31 May 2005

Customer Signature

In July 2003 I was issued an American Express credit card. It just expired. I've used it for almost two years and I never signed the back! I have never, not even once, been asked to sign it! I guess I'm not alone! I wonder what the signature on the back of the card is supposed to mean anyway. If it is just to verify against the receipt I sign then it seems it is a sorely under-used security precaution. Once again, security is so very dependent on human process. If the process fails, so does the security.

A good example of the human factor in security is this article. An estimated 500,000 people (perhaps as high as 1,000,000) had their account information stolen in "what may the biggest security breach to hit the banking industry." Who did this crime? "Account information on the customers was illegally sold by bank employees to a man identified as Orazio Lembo, whom police said was doing business by illegally posing as a collection agency." Brilliant.

No comments: