Is Credit or Debit Card PIN a Electronic Signature as per the Law ?
Is Credit or Debit Card PIN a Electronic
Signature as per the Law ?
For Lawyers across the world, click and wrap agreement i.e. the
act of ticking an icon in the shape of a box to accept the terms of a contract
can hardly count as a form of signature. In the physical world, that must be
right. Similarly, it might be questioned that a personal identity number (PIN)
can also be considered to be an electronic signature.
Arguably, the PIN combines two functions. Before considering
the two functions, consider the requirements of the bank. The bank needs to
satisfy itself that:
1. The card is legitimate (this is difficult to achieve, as
the reports about fraud demonstrate), and
2. The card is in the possession of the customer to whom it
was issued, or a person authorised by the customer to use the card.
If the bank satisfies itself that its computer systems are
interacting with the card issued to the customer (which is not always the
case), then the computer system requests the purported customer to undertake
one further act to confirm they (or a person authorised by them) have
physically inserted the card into the ATM or the point of sale terminal, by
keying in the correct PIN. Generally, if the computer systems receive positive
results from both interactions, then the bank will permit the person at the ATM
or the point of sale terminal to undertake whatever activity they are permitted
to do within the terms of the mandate.
The first function of the PIN acts as a means of
authentication. The PIN purports to demonstrate that the person that keyed in
the PIN knew the correct PIN (there are some forms of attack that do
The first function
of a PIN
Prefacenot need the correct PIN – any combination of numbers
will act vii to deceive the card issuer that the correct PIN has been keyed
in).
Once the computer systems of the bank are satisfied that the
card is legitimate and the PIN is the correct PIN of the customer, then the
person at the ATM or the point of sale terminal can undertake any activity on
the account that is permitted within the mandate and within the limitations of
the technology.
The second
function of a PIN
The PIN, even though it is offered to the machine before a
transaction is effected, acts as a signature to verify a payment or other form
of transaction. This means that the presentation of a card to an ATM, and the
input of a PIN, is similar to a cheque that is written out by the account
holder, signed, and then presented to the cashier at the bank. The customer
completes the action necessary to request a payment in advance of the payment
being made by the cashier, and then signs the cheque in the presence of the
cashier – all before receiving acknowledgment that a transaction has been
authorised. This means the PIN is a form of electronic signature.
It might be considered that the action of clicking the ‘I
accept’ icon or box, or typing in a PIN are merely a means by which the person
agrees to conclude the contract, but the act is not that of appending their
electronic signature.
This analysis might be right, but we must recall that the
digital world is different to the physical world. Conceptually, some of the
forms of electronic signature may not strictly be considered ‘signatures’ in
the physical world. Nevertheless, it is a convenient shorthand to refer to some
forms of agreeing to enter a contract as an ‘electronic signature’ – at least
we can all understand the meaning behind these words, even if the form is not
quite what we expect.
Case Law:
Standard Bank London Ltd v. Bank of Tokyo Ltd [1995] CLC 496; [1996] 1 C.T.L.R. T-17
and Industrial & Commercial Bank Ltd v. Banco Ambrosiano Veneto SpA [2003] 1 SLR
221, where a message using an authentication code sent through the SWIFT (Society for
Worldwide Interbank Financial Telecommunication) system has the legal effect of binding
the sender bank according to its contents, and where a recipient bank undertakes further
checks on credit standing or other aspects, it does not detract from this proposition.
What is ones responsibility as a cardholder?
You, and all your supplementary cardholders, must take all
reasonable precautions to prevent the card and the card number, the PIN, or any
other security details for the card or account (the “card security details”)
from being misused or being used to commit fraud. These precautions include:
- sign
the card as soon as it is received and comply with any security
instructions;
- protect
the card, the PIN, and any card security details;
- do
not allow anyone else to have or use the card;
- do
not write down the PIN or the card security details nor disclose them to
anyone else including the police and/or banks staff;
- do
not allow another person to see your PIN when you enter it or it is
displayed;
- do
not tamper with the card;
- regularly
check that you still have your card;
- keep
card receipts securely and dispose of them carefully; and
- contact
bank about any suspicious matter or problem regarding the use of the card
at a terminal.
You must notify bank immediately if:
- your
card is lost or stolen; or
- your
PIN may have been disclosed; or
- your
card is retained by an ATM; or
- your
address or contact details have changed
Definition of Electronic Signature in various Countries
USA:
Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001-7003.
ELECTRONIC SIGNATURE. – The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
Electronic Signatures
Law of the People’s Republic of China of 2015. Article 2 provides a definition of
electronic signature and data message, both of which are widely drafted:
Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001-7003.
ELECTRONIC SIGNATURE. – The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
CANADA:
The Uniform Electronic Commerce Act provides a single, media neutral, definition of an electronic signature in s1(b):
The Uniform Electronic Commerce Act provides a single, media neutral, definition of an electronic signature in s1(b):
(b) “electronic signature” means information in electronic form
that a person has created or adopted in order to sign a document
and that is in, attached to or associated with the document.
China:
Order No. 24 of the President of the People’s Republic of China, promulgated on and
effective since 4 April 2015, amending the 2004 law.
“Electronic signature” in this law means data in electronic form in or
affixed to a data message, which may be used to identify the signatory
in relation to the data message and to indicate the signatory’s
approval of the information contained in the data message.
“Data message” means information generated, sent, received or
stored by electronic, optical, magnetic or similar means.
EU:
EU:
The Regulation provides the definition of an electronic signature in article 3(10)
‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
India:
Sec 2 (ta) of Information Technology Act 2000 had
defines electronic signature as
“Authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.”
The definition of electronic signature includes digital signature and other electronic technique which may be specified in the second schedule of the Act, thus an electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.
“Authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.”
The definition of electronic signature includes digital signature and other electronic technique which may be specified in the second schedule of the Act, thus an electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.
Comments
Post a Comment