Giving Merchants the Finger: How Fingertip Signatures Work
Written by: Kristy Welsh
Last Updated: July 22, 2017
"Do you take credit cards?" Gone are the days when you'd ask that question more out of hope than expectancy. Today, credit cards can be accepted anywhere, from storefronts, to street fairs, to garage sales. All it takes is a mobile device equipped with a card reader and touchscreen to capture fingertip signatures.
What is a Fingertip Signature?
A fingertip signature is a type of electronic signature now commonly used by merchants to process credit card payments on mobile devices. The card is swiped via a card reader (like Square), then the card owner is prompted to sign their name for the purchase — with their fingertip — inside a signature box displayed on the mobile device's touchscreen.
Is a Fingertip Signature Legally Binding?
Yes, the federal Electronic Signatures In Global and National Commerce (ESIGN) Act of 2000 gave electronic signatures just as much weight as those handwritten with pen and paper. The same is true on the state level, via the Uniform Electronic Transactions Act (UETA), which has been adopted by most U.S. states.
Is it Possible for a Fingertip Signature to Verify Someone's Identity?
No, a fingertip signature of your name is not enough to prove that you are, indeed, the person whose name you're signing. But, to a certain extent, the same may be said of handwritten signatures as well.
Granted, a handwriting expert may be able to convince a judge and jury of its authenticity, one or way or the other. But what of a merchant's deciphering of your signature? How well can they make a convincing argument — to themselves or anyone else — that the signature on the receipt doesn't match the one on the back of your credit card (i.e., proving that the person signing isn't who they say they are)? Of course, how often do merchants bother to compare the two signatures at all?
Is There Any Security Risk Associated With Fingertip Signatures?
There is likely no risk associated with sharing your signature in-and-of-itself. The more practical concern is associated with what comes before the signature — the swiping of your credit card. That said, card readers like Square encrypt the credit card data, and the mobile device does not store it in any form.
Am I Protected From Fraudulent Purchases Made With a Fingertip Signature?
Yes, you can expect the same level of protection as you would of any other fraudulent purchase made with your credit card.
How Could Dynamic Biometrics Advance Fingertip Signature Authentication?
Dynamic biometrics can be used to analyze how a fingertip signature is created. Unlike a handwritten signature, which only provides authenticators with the final product for analysis, dynamic biometrics incorporates into the analysis the act of the writing itself. The speed and direction of the strokes you use to sign your name is so unique that its forgery is a near impossibility. This technology already exists, just not yet for mainstream use via card readers on mobile devices.