Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> stores would pull out the credit card imprint machines, but those don't work anymore because cards are flat

It's the other way around: Cards are flat because a carbon imprint doesn't afford the merchant any payment guarantee by the card issuer anymore anyway. (In other words, the "floor limit" above which cards require electronic authorization is now zero.)



At that time merchants probably still checked the signature on the back of your card against your signature on a bill. These days nobody bat an eye when I use my unsigned card. I guess at that time a matching signature would give the merchant enough confidence to process the card offline.


The merchant's confidence is irrelevant if it's not backed by a guarantee of the scheme (effectively forcing the issuer) to pay even in case of fraud.

The people operating these imprinters are sales clerks and waitstaff, not graphologists or experts in detecting altered physical credit cards. The sophistication of fraudsters has also advanced, and as a result, a system that might have been good enough in a pinch 20+ years ago isn't necessarily good enough today.

That said, in my view there's no excuse to not leverage the physical chip present on effectively all credit and debit cards these days, which is technically capable of making limited autonomous spending decisions even with both the issuer and terminal offline in scenarios like this. It probably won't happen without regulatory pressure, though.


IIRC tapping credit cards on London’s underground turnstiles use offline chip authorization to avoid delays.


It uses offline authentication (i.e. checking whether the card is authentic), but not authorization (i.e. whether it’s funded, not stolen etc.)

Unfortunately, too many cards, and all mobile wallets, don’t support offline authorization for that to be viable.


I started signing my cards with an all caps "ASK FOR PHOTO ID" 30 years ago. It raised a few questions when I would travel to the US and use them there, but was never refused a transaction.


That’s an urban legend, and stores are not required to actually do so. (And as far as I know, a thief could sign the receipt in all caps, ASK FOR PHOTO ID, and it would be a valid signature :)

In fact, even verifying the signature is no longer required in at least the US.

Signature verification also only solves cardholder authentication, not card authorization (i.e. figuring out if the card is funded, still valid etc.)


I've been signing "CHECK ID :)" for several years now and it's only a few times a year that someone notices.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: