Signatures, Sergio and standardising the payment experience

According to The Daily Telegraph, “written signatures are dying out amid a digital revolution”. I’m going to miss them. Of course I know that when it comes to making a retail transaction, my signature is utterly unimportant. This is why transactions work perfectly well when I either do not give a signature (for contactless transactions up to £30 in the UK, for example, or for no-signature swipe transactions in the US) or give a completely pointless signature as I do for almost all US transactions.

“Fears are growing that this is potentially leaving people open to the risk of identity theft and fraud as their signatures are more easily imitated.”

From “Traditional signatures are dying out amid digital revolution”.

If I do have to provide a signature, then for security purposes I never give my own signature and for many years have always signed in the name of my favourite South American footballer who plays for Manchester City. Now it turns out that this is sound legal advice, since according to Gary Rycroft, a solicitor at  Joseph A. Jones & Co. it is an increasing problem that people people order things online but sometimes they do not show up so to acknowledge receiving something “I always sign my initials, for example, so I could prove if it wasn’t me” (because, presumably, a criminal would try to fake Gary’s signature).

Untitled

Now the issue of signatures and the general use of them to authenticate customers for credit card transactions in the US has long been a source of amusement and anecdote. I am as guilty as everybody else is using the US retail purchasing experience to poke fun at the infrastructure there (with some justification, since as everybody knows the US is responsible for about a quarter of the world’s card transactions but half of the world’s card fraud) but I’ve also used it to illustrate some more general points about identity and authentication. My old friend Brett King wrote a great piece about signatures a few years ago in which he also made a more general point about authentication mechanisms for the 21st-century, referring to a UN/ICAO commissioned survey on the use of signatures in passports. A number of countries (including the UK) recommended phasing out theme-honoured practice because it was no longer deemed of practical use.

Well, signatures have gone the way of all things. In April, the US schemes stopped requiring signatures.

They were sort of defunct anyway. According to the New York Times, Walmart considers signatures “worthless” and has already stopped recording them on most transactions. Target has stopped using them too. I completely understand why, but to be honest I think I’ll miss signing for purchases in America.

Money 2020 Signature

No more signing Sergio Aquero for US credit card transactions, hello to signing Sergio Aquero for the Amazon lady who calls at my house with monotonous regularity.

If you are interested in the topic of signatures at all, there was a brilliant NPR Planet Money Podcast (Episode number 564) on the topic of signatures for payment card transactions a couple of years ago, in which the presenters asked why were we still using this pointless authentication technique.

Ronald Mann (the Colombia law professor interviewed for the show) noted that card signatures are not really about security at all but about distributing liabilities for fraudulent transactions and called signatures “eccentric relics”, a phrase I love. His point was that the system doesn’t really care whether I sign my transaction Dave Birch or Sergio Aquero: all it cares is that it can send the chargeback the right way (bank or merchant, essentially) when it comes in.

In addition to the law professor, NPR also asked a Talmudic scholar about signatures.

(The Talmud is the written version of the Jewish oral law and the rabbinic commentary on it that was completed in its current form some time in the fifth century. There are two parts to it: the oral law itself, which is known as the Mishnah, and the record of the rabbis arguing about it and what it meant, which is known as the Gemara.)

The scholar made a very interesting point about the use of these eccentric relics when he was talking about the signatures that are attached to the Jewish marriage contract, the Ketubah. He pointed out that it is the signatures of the witnesses that have the critical function, not the signatures of the participants, because of their role in dispute resolution. In the event of dispute, the signatures were used to track down the witnesses so that they can attest as to the ceremony taking place and as to who the participants were. This is echoed in that Telegraph article, where it notes that the use of signatures will continue for important documents such as wills, where a witness is required.

(The NPR show narrator made a good point about this, which is that it might make more sense for the coffee shop to get the signature of the person behind you in the line than yours, since yours is essentially ceremonial whereas the one of the person behind you has that Talmudic forensic function.)

The Talmudic scholar also mentioned in passing that according to the commentaries on the text, the wise men from 20 centuries ago also decided that all transactions deserved the same protection. It doesn’t matter whether it’s a penny or £1000, the transaction should still be witnessed in such a way as to provide the appropriate levels of protection to the participants. Predating PSD2 by some time, the Talmud says that every purchase is important and requires strong authentication.

So, my interpretation of the Talmud is that it is goodbye to contactless and goodbye to stripe and goodbye to chip and PIN and hello to strong authentication (which may be passive or active) and secure elements: we have the prospect of a common payment experience in store, on the web and in-app: you click “pay” and if it’s for a couple of quid the phone will just figure hey it’s you and authenticate, if it’s for a few quid your phone will ask you to confirm and can use your finger or your face and then if it’s for a few million quid you’ll get a callback for voice recognition and a retinal scan. The same purchase experience for everything: the cup of coffee and the pair of shoes and the plane ticket. It turns out that once again we can go back to the future in the design of our next retail payments system.

Which emergency service? Digital Champion please.

Yet more speed camera misery in our house. 50 in a 40 at 12.30pm on a deserted stretch of well-lit road near Guildford. But hurrah! A form arrives saying that as a means to rachet up middle-class motoring taxation a notch further, my good lady wife can opt to go to on speed awareness course and thus get off of the points. We fill out the form — name, address, driving licence number and so on (every single field on the form was something that they already knew) — and send it back.

A couple of weeks later, we get another letter, saying that they have not yet heard from us and that if they don’t hear from us then my good lady wife will be fined and “pointed”. So I set about filling in the same form yet again. Why can’t I do this online? The missive from the “Safety Camera Partnership” has a unique reference number, after all. There’s no phone number on either the form or the covering letter, so they clearly don’t want us to phone up, but there is a URL at the bottom of the letter so, hurrah, I assume I can deal with the issue online.

But, of course, there is nothing remotely transactional about the site. You can’t fill out the form online (and I’ll bet a pound to a penny that on the twentieth anniversary of the founding of Netscape on 4th April 2014, you still won’t be able to) although you can, in a nod to the 21st century, download the forms to fill out. Digital Britain at its finest: a pretty web site that cost zillions to build and but unable to execute any useful work at all. Isn’t this the sort of thing our Digital Champion is supposed to be doing when she’s finished teaching a fifth of the population to read so that they can use websites?

 

In the future, everyone will be famous for fifteen megabytes