Security features that are not

Categories: Wormie Says

Much has been said about Credit Card and Debit Card security in the newpapers recently. I feel that there is no security at all. I am not talking about the security at the vendor side which I am sure have multiple layers of security to prevent breaches into the computer system. What I am saying is the security at point of sale (POS). This can be either physically present to sign on the receipt or anonymous online transactions.

When you first get your credit card, you are asked to signed on the back. Below the strip where you are supposed to signed has a caption which states "Not valid unless signed".



When payment is made with a Credit Card, an imprint will be made of the Credit Card. If the POS uses electronic printout, card information will be obtained from the magnetic strip data. Whichever method used, the receipt will provide the following informations - the card number, the expiry date and the name. When you signed on the receipt, this signature is checked against the signature found at the back of the card. Therefore the Credit card that you hold in you hand has all the necessary information to make a transaction. There is nothing cryptic nor private.

Anyone who had gotten hold of your card, could have learn how to forge your signature - a sample is available at the back of the card!. And when this is checked against the signature at the back of the card at POS, of course they match. The checking of the signature is at best done cursorily, generally minor discrepancy is ignored. The incident as related by The Credit Card Prank is also not unheard of.

Online transactions are even more prone to fraud. Here the card is not even needed. What is needed is a copy of receipt. Generally online transactions only asked for the credit card number and the expiry date. This can be clearly seen on the receipt. Some paysite require the use of the Card Verification Number found on the back of the card. The use of this 3-digit number give a slight security as this number is not found on the receipt. However there is nothing to stop unscrupulous cashier from copying the number for use at a later date.

The above illustrations show how easy it is to commit fraud just by using what is available on the receipt and the card. Therefore whatever 'security' mentioned by card company is clearly non-existent on the part of the cardholders.

Because of the ease to commit fraud, the onus of security lies squarely with the cardholders. This site gives a fairly comprehensive advice on credit card security.

What can issuing banks do to prevent fraud using the above methods? One is Photocard, as introduced by Citibank. This is a type of credit card with the customers photo embossed. This will largely prevent forge signature being used. The face and photo will be the key to authenticity. Photocard should be made standard issues. Secondly the use a PIN on top of the signature for authentication, as practised overseas. Although this two-tier security check is inconvenient, this does provide added security feature especially when use for online transactions.


When such simple means can be used to commit fraud, one wonders why there are so few fraud committed. So Singaporeans are still very honest after all.


Interesting links:
Anatomy of Credit Card: http://www.merriampark.com/anatomycc.htm
History of credit card: http://www.didyouknow.cd/creditcards.htm
The Credit Card Prank: http://www.zug.com/pranks/credit/
Credit Card security: http://www.whatprice.co.uk/financial/credit-card-security.html