Why are signatures still valid identification?

[Insectoid]

Seriously- signatures as identification is retarded. It's so easy to replicate a signature to generate false positives, and changing signatures over time can lead to false negatives. Take a credit card, for example. The only verification that you are the owner of the card you present is the signature. If it matches the signature on the receipt, the transaction goes through. If your credit card is stolen, and you don't cancel it, well, your signature is on the card. It takes less than an hour to replicate the signature. Then again, most cashiers don't even bother checking it. Similarly, a cashier can look at your signature, see that it's different, and cancel the transaction. Doesn't matter if you own the card or not; maybe you're tired that day, maybe you're drunk, and your signature is not the same. A nit-picky cashier can just stop you from buying anything (though once again, most cashiers won't even look at it). Why don't credit cards have PINs at the very least? They aren't 100% secure, but they're far, far more reliable than a signature.

More importantly, cheques. I opened a new account at a new bank recently, and wrote a cheque to myself, from my old bank, to my new bank. My old bank's copy of my signature is five (nearly six) years old. It looks nothing at all like my current signature. Will it get declined, because the signatures don't match, even though it's a cheque, from myself, to myself? What about the cheque I gave my friend? I assume signatures on cheques often don't match, so banks probably ignore it. In this case, if someone got a copy of one of my cheques, scribbled some shit on it and a really big number and cashed it, it would likely go through. Then what? We've got the technology to fingerprint cheques. Afaik, fingerprints don't change over time, and you could always update your fingerprint at a branch if something happens to your finger. The odds of someone with a close enough match to your fingerprint to authenticate a transaction acquiring one of your cheques is pretty slim.

Back in high school, I had to leave class early one day for a dentist appointment. I had a note from my mother, with her signature on it, saying I could leave class early. My sister also had a note, for the same reason. The signatures on the two notes didn't match, and neither matched the school's copy of my mother's signature. My mom was literally just outside the school doors waiting for us, and the secretary had to go outside, and bring her in to manually tell the secretary (back in her office) that I and my sister were to go to a dentist appointment, before we were let out. I'd never skipped class (well, I often go notes from a particular teacher excusing me from class to help him with stuff, that he later cancelled but I used the notes anyway) and neither had my sister, yet we were detained because the secretary (who knew both of us well) thought we were skipping.

So tell me, why do we still authenticate with signatures? Why are there no PINs on credit cards? Why do cheques have such lax security (well, personal cheques aren't often used anymore, but the security is still important). Why are such obvious flaws yet uncorrected?

[ProgrammingFun]

Insectoid @ Sat May 28, 2011 8:20 am wrote:

So tell me, why do we still authenticate with signatures? Why are there no PINs on credit cards? Why do cheques have such lax security (well, personal cheques aren't often used anymore, but the security is still important). Why are such obvious flaws yet uncorrected?

Credit cards do have the PIN and chip system now so they do not require signatures in compatible cashiers.
I guess we still use signatures more as a convention than any new security...everyone has grown used to them...and anyways, even if someone replicates your signature, you can always find a fraud through you bank statement/credit card bill. And I'm guessing that the new NFC systems in phones will help in ushering out the signature era.

But then again, every security measure has its exploits...

[md]

The signature is not a form of identification, and it never was. It's just security through mind share at it's best.

When you buy something using your credit card the credit card company's computers do some statistical analysis of your past purchases and attempt to decide if the new purchase is out of the ordinary. If it is they call you, if not they let it go through.

If you *didn't* make it then when you dispute the charge they'll perform an investigation where they might check the receipt (they might not) and if they decide that you didn't make the purchase they issue a charge back to the store (aka the store refunds your money). Stores actually have to pay for charge backs and if they get too much then the credit card companies will stop doing business with them.

You'll notice that at no point does the credit card company stand to lose money through fraud in this system. In fact, they make money even when fraud occurs! That's why there is no significant effort to perform any real identification.

With the chip and pin system the goal is to shift the cost of fraud onto you, the consumer. Because you are required to both have your card and know your (secret) PIN, if a purchase is made with both it *must* be valid as the system is "completely secure". You face a much harder struggle getting a chip and pin transaction reversed. Unfortunately the chip and pin technology is really quite easy to break (especially since you can use it *without* the pin!) so you as a consumer are now basically screwed.

[Insectoid]

Even other things, such as OSAP forms, require just your photo ID, SIN card, and signature to fill out. If someone steals your wallet at the beginning of the semester (and you keep your SIN card in it for some reason) they could, theoretically, fill out the form and have funds sent to their own account.

Then again, I don't know how much authentication is done on OSAP's end besides the forms.

I guess it it just a convention now though. Needless extra paperwork, in my opinion, and it's time to completely phase out signatures.

[mirhagk]

See the reason we still have this is the same as the reason why we still have gasoline cars, why we still have people driving cars at all for that matter (a central server driving cars has been proving to be much safer, faster and more reliable).

The reason is that it's VERY difficult to change a standard.

Actually the chip and pin system is handling it the best right now. Have both on a card, and force people to use the chip if the machine can handle it. Then in a couple years, every machine will, and cards can finally be printed without the magnet stripe at all, which is the biggest flaw with them.

Or we can simply have manditory chips implanted in everyone, that could ID you. Actually pretty much a perfect solution, except too many people hate the government, and believe that everything is a conspiracy.

[Tony]

mirhagk @ Sun May 29, 2011 1:13 pm wrote:

Or we can simply have manditory chips implanted in everyone, that could ID you. Actually pretty much a perfect solution, except too many people hate the government, and believe that everything is a conspiracy.

I think I would prefer to not be chipped for reasons other than "hate" or "conspiracy". Privacy and autonomy would be on top of that list. Also, you are forgetting about unchipped foreign tourists.

[mirhagk]

Yeah of course, but a chip could also be carried in a card or something, allowing temporary chips to be "borrowed" by tourists. And how would it impede privacy? It'd simply be a ID chip, giving off a number, that could be linked to if someone has access to the system. The person invading your privacy would not access to the system of ID's as well as your individual ID.

Of course this would never actually work, it's a theoritical thing, there's too many objections to it, you have to admit though, it's pretty much the safest way to do identification, as you'd need to surgically remove your chip, and add a different one, in order to steal an identity.

I guess a finger print scanner or eye scanner could work too lol, but either way, very few people would agree with it.

[Tony]

mirhagk @ Sun May 29, 2011 2:49 pm wrote:

as you'd need to surgically remove your chip, and add a different one, in order to steal an identity.

That just raises the cost, but also the expected gain (if possession of a chip is more likely to authenticate an identity than a stolen wallet). This might simply encourage more violent crimes (you don't need a surgeon to cut out an under-the-skin chip).

The "borrowed" external chips bring us right back to the physical ID cards though.

The privacy issue is that every scan links your physical self to a location at time + possibly action (lets say every purchase), at a single centralized system. You could argue that CC purchases and Passport scans record the same info now, but those are separate systems. As well, I get IDed to get into bars/clubs (for age), but that info is not recorded -- it would if a chip scan was to go through a centralized authentication server.

[ProgrammingFun]

mirhagk @ Sun May 29, 2011 2:49 pm wrote:

I guess a finger print scanner or eye scanner could work too lol, but either way, very few people would agree with it.

That is our built-in chip identification system . They are developing technology like that (I believe).

[md]

ProgrammingFun @ 2011-05-29, 3:05 pm wrote:

mirhagk @ Sun May 29, 2011 2:49 pm wrote:

I guess a finger print scanner or eye scanner could work too lol, but either way, very few people would agree with it.

That is our built-in chip identification system . They are developing technology like that (I believe).

It's also the most stupid. Get your biometrics stolen and all you can do is... what? Change your finger print? Get new eyes? Biometrics is a horrible system for authentication. It's ok for identification in limited circumstances but that's it.

The best bet is to not rely on technology to solve social issues.

[mirhagk]

It's actually a really good debate, as no system truly does prevent identitiy theft. And as for the privacy issue, I dunno personally I'd rather them be able to check where everyone is (obviously it'd require a search warrant), but if I go missing, they'd know exactly where I was last, and if I ever showed up on the grid again they'd know. It would also work for criminals (some, again some would be smart enough to cut it out or w/e but in my personal experience, it ain't the smart ones who become criminals).

Again, no system is perfect, but it is probably one of the best theoritical systems. The biggest issue is of course cost, but chips are placed in dogs all the time, and for not extrememly expensive I believe.

[Tony]

mirhagk @ Sun May 29, 2011 9:50 pm wrote:

(obviously it'd require a search warrant)

Naive. FISA act allows for warrantless wiretaps, which are also kept secret.

http://www.aclu.org/blog/national-security/fbi-if-we-told-you-you-might-sue-1 wrote:

This particular example is for the States, but they also seem more likely to attempt to implement an authoritarian surveillance / authentication schemes, than Canada.

[Insectoid]

Quote:

it ain't the smart ones who become criminals

Ever watch Masterminds? Some of the brightest people in the world became the most prolific thieves.

[2goto1]

Signatures are overrated, but I don't think that they're used as a sole form of id for anything financial, id, or government based.

In other scenarios a signature is really all you need, although those scenarios are not the same as proving your identity. For example, if you need a prescription, you present the pharmacy with the doctor's prescription paper. Or if you have to be absent from high school, you present the school with your parent's letter. Those scenarios are easier to fake.

To me the larger issue is being able to fake a prescription. It seems that anyone could in theory write a prescription for a drug that could kill them. Perhaps one day higher security measures will be put in effect that reduce the chances of that occurring.

[md]

mirhagk @ 2011-05-29, 9:50 pm wrote:

It's actually a really good debate, as no system truly does prevent identitiy theft. And as for the privacy issue, I dunno personally I'd rather them be able to check where everyone is (obviously it'd require a search warrant), but if I go missing, they'd know exactly where I was last, and if I ever showed up on the grid again they'd know. It would also work for criminals (some, again some would be smart enough to cut it out or w/e but in my personal experience, it ain't the smart ones who become criminals).

Again, no system is perfect, but it is probably one of the best theoritical systems. The biggest issue is of course cost, but chips are placed in dogs all the time, and for not extrememly expensive I believe.

A) while your average car thief might not be the brightest, those who do computer crime and fraud do tend to be rather intelligent.
B) Relying on personal experience is just about the stupidest possible way of coming up with a policy position imaginable.
C) Require a warrant? HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

Have you not been paying *any* attention to the actions of world governments and their intelligence agencies? Do you honestly not think that they would either write a law saying they don't need a warrant (see Canadian crime omnibus bill) or simply demand the information? Hell, the intelligence agencies hire smart people, they could simply get a plant hired and write in a back door for access. If the information is out there they *will* get it without oversight.

If you want your location tracked at all times then feel free to carry a GPS tracker with you, but don't force your own misguided ideals upon the rest of us.