1. whmurray's Avatar
    Yesterday, I went into my local bank to have my signature guaranteed for the purpose of transferring some gift stock.

    The bank subscribes to a program called Medallion which protects them from liability for any forgery that they might guarantee. Medallion absorbs only the first $500K of losses and requires the bank to document the amount. While the amount, "1 share of Apple Stock," was explicit in the document, Medallion asked for further documentation, a copy of a statement of the account from which the transfer was to be made.

    The bank was reluctant to let me use a bank computer to bring up and print the statement. While this would have been low risk, it would not have been "preferred practice."

    I used my iPhone to bring up a copy of the account. The banker judged it adequate. To complete the file, he took the iPhone to a copier and copied the screen. I was pleased that the banker was willing to accept this alternative. I was not even sure that the copier would copy the screen but it did.

    My backup plan was to use Logmein Ignition to access my home computer, log in to my broker, download the current statement and e-mail it to the bank. What I did not want to do was go home to print it out.

    Welcome to the iPhone empowered 21st Century.
    01-06-2010 12:22 PM
  2. Leanna Lofte's Avatar
    They should've just let you email a screenshot instead of copying your screen.
    01-06-2010 12:54 PM
  3. whmurray's Avatar
    They should've just let you email a screenshot instead of copying your screen.
    Initiative was mine. I did not thnk of that option. How many other ways might we have accomplished this?
    01-06-2010 01:05 PM
  4. jamesus's Avatar
    Whatever works, works! I never thought of putting my iPhone in a coping machine...but not you have peaked my interest!
    01-06-2010 01:32 PM
  5. flyingember's Avatar
    think of it this way as why a photo copy is better.

    basically the rep can then tell their boss, "I saw them enter their login, bring up this screen and then i took a photo copy of it."

    a screen shot can be faked
    01-06-2010 03:56 PM
  6. whmurray's Avatar
    think of it this way as why a photo copy is better.

    basically the rep can then tell their boss, "I saw them enter their login, bring up this screen and then i took a photo copy of it."

    a screen shot can be faked
    Today anything can be forged. Access to online data trumps any image. However, "signature guarantee" is a paper-based, not to say archaic, application, intended to avoid forgery in another paper-based application. It should be possible for one to transfer a share of stock to another account without resort to paper and a trip to a bank.
    01-06-2010 06:41 PM
  7. Hack-My-i's Avatar
    What app lets u sign your sig on your iphone??
    01-07-2010 07:27 PM
  8. whmurray's Avatar
    What app lets u sign your sig on your iphone??
    None. On the other hand, a holographic signature is now an archaic method of expressing one's intent.

    Today we purchase and pay for goods and services with little more than an e-mail address, a password, and a consent to an e-mail confirmation. If one can purchase and sell securities by this method, one should be able to transfer them to an established account by the same means.

    The signature guarantee is a holdover from an era when the stock certificate, not a book entry, was the primary evidence of ownership. It was intended to resist the transfer of stolen certificates. We still use it in an era when there is no certificate.

    Note that I can sell you a share of stock without a signature or guarantee. I simply cannot give it to you that way. Give me a break.
    01-07-2010 07:52 PM
  9. flyingember's Avatar
    None.
    you mean except for apps like Credit Card terminal?
    01-08-2010 08:45 AM
  10. whmurray's Avatar
    you mean except for apps like Credit Card terminal?
    I have looked at several of the credit card terminal apps. None of the one's that I looked at had a signature capability, or even a paper receipt. Even the e-mail receipt may be optional. An exception would only prove the new rule. Of course, a dispute will generally be resolved in favor of the payer, but that is true in any case.

    We will continue to use signatures for real property transactions. However, even here, it is not the difficulty of forging the signature that we rely upon but the the assertion of the witnesses and notaries that they saw the signature applied to the document as an expression of intent.
    01-08-2010 09:33 AM
  11. Hack-My-i's Avatar
    they had a story on channel 7 news about an app that lets u sign your sig on your iphone...????? so its not CC Terminal??? What is it then????
    01-08-2010 02:18 PM
  12. whmurray's Avatar
    they had a story on channel 7 news about an app that lets u sign your sig on your iphone...????? so its not CC Terminal??? What is it then????
    I found the app, Square, in the app store. Here is a link to video. iPhone becomes credit card reader as Square system launches | 9 to 5 Mac

    The app can be used in a manner similar to other credit card apps but has some interesting twists. First, one can obtain a passive slot reader that plugs into the microphone jack of the iPhone to read the card. The device is so cheap that they give them away. It reduces errors and the time required to process the transaction.

    Second, not only does it provide for an e-mail receipt but the receipt can include a map of the location where the transaction took place.

    Third, it does provide for the customer to authenticate the transaction by signing it with his finger on the iPhone screen. Of course, this signature does not include enough information to resist forgery; it is not as good as the signature on paper. It is probably as good as the one on the POS device at The Shack or my grocery store. (I find these so awkward to use that I usually just put in my initials. No one is ever going to reconcile it.) It is also vulnerable to replay. However, it should be good enough to remind the customer that he really did do the transaction. This is how the signature on credit card receipts are really used. Certainly good enough for the kind of transactions that one normally does with a card.

    I have an application on my iPhone that permits drawing. It is a toy for children but it is good enough to simulate signing. I have tried it with my first name and initials. I am clearly able to make a mark that I can recognize that I did and that I am certain no one else could have made. I am unable to make one good enough that a third party could assert that I did or did not make it.

    Of course, if we prove to need better authentication, which I do not expect, one could enter the Verisign VIP code from one's own iPhone into the iPhone of the mini-merchant.

    The ability to carry a multi-application, not to say general purpose, computer in one's pocket, will clearly change the way that business is done.
    Last edited by whmurray; 01-09-2010 at 04:41 PM.
    01-09-2010 04:10 PM
  13. whmurray's Avatar
    .......First, one can obtain a passive slot reader that plugs into the microphone jack of the iPhone to read the card. The device is so cheap that they give them away.
    .............
    The existence of this cheap device increases the risk that one's card might be copied any time that it is out of one's sight. Some may recall the Christmas temp at Bloomingdale's that had a card scanner attached to a Palm Pilot under the counter.

    Increasingly credit card applications are engineered so that the customer never has to let go of the card. However, we still often surrender them to waiters and others.

    The app need not display or store the credit card number since it will be validated in real time. However, the iPhone and its apps are only semi-trusted and jail-broken one's can hardly be trusted by their owners.

    I avoid ATMs that are not on bank premises because they will see, and I cannot trust them not to store, both my mag-stripe and my PIN. I can increase my level of trust marginally by first entering a bad PIN and waiting to see that it is rejected. That at least satisfies me that the machine is connected to my bank. However, there was an entire network of ATMs that were used to steal mag-stripes and PINs. I certainly would never enter my PIN into someone else's iPhone.

    Good transaction security is harder than it looks.
    Last edited by whmurray; 01-09-2010 at 04:39 PM.
    01-09-2010 04:31 PM
LINK TO POST COPIED TO CLIPBOARD