He tried increasingly bizarre ways of signing his credit card receipts in a vain attempt to persuade someone to check the signature. Here’s an excerpt from an early episode:
“So far, I had tried altering my signature in a number of ways, but what if I didn’t even sign my own name? First, I lobbed a slow ball.” [He signed the credit card slip as Mariah Carey.] “The waitress at the restaurant didn’t say anything, probably because I am mistaken for Mariah Carey all the time. Except for the goatee and the back hair, we are like twins.”—John Hargrave, in “The Credit Card Prank”
Signatures Are Still Important for Some Transactions
While the Hargrave prank was fun, he mainly showed that most credit card transactions in the US no longer require a signature. But there are many other transactions where signatures live on.
Spoiler alert—If you read right to the end of the Hargrave story, in the last episode, he tries, tongue firmly in cheek, to purchase the most expensive flat-screen TV he could find using the signature Not Authorized. Foiled at last, he’d found an example that required a real signature.
Recently, I’ve had to sign documents for a couple of transactions:
- telling the vehicle licensing authority that I’d sold a car
- authorizing some changes to my pension plan
But if we think about it, both the paper form and the signature have become rather outdated, haven’t they? Think of all those steps:
- Get the paper form.
- Fill it out.
- Sign it.
- Find an envelope.
- Address the envelope.
- Insert the form.
- Seal the envelope.
- Get a stamp.
- Affix it to the envelope.
- Post it off.
Sounds almost as quaint as traveling by horse and buggy, doesn’t it? It’s slow, prone to error, and creates expense and delay for both the user and the organization that has to deal with all that paper.
But it’s that signature step that stops many organizations from replacing paper forms with speedier and more convenient online transactions.
A Real Signature Needs Authentication
One thing that fascinates me is that organizations often dogmatically insist that a paper signature is essential, but have no process whatsoever for authenticating that signature. My view is that, if you're not taking steps to check the identity of the signer and making some effort to assure yourself that the signature belongs to the signer, the signature on the paper from could be from Mickey Mouse and no one would ever know—just as in the Hargrave prank.
So the first question to ask when exploring whether a signature is really necessary is: “What steps do you currently take to ensure that a signature is authentic?”
A Signature on Paper Has Mystical Power
Given that paper signatures rarely get authenticated, they’re really somewhat worthless. But they still seem to have some mystical power in the minds of lawyers and organizations and, I believe, in the minds of users who sign forms.
When testing the usability of paper forms, I've certainly had plenty of participants who were reluctant to sign a form during a usability test—whether as themselves or as made-up people whose story they happened to be enacting—which I, of course, completely respect. They sometimes put an X where they would ordinarily sign, but generally they prefer to stop and discuss signing the form, which is fine by me.
Dan Ariely discusses the mystical power of signatures in his 2012 book The Honest Truth about Dishonesty. In one example, groups of MIT and Yale students took a test that was set up in a way that made cheating easy. The students who were asked to sign a pledge to abide by their institution’s honor code immediately before taking the test cheated less than those who were not asked to sign—even though neither institution actually has an explicit honor code. The researchers got similar results during a much larger experiment with the general public, requiring participants to sign insurance forms before filling them out rather than at the end. It seems that signing a declaration of honesty before performing a task can help to improve the honesty with which people perform that task.
More typically, the signature signals completion or the end of a user’s turn in the conversation that a form embodies. Ariely reports that he suggested to the IRS—the USA tax authority—that they move signatures from the end of their forms to the beginning, with the aim of reducing taxpayer dishonesty. He says they turned him down flat without articulating their reasons. I wonder whether they may have been considering the usability problems that occur if the signature comes before the end of the form, which they have discovered. For example, the old IRS 1040X form, shown in Figure 1, had the signature box at the end of page 1 of the two-sided form. Many people signed it, then failed to realize that they needed to turn the form over to complete its reverse side.
The current 1040X formPDF now has the signature at the end, where it belongs.
Other questions to ask when exploring whether a signature is really necessary focus on the task and who has control of the task. For example:
- What task is happening here?
- Do users need to signal the end of the task?
- Do users want to show that they are handing over control of the task to the organization?
An Electronic Signature Needs Authentication
In the electronic world, the ideal signature needs authentication—some attempt to identify that the person filling in the form is actually the person he purports to be.
Typically, we think in terms of user name or email address and password as being an acceptable level of authentication for many purposes.
The true digital signature includes cryptography and provides both authentication and nonrepudiation—that is, it proves both that the person who has signed a form is who they say they are and that they did actually sign it, so can’t claim later that they didn’t sign it. It also offers integrity—that is, that no one has altered the document itself since it was signed.
Some technical- or security-minded people have adopted digital signatures, and some types of applications—for example, those for the pharmaceutical industry—appear to be quite keen on them. But they haven’t been widely taken up.
I think this is partly because, in practice, the way you activate a digital signature is by authenticating yourself to the computer with the signing program on it—or putting this another way, you log in—nearly always with a user name and password. So, in practice, digital signatures may turn out to be no more secure than the good old user name and password combo. Of course, there are fancier ways to authenticate users, but that’s another story for another day.
The third question to ask when exploring whether a signature is really necessary is: “If we have a good way of authenticating a user, could that replace the signature?”