Post #39,653
5/23/02 12:54:15 PM
|
I got it, but it doesn't make sense
Since the merchant is the one on the hook for fraud, you would think they would be interested in instituting real security policies that have some chance of working.
Until about two years ago clerks rarely checked the back of the card. It's becoming more common that they do. But in ~15 years of using credit cards, I have never had anyone check the signature against one on another ID or on file. Checking that it is signed, without then verifying that signature against anything, is completely worthless.
And you're right that the USPS would be unsympathetic. They kept a copy of the policy right there next to the register. From the fact that they did, and from the badly dog-eared condition of it, they seem to pull it out to show people fairly regularly. Shouldn't this eventually indicate to someone that there's a problem?
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #39,725
5/23/02 7:47:05 PM
|
It makes perfect sense to me
Here is my theory.
It, despite being apparently nonsensical, arises from a rather sensible dynamic. Very similar to one we bitch about in software.
Well-run companies attempt to reduce costs and maximize revenues. That means that any area of the business that is a cost center gets shortchanged, and companies try to avoid paying them, and shove as much liability for it as they can off on others. And if those others see that business as the price of doing business, they will swallow the pill.
Software companies do that with security (which is one reason their software sucks) and shove things off with their warranty disclaimers. Credit card issuers do the same thing, and shove liability (eg fraud cost) to merchants.
As for the merchants, if they don't accept credit cards, they lose a lot of business. The credit cards aren't giving them a choice, they either accept the deal as is or lose customers. If someone came out with a better designed credit card, what would happen? It would cost more to implement, no customers would use it, and so no merchant would accept it. With no merchants accepting it, no customer would want to use it and...shit.
So credit card companies have little liability or motivation to pursue real solutions. Merchants have no leverage. So merchants accept credit cards and swallow fraud as a cost of doing business.
What do you think?
Cheers,
Ben
"... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything."
--Richard Feynman
|
Post #39,795
5/24/02 9:15:16 AM
|
You've made me realize my mission
So credit card companies have little liability or motivation to pursue real solutions.
My mission, then, is to increase the rate of fraud to the point that it's economicaly viable to implement a better solution.
Mwah
Mwuaha
MmmmmmmmWAAAAAAAAAhahahahahahahhaa
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
Post #39,885
5/25/02 12:13:52 AM
|
A profitable mission...
Until someone realizes that it is cheaper to track you down and put you in jail than to change their business model.
:-P
Cheers,
Ben
"... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything."
--Richard Feynman
|
Post #39,765
5/24/02 12:38:46 AM
|
Two problems.
The fact that there is a dog-eared copy of the policy sitting right next to the register won't get very high. The employees who know usually aren't able to get the attention of whoever should care about this. Put another way, there are too many layers of management between those who know and those who should know. If the USPS is still wholly owned by your Federal government, you could go bug your local Federal Congressman about it, I guess.
The other problem is unsigned cards - how do you control that? If the USPS was serious about controlling fraud via unsigned cards, they would have their own database of unsigned cards and refuse to honour them even after they're signed unless they check a signature another way. This, of course, is a considerable undertaking! Another way to battle that is for card issuers to require a visit in-person to pick up a card at which point you must sign it or they won't enable it. Unfortunately, this would put the onus on the card-issuers for fraud and theft, which, as everyone knows, they are most unwilling to take on.
Out of curiosity, I've been watching for when clerks doing an Amex transaction compare my signature with that on my card. AFAICS, most of them don't. I think it might be time to move away from hand-written-signature verification technology, but the prospective replacements do not seem to be inspiring confidence in their privacy and security qualities.
Wade.
"All around me are nothing but fakes
Come with me on the biggest fake of all!"
|
Post #39,890
5/25/02 8:35:01 AM
|
I'm not sure I understand the problem(s).
Hi,
I'm entering this thread a bit late, I know...
Many CCs have an additional 3 or 4 digit number on the back that the clerks have to enter when they process your purchase. Its on the same strip that holds your signature, or note, so they have the opportunity/need/etc. to see your signature at the same time. I think it's there so that phone/web purchases can't be made with CC numbers stolen from a receipt (as the 3 or 4 digit number won't be there).
I agree with Karsten's post that said CC companies are pretty good at detecting unusual activity. A few months ago I discovered that a Visa Checkcard is not "just like a check". I needed to buy gas and stock up on groceries one evening. It turned out that the groceries came to about $305. I tried my Visa Checkcard (ATM card) that I always use, twice, and each time it was denied. I knew it wasn't a balance problem, so I just wrote it off as a glitch and used a credit card. The next morning I got a call from Discover asking me if I bought gas and groceries the previous night. (My ATM purchase was denied because my bank has a $300/day ATM limit and it apparently applies to the Checkcard even though I wasn't getting cash. Seems like a stupid policy to me.)
As I understand it, the purpose of having a person sign their credit card immediately is primarily so that you'll indicate you accept the terms of the contract. It's the vendor's responsibility to make sure that you're the person who signed the card (as with a paper check). Drew, if you're wanting to have the merchants check your card against a photo ID, wouldn't it be simpler to get a CC with a photo already on it? I know it's available with many of the big national cards.
I've recently had a clerk at PetSmart check my CC against my drivers license - I agree that it's very rare. But checking out of most stores I frequent is slow enough as it is - I'm sure that stores would lose business if they required more checking of IDs for purchases (unless, of course, it was uniform). I don't know how much stores lose from CC fraud compared to "shrinkage" (theft), returns, etc. Perhaps it's not something that most stores regard as a huge problem compared to other losses.
I don't quite understand Karsten's objection to signing with a light pen, loss of control of biomarkers, etc. His photo has been all over the web for years. :-) Written signatures can be scanned. Telephone and web purchases can be made without signatures, etc. And I don't know about him, but my light pen signature hardly looks like my "real" signature (which also varies at tiems) so if it were misused it would be fairly easy to argue that it was invalid. I feel (a little) better about using a light pen than signing a slip.
My $0.02.
Cheers,
Scott.
|
Post #40,171
5/28/02 11:30:19 AM
|
There's something I hadn't thought of
As I understand it, the purpose of having a person sign their credit card immediately is primarily so that you'll indicate you accept the terms of the contract.
Now this actually makes sense. Although it doesn't explain why it's listed on their own site as a security measure.
===
Microsoft offers them the one thing most business people will pay any price for - the ability to say "we had no choice - everyone's doing it that way." -- [link|http://z.iwethey.org/forums/render/content/show?contentid=38978|Andrew Grygus]
|
