necessary. Over the years the need for a signature had become a joke to some. People scribble on signature pads, sometimes with their fingers, illegible signatures or actually write, “This is not my card”, to test cashiers. The truth is, cashiers would rarely look at the back of the cards. With the advent of the keypads, the cards rarely exchanged hands so cashiers could not compare the signatures. Some retailers would ask for ID to compare the customer with the name on the card. This is becoming even rarer.

Why sign the back?

Most cards require a signature on the card to “validate” the card. In an attempt at fraud protection, some customers refuse to sign the card or write, “Ask for ID”.  Sometimes this works, but most of the feedback I’ve heard is the cashier refusing to accept the card. If the card is not signed and is stolen then the thief could use his or her own signature. 

Card signatures are probably moot because the card rarely exchanges hands. Except in the restaurant industry. With all of the fraud protection and level of security awareness, we assume we achieve, a restaurant is still one of the very few places we had our cards to strangers and allows them to walk out of our view.

As fraud detection technology advanced the need for signatures has decreased in the last several years. The implementation of the EMV (Europay, Mastercard, Visa-Which are the companies that developed the technology) chip and contactless readers has eliminated the need for the signature as these advancements have decreased the use of fraudulent cards. Unlike the magnetic strips, chips protect against hacking as the chips produce a one-time password or token to exchange the card data. Hackers may be able to obtain the information through breaches but it is unlikely they would be able to use the data or it would be too costly to decipher. This is the same technology used when using a Smartphone to pay at a contactless reader.  

Speed speed speed

In reading all the news releases regarding the removal of the signature requirement, the constant theme was speed at the checkout. Banks and merchants want to get customers through the checkout as quickly as possible. This also removes the cashier’s interaction with the customer’s card. The onus is on the “system”, not the cashier to verify the card. What it doesn’t do is verify the identity of the possessor.

Chip technology only proves that the card is real. It does not provide security as to the identity of the possessor. Therefore, if your card is stolen it can still be used until canceled. That is why it is extremely important to report your cards as lost or stolen immediately after discovering such. Some banks offer a mobile feature that allows you to remotely freeze your card until it can be found or verified that it has been lost or stolen.

Banks are experimenting with biometric identification methods to further verify the card’s user. Similar to your Smartphone, fingerprint verification would be needed to approve the transaction. Europeans have been using chip-embedded cards, since 1994. The next step in European credit security will be chip and PIN, which will require users to enter a PIN to verify identity. The same as using a debit card. America had been slow to adopt chip-embedded cards due to the millions of magnetic strips already in use. With the push for speed at checkout, Americans will get use to not having a signature pause and may balk at having to add a PIN to the process.

Retailers will have the decision whether or not to require the signature. Some have already become removing the requirement. Some may be restricted by the hardware used to complete the credit transactions. As point of sale equipment is updated even more merchants will not require signatures.

Until then don’t be shocked if the clerk just smiles and hands you the receipt. Or would you like it emailed?

Refer to the blog archive and categories for more posts about identity theft and fraud.

No comments:

Post a Comment