Banks continue to ask customers who pay with new credit cards to scrawl signatures on receipts to authenticate transactions instead of entering personal identification numbers, a practice used across much of the rest of the developed world to fight fraud.
Chip-and-pin credit cards, which store data on a microchip rather than a magnetic stripe and produce unique codes for each transaction, have been touted as a solution to credit card fraud. Yet big U.S. banks will hold back on the second layer of security — asking cardholders to enter PIN numbers to clear purchases — asking for signatures instead. Omitting the pin removes a buffer designed to thwart fraud if chip cards are stolen or lost.
Signatures pose obvious problems: People often pay little attention when scrawling them, and they can be forged. And they’re not even used to prove the person presenting a card is actually the one whose name appears on the plastic.
“Traditionally, what the signatures are going to be used for more predominantly is not verification at the time,” says Carolyn Balfany, who leads U.S. product delivery at MasterCard.
In October, the liability for fraudulent transactions will fall on whichever party — the issuer or retailer — has the lesser technology. Issuers will be held liable if fraud involves a card with a magnetic stripe, rather than a chip, and merchants will eat the cost if their payment terminals aren’t chip-enabled.