Signatures suck. At best, they’re a waste of time, and at their worst, they offer a false sense of security.
I’m not talking about that blurb on the bottom of an email containing a joke, quip or quote or meaningless unenforceable legal disclaimer, but a pen to paper, might-be-worth-something-if-I-get-famous John Hancock.
Cashiers don’t confirm them when using a credit card, this is easily tested — Write “Homer Simpson” on the signature line of a Visa receipt and see if anyone notices. Even the ones that make a big show of comparing your receipt to your card don’t notice, it’s robotic, and like most things in the security world, it’s theatre.
Even more useless are signatures on faxes. I regularly fill out or create documents electronically which I am supposed to print, sign, and then either fax or mail to a company. I don’t. I have a scanned copy of my signature which I can insert into a document before printing or faxing, and haven’t once been called on it — Why would I be, it looks completely legitimate to the recipient.
And that, right there, is the problem. How is the recipient supposed to verify that the signature belongs to me? If it can’t be authenticated, how does the recipient know it’s authorized? And if it’s not authorized, what good is it?
With 15 minutes to dummy up letterhead you can get ownership to all sorts of things, from domain names to packages at the post office to using someone’s credit card, or occasionally, even initiating a wire transfer.
Cheques are not verified, unless the cheque is large or otherwise suspicious an unsigned cheque will go through without any pain — Sure, you could dispute it, and probably get your money back, but a smart thief would be long gone before anyone noticed.
Now admittedly this is not a trivial problem to solve, and in fact it would probably take multiple layers depending on the value of the transaction, whether or not the parties are able to connect physically, and the likelihood of fraud.
Fast food is starting to get it right, no signature required for small purchases.
Some stores always ask for identification for credit card transactions, but rarely ask you to remove your ID from your wallet — Even Alberta’s rather impressively difficult to modify or reproduce, polycarbonate laser engraved identification cards defeated if the clerk isn’t paying attention — Just paste a new picture on top and no one will notice IF the card is only inspected through a plastic holder inside a wallet. I’ve yet to be asked to remove the card from my wallet anywhere except when applying for a passport.
Weird that we trust a signature so implicit, is it not?