Digital Signature Risks
If you sign on a digital signature pad, you are
putting yourself at great risk. Your signature, once stored in a
database with millions of others, is likely to be stolen. Once your
digital signature is stolen, it can be sold like credit card numbers
are already. However, your signature, once stolen, can't be easily
replaced. And your signature can be used to forge documents in your
name. Avoid these major risks: Don't Sign On Digital
Signature Pads
Digital Signature Pads
Digital Signature Pads (also called signature capture pads) have
become common in retail stores. At checkouts where customers used to
be asked to sign paper slips, now pads or touch-screens are becoming
common. These digital signature pads capture your signature and in
many cases completely replace paper slips. Your signature may be
printed on a receipt or displayed on the cashier's computer screen.
In all cases, your signature is stored as a digital image in a
computer database. The retailer needs a record of your signature in
order to prove to the credit card company that you were present and
authorized the purchase. ("To provide charge-back defense", in the
language of digital signature technology providers.) The database of
signatures is likely kept in one central location -- it wouldn't make
sense for a company to keep multiple separate partial databases in
different locations. Indeed, promoters of digital technology talk
about large signature databases tied to credit card numbers without
mentioning security at all.
Thefts From Digital Financial Databases
Digital financial databases are tempting targets for information
thieves. Thieves have already made mass thefts of credit card
information. Credit card numbers can be easily canceled and
replaced. However, once your signature is stolen, could you change
your signature? Once a criminal has your digital signature, he can
easily create legal documents that have your real signature on them.
How would you prove that you didn't sign the document? It is your
signature after all.
This is not a hypothetical risk. 40 million credit cards were exposed
to theft at Card Systems in June of 2005. What if they had been
storing digital signatures too? How long before the signature
repository at a large retailer (or the credit card companies
themselves) is stolen? Do you want your signature in the database
when hackers access it? Just don't sign!
Just Don't Sign
You don't have to sign on signature pads. Almost all retailers offer
the option to sign on a paper slip. All you have to do is ask.
Say, "I'd like to sign on a paper credit
slip". Many cashiers know how to do it, some may need
to get a supervisor. You may have to insist. Don't back down!
Remember what is at stake: your signature and your identity! Don't
let hackers have the one piece of information that provides your
unique legal identification.
I have put together a cheat
sheet on how to get a paper credit slip at several major
retailers.
To Retailers: Avoid the Risk of Identity Theft
Retailers, are you considering implementing an electronic signature
capture program? Remember what happened to Card Systems when they
stored lots of vital customer information. The information was stolen
and subsequently they have suffered a major loss of business. Do you
want to face this sort of liability and the chance of bankruptcy?
Avoid storing digital signatures. Your customers will thank you and
your shareholders and investors will appreciate your foresight.
Last modified on 7 Mar 2006 by AO
Copyright © 2024 Andrew Oliver