Why is a handwritten signature considered a reliable method of authentication (and is it really so)

A signature is one of the main methods of personal identification. Not the most reliable, but often the simplest and most accessible for paper document management.

The autograph must confirm the authenticity of the document. For example, in banks, employees still compare signatures on documents and on passports.

Signatures are not unique and do not have general reliability, but they are quite reliable in certain tasks.

Signature forgery is usually more expensive than the expected benefit of fraudand a lot rests on this assumption.

Of course, when the issue of a major transaction arises, additional verification factors are needed.

And it seems that signatures are already becoming obsolete.

Why everyone needs a unique signature and how they came to this

Signatures are, in a sense, the forerunners of modern passwords. In ancient times and the Middle Ages, a signature was not just a way to confirm documents or agreements, it also served as an identification function.

The first known handwritten signatures appeared in Ancient Egypt around two thousand years BC. More widespread markings of documents with a personal sign began to appear during the formation of Greek city-states (approximately 8th–6th centuries BC).

For many centuries, only aristocratic circles of society used the signature: along with the personal seal, it was certified by decrees and laws.

But gradually church ministers, merchants, and artisans joined in. Later, signatures would become common practice to confirm ownership, transactions, and other legally significant documents. In medieval banks and trade organizations, where secrecy and security played an important role, signatures were especially significant.

The massive use of personal signatures became widespread with the advent of mandatory documents. In France, starting from the 17th century, passports began to come into use, which were originally documents that allowed passage through the port.

In V.I. Dahl’s explanatory dictionary, an autograph received the following definition: “Sign (a paper) – attach your hand… write your name, nickname, rank, etc…”.

A signature allows an individual to be identified and authenticated. In civil legislation (Article 160, paragraph 2 of Article 434 of the Civil Code of the Russian Federation), a signature is a necessary condition for concluding a civil contract in writing.

If translated from legal language into Russian, then the presence of an autograph in the contract indicates that the person agrees with its terms.

Nowadays, the current legislation of the Russian Federation does not explain the concept of a personal signature in any way, so there are no special rules on how to sign – in letters, words, strokes or strokes. And this leads to the fact that the majority uses an “untrusted” signature that is easy to repeat. It’s like with passwords: if the requirements for their security are not defined, then the most popular one will be “qwerty123”.

How to secure a signature (not much)

Criminologists distinguish three groups of common personal signatures:

• Signatures of one or two letters, meaningless squiggles. Criminologists themselves cannot always establish the authenticity of a signature from the first few letters of a surname or an abbreviation of a surname, first name and patronymic. That is, such a signature is unreliable.
• More difficult to copy and understand signatures consist of complex gobbledygook, with many elements intersecting each other, and look quite abstract. From a reliability point of view, it’s better, but not ideal.
• Long signatures that display the entire or almost entire last name or first name with a last name. Such autographs contain many elements; the dynamics of pressure and changes in writing speed are well monitored. This, of course, is the best option in terms of “burglary protection” reliability.

The following also contributes to the reliability of the signature:

Art. 327 of the Criminal Code of the Russian Federation

, which promises up to two years of restriction or imprisonment for falsifying it. By the way, a full-fledged check is a handwriting examination. It is carried out after the fact as part of an investigation or trial if there are suspicions of document falsification.

To conduct a graphological examination, you must provide the original of the disputed text (recording or signature) and samples of the letter from the alleged performer.

To understand whether a signature is real or not, a handwriting expert examines these materials, checks the appearance and many inconspicuous details. For example, pressure characteristics: under a microscope, compares the depth of the grooves left when writing.

The basic rule is that the more complex the signature, the more difficult it is to forge. You can complicate it like this:

• Make the signature longer: the more letters and elements, the more difficult it will be to repeat.
• Use an autograph with the last name written continuously and added squiggles or curlicues.
• You can use an additional drawing in which the initials of the name and patronymic will be hidden.
• If you have a common surname, then instead of using the whole name, it is better to come up with a word derived from it and add initials to it.
• Signing documents in block letters is a bad idea: such letters are the easiest to forge.
• Use not only a signature, but also a transcript (write your full name next to it).

History of biometrics. The human body as an alternative to a signature

The task of identifying a large number of people first appeared during the construction of the pyramids of Ancient Egypt. The Egyptians quite elegantly solved it using the method of recording bodily characteristics, that is, one might say, they invented biometrics: in addition to the name of the employee, the caretaker recorded his height, skull shape, eye color, special features such as scars, moles, etc., and the signature on business records replaced a fingerprint.

Scientific systematization began in the 17th–18th centuries: first, the Italian professor of anatomy Marcello Malpighi in 1686 described fingerprint patterns, in particular, spirals and loops, in his treatise.

Then in 1788, German anatomist and physician Johann Christoph Andreas Mayer wrote a paper that included drawings of fingerprints. Mayer was the first to announce that the pattern formed by raised lines is unique to each person.

The practical application of this method was found by the British colonial official William Herschel. He worked in India for a long time and, as part of his job, dealt with financial documents that required signatures. Locals didn’t always take handwritten signatures seriously, and this sometimes caused problems. For example, they could come twice for a salary, claiming that they had not yet received money, whereas according to the documents everything had already been issued. William found this solution: in addition to the signature, also record the employee’s fingerprints on the back of the employment contract. The locals took this method of identification much more seriously and treated it with more respect than a regular autograph on paper.

At approximately the same time (at the end of the 19th century), the English researcher Francis Galton and the Argentine police officer Juan Vucetich began working on the development of the idea of ​​fingerprinting. Then Galton achieved the introduction of fingerprinting in England as a method of registering criminals.

Fingerprinting was first used in the trial of the Stratton brothers, accused of double murder. The main evidence was a bloody fingerprint. After checking the matches, the police found similarities on eleven points.

The suspects were convicted: the judge was against it, but was forced to agree with the jury’s opinion.

Then fingerprinting began to be used all over the world. In Russia, it began to be used in 1906, and the first examination was carried out in 1912 in the St. Petersburg District Court.

Even before the widespread use of fingerprinting to identify a person, in the 1880s, a method such as bertillonage was used. Its inventor is Alphonse Bertillon.

He worked as a clerk in the bureau of the police prefecture of Paris, filled out arrest cards and decided to catalog them according to several anthropometric parameters: height, length of the body, torso, limbs and feet, volume and length of the head. He soon noticed that the sizes of some indicators may be the same in different people, but the sizes of several parts of the body at the same time are not the same. A unique set of individual parameters makes it possible to determine personality with a high degree of accuracy.

He also proposed a special photography system – signal photography, which was in addition to anthropometric data. The person was photographed from the front, in profile and in three-quarters of a turn.

Source

To some extent, Bertillonage can even be called a distant ancestor of Face ID technology. In essence, the human body acts as a method of biometric identification and authentication – not a virtual one, but a real biometric sign (identifier) ​​related to a person is used.

For data protection and access control

Biometrics migrated into everyday life about 20 years ago and is no longer exotic. Data associated with a person’s unique physiological parameters cannot be stolen, lost or forged, unlike a signature or, for example, a PIN code.

It is not enough to identify a person to gain access to some system, for example, a bank account. In addition to identification, authentication is also needed – a procedure for checking the subject’s access using the presented identifier. For example, confirming the user’s identity – entering a login and password, comparing the entered data with the login and password in the database of previously identified users. Based on the results, access is either granted or it is denied if the data does not match.

Authentication methods are divided into knowledge factors (for example, password or PIN code), characteristic factors (fingerprints) and ownership factors (card, phone). The banking sector combines identification and authentication methods for additional data protection.

Today, gadgets are equipped with biometric sensors, such as fingerprint scanners or Face ID; biometric systems are used when obtaining visas, when passing border control at airports, to gain access to offices and government agencies. And for authentication in banking applications and online banking systems – too.

Biometric systems recognize us not only by sight, but also by voice. Voice methods evaluate parameters such as pitch, speech rate, frequency characteristics, and other unique features of a person’s voice. Of course, any use of biometrics requires the user’s permission.

In banking, the reliability of identification must be maximum, so several methods are used at once. For example, if you applied for a new card at the bank, you probably came up with a secret word and entered the code from the SMS. These identification methods were used for existing clients and significantly simplified their subsequent interaction with the bank. But until recently, opening an account still required a mandatory visit to the branch with a passport and leaving autographs on documents.

Although this is almost a thing of the past: now you can remotely open a bank accountif, of course, you have provided permission to store your biometric data in the Unified Biometric System.

A handwritten signature continues to be used, but in fact is already a rudiment of a bygone era: instead of going with a bunch of documents to banks, government agencies and signing papers manually, it is much more convenient to use remote services.