All 4 major U.S. credit cards ditch signatures, with eye on biometrics

Fingerprint or retinal scan security is expected someday to become the gold standard in payment authorization.
By Daniel Uria  |  April 30, 2018 at 5:30 AM
share with facebook
share with twitter

April 30 (UPI) -- Beginning this month, four of the largest credit card networks in the United States no longer require signatures to complete transactions -- a move driven by evolving security and technology.

American Express, Discover and Mastercard gave merchants the option to stop requesting handwritten authentication for credit and debit card transactions April 13, while Visa implemented the policy the following day.

Terms for the change will vary. American Express eliminated the requirement for all its cards globally, while Visa lifted the signing requirement only in the United States and Canada for payment systems that read chip cards. Mastercard ended the requirement exclusively in North America, while Discover offers the choice in the United States, Canada, Mexico and Caribbean nations.

While each credit card company eliminated the signature, individual retailers also have the choice to keep collecting signatures or stop.

Several major retail chains, including Walmart, have sought to end the longtime practice because those sales must be processed in a way that takes more time and costs twice as much as transactions that use a PIN.

"Having to sign a receipt can be a hassle for customers and is not necessary to prevent fraud at the point of sale," said Walmart Senior Vice President and Assistant Treasurer Mike Cook.

In place of signatures, credit card companies are now transitioning to other security methods -- some new, some familiar.

The chip

Chip technology was widely adopted in the United States in 2015, when major credit card networks began providing customers with cards embedded with a readable computer chip, or EMV, which stands for Europay, Mastercard and Visa.

Embedded microchips in EMV cards contain encrypted information, making it more difficult for a card to be copied or counterfeited.

Information from EMV transactions is also less valuable to hackers, as each purchase generates a unique code -- unlike the electronic data generated from the traditional magnetic strips.

"Less than two years since EMV chip launched in the U.S., fraud declined 66 percent at EMV chip-enabled merchants," Visa said.

The widespread adoption and use of the EMV chip is the primary factor that has ushered out the need for signatures.

Tokenization

Another security method uses a concept similar to EMV called tokenization -- a process by which a card's 16-digit primary access number, or PAN, is substituted with a unique alternate number, or "token."

The PAN is the credit card's main number displayed across the front, which is often given to make purchases online.

Internet, mobile app and some in-store purchases utilize tokenization.

Upon initiating a payment, tokenization creates a randomized "token" to replace the PAN and sends it to the payment processor, which then de-tokenizes the ID and authorizes the payment.

Once the payment has been authorized, the token can never again be used to initiate payment with another retailer. Therefore, it is useless for a thief to mine "tokens" since they can not be used again for any purchase.

Like EMV chips, though, the method helps improve security by adding a dynamic element to each purchase, making it tougher for sensitive information to be stolen.

Biometrics

Credit card companies and other payment services have also begun to adopt biometric technologies as a form of authentication.

Biometrics refer to unique human physical characteristics like fingerprints, facial recognition, voiceprints and iris or retinal scans, unique elements of a user that can entirely replace traditional alphanumeric passwords and are even more secure.

In January, Visa announced pilot institutions that will begin using a new payment card that features an on-card fingerprint sensor.

The card will allow users to register a fingerprint template to be stored in the card, which can then be used to authenticate purchases by placing a finger on the card's sensor. Integrated green and red lights will indicate a successful or unsuccessful match.

"The world is quickly moving toward a future that will be free of passwords, as consumers realize how biometric technologies can make their lives easier," said Jack Forestell, head of global merchant solutions for Visa.

Mastercard also launched a trial of biometric cards last year and announced plans to allow all customers to identify themselves with biometrics beginning in April 2019.

Experts and financial institutions believe biometric-secured payments will one day make all other authentication methods obsolete.

"Biometric technologies perfectly meet the public's expectation for state-of-the-art security when making a payment," President of Mastercard U.K. and Ireland Mark Barnett said. "It will make the purchase much smoother, and instead of having to remember passwords to authenticate, shoppers will have the chance to use a fingerprint or a picture of themselves."

In a critique of India's biometric-based identification system for the BBC, technology lawyer Mishi Choudhary warned potential compromises of databases storing biometric data could have long-lasting consequences.

"Any compromise of such a database is essentially irreversible for a whole human lifetime: no one can change their genetic data or fingerprints in response to a leak," Choudhary said.

Professor of Law at Georgetown University Alvaro Bedoya also noted biometric features aren't as inherently private as traditional alphanumeric passwords.

"I do know what your ear looks like, if I meet you, and I can take a high resolution photo of it from afar," Bedoya said. "I know what your fingerprint looks like if we have a drink and you leave your fingerprints on the pint glass."

Related UPI Stories
Topics: Mike Cook
Trending Stories