"Copying" the iPhone Screen
Yesterday, I went into my local bank to have my signature guaranteed for the purpose of transferring some gift stock.
The bank subscribes to a program called Medallion which protects them from liability for any forgery that they might guarantee. Medallion absorbs only the first $500K of losses and requires the bank to document the amount. While the amount, "1 share of Apple Stock," was explicit in the document, Medallion asked for further documentation, a copy of a statement of the account from which the transfer was to be made.
The bank was reluctant to let me use a bank computer to bring up and print the statement. While this would have been low risk, it would not have been "preferred practice."
I used my iPhone to bring up a copy of the account. The banker judged it adequate. To complete the file, he took the iPhone to a copier and copied the screen. I was pleased that the banker was willing to accept this alternative. I was not even sure that the copier would copy the screen but it did.
My backup plan was to use Logmein Ignition to access my home computer, log in to my broker, download the current statement and e-mail it to the bank. What I did not want to do was go home to print it out.
Welcome to the iPhone empowered 21st Century.
- 01-06-2010, 11:54 AM #2
- 01-06-2010, 12:32 PM #4
- 01-06-2010, 02:56 PM #5
- 01-07-2010, 06:27 PM #7
Today we purchase and pay for goods and services with little more than an e-mail address, a password, and a consent to an e-mail confirmation. If one can purchase and sell securities by this method, one should be able to transfer them to an established account by the same means.
The signature guarantee is a holdover from an era when the stock certificate, not a book entry, was the primary evidence of ownership. It was intended to resist the transfer of stolen certificates. We still use it in an era when there is no certificate.
Note that I can sell you a share of stock without a signature or guarantee. I simply cannot give it to you that way. Give me a break.
- 01-08-2010, 07:45 AM #9
We will continue to use signatures for real property transactions. However, even here, it is not the difficulty of forging the signature that we rely upon but the the assertion of the witnesses and notaries that they saw the signature applied to the document as an expression of intent.
- 01-08-2010, 01:18 PM #11
iPhone becomes credit card reader as Square system launches | 9 to 5 Mac
The app can be used in a manner similar to other credit card apps but has some interesting twists. First, one can obtain a passive slot reader that plugs into the microphone jack of the iPhone to read the card. The device is so cheap that they give them away. It reduces errors and the time required to process the transaction.
Second, not only does it provide for an e-mail receipt but the receipt can include a map of the location where the transaction took place.
Third, it does provide for the customer to authenticate the transaction by signing it with his finger on the iPhone screen. Of course, this signature does not include enough information to resist forgery; it is not as good as the signature on paper. It is probably as good as the one on the POS device at The Shack or my grocery store. (I find these so awkward to use that I usually just put in my initials. No one is ever going to reconcile it.) It is also vulnerable to replay. However, it should be good enough to remind the customer that he really did do the transaction. This is how the signature on credit card receipts are really used. Certainly good enough for the kind of transactions that one normally does with a card.
I have an application on my iPhone that permits drawing. It is a toy for children but it is good enough to simulate signing. I have tried it with my first name and initials. I am clearly able to make a mark that I can recognize that I did and that I am certain no one else could have made. I am unable to make one good enough that a third party could assert that I did or did not make it.
Of course, if we prove to need better authentication, which I do not expect, one could enter the Verisign VIP code from one's own iPhone into the iPhone of the mini-merchant.
The ability to carry a multi-application, not to say general purpose, computer in one's pocket, will clearly change the way that business is done.
Last edited by whmurray; 01-09-2010 at 03:41 PM.
Increasingly credit card applications are engineered so that the customer never has to let go of the card. However, we still often surrender them to waiters and others.
The app need not display or store the credit card number since it will be validated in real time. However, the iPhone and its apps are only semi-trusted and jail-broken one's can hardly be trusted by their owners.
I avoid ATMs that are not on bank premises because they will see, and I cannot trust them not to store, both my mag-stripe and my PIN. I can increase my level of trust marginally by first entering a bad PIN and waiting to see that it is rejected. That at least satisfies me that the machine is connected to my bank. However, there was an entire network of ATMs that were used to steal mag-stripes and PINs. I certainly would never enter my PIN into someone else's iPhone.
Good transaction security is harder than it looks.
Last edited by whmurray; 01-09-2010 at 03:39 PM.