The Talmud is clear on the topic of cardholder verification: ApplePay has got it right and chip and PIN, chip and signature and no-signature swipe are going to vanish. Well, that’s my interpretation.
Today was the day of 3rd annual Consult Hyperion/NYPAY “Tomorrow’s Transactions Unconference” hosted by the kind people at Google in New York. As has become traditional we kicked off the morning by having an author give the kick-off talk followed by an onstage Q&A. This year it was the wonderful Jeffrey Robinson (known to you as the author of “The Laundrymen”, a seminal work on money laundering) who read a little from his new book “BitCon”. I had a vague suspicion that his view might be a tad controversial but since I learn fastest by hearing smart people argue I thought it worth the risk. It was.
In the afternoon we were honoured to be able to welcome Lisa Servon to the stage for a thought piece on the unbanked. Lisa wrote one of the best articles I’ve ever read on the topic (and I’ve read a lot because of Consult Hyperion’s work in emerging markets and my work with the Bill & Melinda Gates Foundation’s Financial Services for the Poor programme) and was kind enough to let me record one of the most interesting podcasts I ever recorded. Her thought-provoking views were exactly what was needed to get people at least noticing the box even if not thinking outside it.
I delivered the other of the afternoon thought pieces and chose to base it on the absolutely brilliant NPR planet money podcast (I strongly urge you to subscribe to their super series) on the topic of signatures for payment card transactions .
Today on the show: the signature. It’s supposed to say, “This is me.” But where did the idea come from? And why are we still using it? We consult a rabbi, a lawyer and a credit card executive.
[From Episode 564: The Signature : Planet Money : NPR]
Now the issue of signatures and the general use of them to authenticate customers for credit card transactions in the US has long been a source of amusement and anecdote. I am as guilty as everybody else is using the US retail purchasing experience to poke fun at the infrastructure there (with some justification, since as everybody knows the US is responsible for about a quarter of the world’s card transactions but half of the world’s card fraud) but I’ve also used it to illustrate some more general points about identity and authentication. Forum friend Brett King wrote a great piece about signatures a few months ago in which he also made this more general point about authentication mechanisms for the 21st-century.
In a recent UN/ICAO commissioned survey on the use of signatures in passports, a number of countries including the UK recommended phasing out the long held practice because it was no longer deemed of practical use.
[From Why Kids don’t have signatures — Medium]
Now, as Ronald Mann (the Colombia law professor interviewed for the show) quite accurately points out, card signatures are really all about distributing liabilities for fraud transactions. He called them “eccentric relics”, a phrase I loved and will use without limit. The system doesn’t really care whether I sign my transaction Dave Birch or Segio Aquero: all it cares is that it can send the chargeback the right way (bank or merchant, essentially) when it comes. I think there are far better and more cost-effective ways of doing this, and we’ll come back to them in a minute.
In addition to the usual comments about cardholder verification methods that you might expect to hear from a lawyer and a payment scheme representative, the team went to ask a Talmudic scholar about signatures.
Image courtesy Chajm Guski, (CC Attribution 2.0 Generic, 2009)
(The Talmud is the written version of the Jewish oral law and the rabbinic commentary on it that was completed in its current form some time in the fifth century. There are two parts to it: the oral law itself, which is known as the Mishnah, and the record of the rabbis arguing about it and what it meant, which is known as the Gemara.)
The Talmud, it turns out, is admirably clear about the use of signatures. The purpose of the signature is to identify the person. The scholar made a very interesting point about this, when he was talking about the signatures that are attached to the Jewish marriage contract, the Ketubah, pointing out that it is the signatures of the witnesses that have the critical function in dispute resolution. The signatures are used to track down the witnesses so that they can attest as to the ceremony taking place and as to who the participants were.
The show narrator made a good point about this, which is that it might make more sense for the coffee shop to get the signature of the person behind you in the line than yours, since yours is essentially ceremonial whereas the one of the person behind you has that Talmudic forensic function. One possibility, then, for a crowdsourced future retail payment mechanism would be to simply get a random person in the store to take a photo of you buying stuff and putting in escrow for 180 days before deletion in case the charge is disputed!
This set me thinking.
When it comes to making a retail transaction, my signature is utterly unimportant. This is why transactions work perfectly well when I either do not give a signature (for contactless transactions up to £20 in the UK, for example, or for no-signature swipe transactions in the US) or give a completely pointless signature as I do for almost all US transactions, either just scribbling and irrelevant line or carefully printing Sergio Leonel “Kun” Aguero Del Castillo (when I can make it fit).
But now consider a more generalised version of this experience when the future retail transaction is a witnessed exchange of data between my computer (for the sake of argument, my mobile phone) and the store’s computer (for sake of argument, their iPad). Not only is there no need for me to sign this transaction, there’s no need for me to enter a PIN code either, since the phone already knows that I am its rightful owner because I’ve already used the passcode or a fingerprint or whatever to unlock it. And it would be pointless if the clerk gave their signature to the transaction since what my mobile phone wants is the digital signature that it can actually validate to know that it is talking to a real and accredited store and that the payment has been properly recorded and acknowledged. This may well be the genius of ApplePay: since there are no signatures or PINs or anything else at all, it will very hard to make a more convenient experience for consumers.
The Talmudic scholar also mentioned in passing that according to the commentaries on the text, the wise men from 20 centuries ago also decided that all transactions deserved the same protection. It doesn’t matter whether it’s a penny or £1000, the transaction should still be witnessed in such a way as to provide the appropriate levels of protection to the participants. The Talmud says that every purchase is a big purchase. So, goodbye to electronic cash and goodbye to chip and PIN and hello to biometric authentication and secure elements: we have the prospect of a common payment experience in store, on the web and in-app: you click “pay” and a your phone asks you to confirm and you put your finger on the home button. For everything: the cup of coffee and the pair of shoes and the plane ticket. It turns out that once again we can go back to the future in the design of our next retail payments system.
Happy Rosh Hashanah to one and all!
Very interesting comments, thank you. A signature has a number of functions, which I set out in great detail in Electronic Signatures in Law (3rd edn, Cambridge University Press, 20102), pp 8-10. Authentication is just one of them. You have to be aware of the reason for asking for a signature before you establish the function the signature performs. Electronic signatures (a list here: http://www.stephenmason.eu/?page_id=35) were used and accepted well before any legislation was passed.
Stephen Mason