The eradication of the humble signature to authenticate card transactions could deprive investigators of vital forensics to protect consumers from fraud, IT security experts warn.
Richard Boddington, visiting fellow at the Centre for Forensic Research at the University of Western Australia said that consumers often face a difficult task to convince banks that they’re fraud victims.
Removing the signature could make that harder, he argued.
“A signature does actually provide extra evidence - traditionally good evidence – of forgery, particularly if you have a copy of the transgressor’s forged signature, because you can compare it with what you’ve got on the card,” Boddington said.
He conceded, however, that unlike bank employees, point of sale staff were not trained to detect forged signatures and that its strength as a security measure had eroded over time.
The use of signatures for credit and debit card transactions will be phased out from Friday.
Mr Boddington was commenting on the development on behalf of the Australian Science Media Centre alongside RMIT University information security specialist, Associate Professor Asha Rao.
Professor Rao said that the mandatory use of PINs would improve security.
“As you’d all know most check-out persons rarely check the signature. The important thing then is the PIN is secret,” she said, pointing out that the signature has traditionally been written on the back of cards.
Boddington was critical of banks and financial institutions’ traditional attitude to protecting their customers from fraud.
“I don’t think that four-digit PINS or six-digits is really sufficient, and financial institutions have been a little mean spirited right from the outset back in the '60s. They don’t want to upgrade security. To update it from four to six is costly,” he said.
Boddington said that banks should consider introducing a basic biometric factor to card security in the form of photo identification.
“You don’t have to be trained to tell whether the picture on the card is the person who has got it in their hand,” he explained.
Mobile phones - another barrier to fraud convictions
Security experts have argued that the use of near-field communication (NFC) chips in mobile handsets could result in security improvements, as mobiles can be deactivated if lost.
However, Boddington who has worked on defence investigations said that there could be a sting in the tail for computer forensic specialists if this were to eventuate.
“I’m pulling my hair out trying to find what’s on an Apple 4S phone and above. We’re having difficulty doing a data dump from it. With mobile phones just collecting the evidence is problematic yet they’re used increasingly for all sorts of nefarious activity,” he said.
Boddington when pressed on whether authorities had sought Apple’s cooperation with gaining access to handset data said that the problem applied to a wide variety of manufacturers’ phones .
He said that while such devices were becoming more and more the choice for criminal activity, forensic experts were “playing catch-up”.
“The devices are becoming more secure but they’re not forensic-friendly. We can’t force a vendor to do anything,” he said.