Endpoint: The Networks’ Signature Charade

The Networks’ Signature Charade

The card brands should stop pushing signatures and start working with merchants to implement effective authentication, says Mark Horwedel.

Merchants view the EMV migration as an opportunity to eliminate an outdated process that inflicts billions of dollars in damages on consumers and merchants.

Few things ruffle the feathers of many large merchants more than the card networks’ preference for, or even tolerance of, signatures as a means of cardholder authentication.

Merchants want real ways to authenticate cardholders at the point of sale, and it’s up to card networks to require that issuers arm cardholders with real passwords for these products. For example, Apple allows customers to enable a four-digit PIN that only they know in order to access their smart phone or tablet. That’s real security. But the card networks have yet to require banks to enable the same security features on their plastic card products. Instead they rely on signatures, which can easily be forged.

Many of my colleagues and I used to condemn signatures as “worthless.” Now we find ourselves saying signatures are “worse than worthless.” Here’s why:

– They provide no value in validating the identity of the cardholder at the point of sale. Federal Reserve data show PIN-protected transactions are seven times more secure than those authenticated with a signature.

– They cost merchants millions of dollars by taking up precious time at the point of sale, by virtue of merchants having to buy signature-capture hardware and software, and by affording issuers a wide range of excuses to charge purchases back to merchants.

– And worst of all, they imbue cardholders with a false sense of security, since cardholders think they are actually doing something to protect their purchases when they sign their names. What they’re really doing is protecting the bank’s profits.

It’s high time the card networks developed a real means of authentication instead of continuing to pretend signature authentication has value. It’s also time to engage merchants in a meaningful way (not simply in an advisory role) to assist in developing a solution to the problem.

They Know It’s Useless

Signatures gained their place in the card-purchase routine through the card networks simply mimicking the practices associated with check acceptance. In the early days of the card business, cardholders signed their names on flatbed imprinters that captured the essential data necessary for manual input by hordes of workers keying in transactions for batch processing.

Card issuers presumably validated the signatures by comparing the signature captured on the imprinted document with the signature-on-file for the account. Of course, banks rarely followed this process, just as they almost never compare the signatures on checks with those on file.

Indeed, the networks know signature authentication is useless. Which is why, in other markets like Europe, Canada, and Australia, they have moved to PIN authentication. In Australia, they even ran a sweepstakes called “PIN2Win” to promote a coming PIN mandate in that country. That’s right, the networks are promoting signature in the United States while prohibiting it in Australia!

Yet while nearly everyone concedes that the signature requirement does nothing to deter fraudsters, the networks in the U.S. continue to hang on to this relic. Why?

I’d suggest there are several important reasons. First, as previously mentioned, the signature requirement leaves the transaction subject to the antiquated chargeback processs, resulting in value transfer from merchants to issuers. Merchants are already familiar with how issuer-friendly, outdated processes and policies are retained well beyond their useful lifespan by another example, card-not-present rates.

Second, many issuers and some networks apparently don’t have the technical capability to process PINs for credit card purchases, a fact they’ve been hiding since it illustrates how technically outdated their systems are.

Third, the large incumbent networks profit from additional debit volume, which only they can process, when the cardholder uses a signature instead of a PIN. If they did away with signature, they would do away with this inherent advantage. This helps explain the networks’ preference for so-called chip-and-choice (which really means chip-and-signature) over chip-and-PIN, despite the fact that they are well aware of the superiority of the latter.

Finally, only issuers with $10 billion in assets or higher are subject to federal debit-interchange regulations, meaning signature debit continues to generate twice the interchange revenue of PIN debit for exempt issuers.

Meaningful Dialog

No wonder many merchants are increasingly frustrated with the networks’ insistence on harmful signature authentication at the POS. Merchants’ concerns are heightened by the U.S. migration to EMV (Europay-MasterCard-Visa) chip cards, since they view this costly migration as an opportunity to at least eliminate an outdated process that inflicts billions of dollars in damages on consumers and merchants.

Merchants believe the migration to EMV should be leveraged by developing a real means to authenticate cardholders at the POS, and actually prevent fraud. Most believe enabling PIN on all financial products is the obvious choice, especially since chip-and-PIN is the global standard.

All parties should work to agree on an approach to cardholder authentication. Enabling this security on credit and debit cards is an issuer and network responsibility. Merchants, in turn, are responsible for implementing these authentication solutions in their stores—something merchants have consistently proven their willingness to do.

It’s time for the card networks to engage merchants in meaningful dialogue to further the goal of solving for cardholder validation at the POS. A good first step? Stop pretending signature provides any value at all. Require issuers to provide payment guarantee, with no chargeback rights, on all purchases authorized by the issuer. If an issuer doesn’t enable a secure authentication solution, that issuer should bear the cost of that decision.

Mark Horwedel is chief executive of the Merchant Advisory Group, Minneapolis, Minn. Reach him at mark.horwedel@merchantadvisorygroup.com.