Signature Authorization is Stupid Security

By Robert Siciliano | Dec 9, 2009 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/signature-authorization-stupid-security

Ever forge your husband's signature? Wife's? Parent's? Client's? Do you think the clerk behind the counter at Walmart is skilled in handwriting analysis?

I've always viewed a signature as a totally ridiculous form of authentication and a total waste of my time. Signing my name has always been burden and a frustrating task.

Nobody seems to know when a handwritten signature became a form of authorization. From what I can gather, it seems the modern signature was born when kings signed declarations.

"The fact is, a handwritten signature provides zero proactive security. The way I see it, signing your name to any document ultimately assigns liability.”


Robert Siciliano
IDTheftSecurity.com

Eventually, villagers began signing their names to acknowledge accountability. So the signature was born during a time when we had kings and queens, moats, wizards, and dragons. And we continue to rely on this today.

Not too smart.

My signature has evolved from a time intensive, physically demanding, well thought out, legible spelling of my first name, middle initial, and last name, to a first initial, middle initial and last name, then to a quick scribe of what might look like an R, and S, and a squiggly line in place of my last name.

Today, my signature tends to be a straight line. Who the heck came up with electronic signature pads? Stupid!

Between my driver's license, credit cards, checks, e-signature pads, and whatever contracts I fill out on a yearly basis, my signature is completely different on each document.

Total inconsistency.

I spoke with Robert Baier, a forensic document examiner and handwriting analysis expert, and told him about my inconsistent signatures.

Between his facial expression, shaking head and other body language, and his verbal response, I got the message that this is a bad thing.

Bob is what I call the "Document Whisperer.” He has savant-like talents and can size a person up by their signature. Which means I probably disturb Bob.

I don't really care about a signature. I don't know if it's because I find handwritten signatures so ridiculous or because I'm lazy with this task.

The fact is, a handwritten signature provides zero proactive security. The way I see it, signing your name to any document ultimately assigns liability.

If someone signs your name to a check and you call the bank and say it wasn't you, they look at the signature and determine whether it's yours or not. From there they assign liability.

That's dumb.

Other than at the teller line, most banks don't actually view signature cards until there's a problem. Same with credit card issuers etc.

There are a few companies that actually have given validity to the handwritten signature.

One such company is Orbograph, an image-based fraud detection company north of Boston that actually looks at previous signatures and recognizes potential document fraud before loss occurs.

If we are going to rely on signatures, this type of technology needs to be implemented everywhere. Many smaller credit card purchases no longer require a hand written signature.

Visa recently announced it would mandate a move to chip and PIN technology for all Australian Visa cardholders over the next four years, with signatures no longer accepted at the check-out by 2013.

This means all card holders will have a password, as opposed to a signature.

Even though passwords aren't all that secure to begin with, a signature is even less secure, unless of course we provide the signature some credibility by implementing image-based fraud detection system-wide, or putting guys like Bob in a booth in every business district on the planet to review the legitimacy of the signature.

That ain't happening. Yet we have plenty of coffee shops on every corner. Seems like our priorities are a bit skewed.

Because the system is insecure, you must protect your identity.

Get a credit freeze. Go to ConsumersUnion.org and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.