Credit card signatures, what are they good for?
Tyler Hedrick

Remember that the credit card company's and the bank's ultimate goal is to shift liability for fraud to the retailer or the customer. That's the entire purpose of all of this, even Apple Pay.

The Signature is supposed to be used in case the customer claims "fraud" in order to cheat a retailer out of money. The retailer can say to the bank or payment processor, "No, this person definitely bought said item. See, here's the signature to prove it. Compare it to the signature of other purchases this person has made." Forging a signature also carries additional legal penalties if a thief is caught.

The PIN part of Chip and PIN is not more secure, it was just another attempt to shift liability for fraud to customers. When it was first being rolled out, various governments said they were going to make customers liable for fraud if a Chip and PIN card was used. But then someone proved how damn easy it was to steal PINs from payment terminals. Sometimes using nothing more than a paperclip embedded in the wire used for transmission. The governments then denied the liability shift.

Since then, a number of Chip and PIN payment terminals have had backdoors installed right out of the factory that sent the information to fraudsters. Shell (the gas people) locations in the UK were also compromised.

As the PIN part of Chip and PIN is so easily stolen, there was never any chance whatsoever of the US government allowing fraud liability to shift to customers. That immediately makes Chip and Signature a better choice (not to mention it's been repeatedly drilled in to people's head in the US that you never, ever share your PIN and your PIN should only be used at ATMs or when you want cash back).

But the Chip part of Chip and PIN doesn't really add security. It still sends a credit card number that is usable without the associated cryptogram and without the PIN, so in countries (like Canada) that adopted Chip and PIN, the amount of fraud didn't go down at all. The fraud type just shifted to Card not present fraud.

Also, due to privacy laws, it's not legal in many jurisdictions for retailers to ask for ID if the information on the ID is not used to verify the identity of a person (like with a bank's AVS system) before the purchase is made. Apple was actually sued for this because someone at an Apple Store asked for a customer's ID and the ID wasn't used to verify the purchase. This makes writing "See ID" useless because retailers can't legally check it.

Show your support

Clapping shows how much you appreciated Rosyna Keller’s story.