Credit card companies, banks, and retailers have invested billions of dollars in increasing credit card security, yet stories of fraud and large-scale hacks still make headline news. The most recent update to credit card security was the introduction of EMV cards. Named for the three companies that pioneered these microchipped cards, Europay, Mastercard, and Visa, EMV cards offer greater security by replacing the need for a signature with a personal identification number (PIN).
However, some credit card holders and merchants still rely on a signature, believing this enough to keep their transactions secure. The reality is that determined thieves can take advantage of the signature process in many ways. While credit card companies and banks work to increase transaction security for their customers, it's important for those customers to be aware of the potential security risks that come with relying only on a signature.
The Determined Con Artist
Image via Flickr by cafecredit
Fraud perpetrators seek the path of least resistance to accomplish their misdeeds. Obtaining a signature is easier than you may think. Determined con artists can go a step further by creating cloned credit cards and forge a signature on them as they please.
A Benefit to the Merchant Instead of the Customer
A customer's signature on a receipt mainly benefits a merchant in that the merchant has documentation proving that someone made a particular purchase. If that card happens to be stolen and the signature forged, the merchant is unlikely to be held accountable for the fraud, even though merchants are expected to verify a customer's signature at the point of sale. Meanwhile, cardholders may be subject to a fee, not to mention the hassle of a fraudulent transaction made in their name.
Some customers believe that writing “See ID” in place of the signature on the back of a credit card is enough to deter a potential thief, but this is only useful if the merchant takes the time to look at that card in the first place. More often than not, customer transactions are completed by the customer themselves, with the credit card never leaving their hand as was once common practice. It's unlikely that a thief who has gotten their hands on a credit card or created cloned credit cards will be stopped by a merchant wanting to verify a signature.
The Security of a Chip Card
EMV cards provide greater security by creating a unique cryptographic key for each transaction that cannot be easily duplicated. However, when combined with a signature, this can still leave cardholders vulnerable to fraud as a signature can be forged. Instead, most developing countries have implemented a chip and PIN process and have seen a significant increase in transaction security. While the back of the credit card should still be signed, customers are expected to use a PIN, similar to a debit card process, to complete their purchase.
Some worry that an additional number to remember can be difficult for some cardholders, but keep in mind that, while a thief can easily forge a signature, they are unable to access a four-digit number that's been committed to memory or jotted down in a secure place.
Card-Present Purchases vs. Online Transactions
Checking for a signature becomes a moot point when purchases move from a physical store to virtual reality. With the increase of online shopping, a signature has little to no relevance to a sale. Instead, security lies in a credit card's CVV number. As long as a thief has not obtained this number, they won't be able to make an online purchase on most sites.
Paper-based signatures can leave a cardholder vulnerable to fraud. In fact, businesses are gradually phasing ink signatures out of many types of transactions. Electronic signatures are becoming more acceptable, especially when paired with two-factor authentication for verification of identity. The authentication process of digital signatures comes in many forms, all of which work toward thwarting the attempts of the determined con artist. The benefits of digital signatures include greater efficiency, lower fees, reduced turnover time, and, most importantly, enhanced security.
Although credit cards are considered “not valid unless signed,” as stated on the back of many credit cards themselves, in today's world of identity theft and credit card information hacks, a signature simply isn't enough to keep your card secure.