Science: Forgers beware: squiggles on file: Signatures hold secrets that a computer can learn. An answer to fraud? Julian Brown reports

Click to follow
The Independent Online
If you use a credit card, how closely does the cashier compare your signature on the payment slip with that on the card? Often these get little more than a cursory glance, perhaps with one of the signatures being scrutinised upside-down. Sometimes the cashier won't bother to look at all - possibly through apathy, or through a reluctance to give the impression that your honesty is in question.

With losses due to credit card fraud running at around pounds 130m a year, banks and building societies are keen to find ways to improve the security of their cards. The N&P Building Society is putting photographs on cards, but many companies have resisted such a move. One reason is cost; another is that the system still relies on the vigilance of the cashier to check the likeness of the photo - an easier task than checking a signature, but one that is still open to human error.

Some of the limitations of credit card security could be overcome by a new approach devised by researchers at GEC, in which a computer is 'trained' to recognise an authentic signature with an accuracy of 99.25 per cent - much higher than that which most careful cashiers can achieve.

The system's advantage is that it has access to more information about each signature than is revealed by simple human inspection. When it is given a signature to remember, the specimen signings (at least three are needed) are made with a special pen and a digitising tablet, which together measure the hand's pressure and the speed at which it moves.

The computer then calculates an average 'template' of the signature, which includes information not only about its overall shape and appearance but also 'temporal' data, representing key aspects of the speed with which each curve and squiggle is drawn. Having access to several specimens, the computer is also able to determine which parts of the signature vary greatly and which change little.

To verify a signature, the system attempts to match its template against the signature. The machine then computes the overall similarity and offers its verdict on the signature's authenticity.

One attractive aspect of the system is that all the digitised data representing the key aspects of a signature can be stored in less than 200 bytes of code, a mere speck in the rapidly expanding universe of computer memory. Such data could easily be transmitted over a telephone line or stored on a smart card. Many swipe machines at shop check-outs automatically clear credit card transactions by sending data back and forth over a telephone line, so it would be easy to include this extra data as a way of checking the signature. The problem for forgers is that although they could offer visually passable imitations of the real signature, it is unlikely that they would be able to mimic the speed and flow of the genuine author.

One disadvantage of the system is that shopkeepers would need a more complicated card-swiping machine, which would include a digitising tablet and a pressure- sensitive pen for the customer to use to sign the transaction slip. But GEC's researchers believe that the extra hardware would be relatively inexpensive and would soon pay for itself - particularly if it was manufactured in volume.

A more significant problem is that people's signatures tend to vary and evolve with time, increasing the likelihood of a false rejection.

Steve Collins, manager of card technology at Barclaycard, says that though his company is seriously looking at automatic signature recognition, he has yet to see a system that would prove reliable enough when used on a busy supermarket check-out.

Barclaycard is exploring a multitude of methods for preventing credit card fraud, but Mr Collins's favourite is one based on fingerprint scanning. He admits this would be less consumer friendly, because of its criminal overtones, but thinks that ultimately it would prove more reliable than signature verification.

Nevertheless, several banks are showing interest in GEC's system, because not only does it offer a way of dealing with credit card fraud but it could be used as a way of authenticating signatures on cheques, legal documents and social security payments.