Wednesday, April 19, 2017

Is Credit or Debit Card PIN a Electronic Signature as per the Law ?

Is Credit or Debit Card  PIN a Electronic Signature as per the Law ?

For Lawyers across the world, click and wrap agreement i.e. the act of ticking an icon in the shape of a box to accept the terms of a contract can hardly count as a form of signature. In the physical world, that must be right. Similarly, it might be questioned that a personal identity number (PIN) can also be considered to be an electronic signature.
Arguably, the PIN combines two functions. Before considering the two functions, consider the requirements of the bank. The bank needs to satisfy itself that:
1. The card is legitimate (this is difficult to achieve, as the reports about fraud demonstrate), and
2. The card is in the possession of the customer to whom it was issued, or a person authorised by the customer to use the card.
If the bank satisfies itself that its computer systems are interacting with the card issued to the customer (which is not always the case), then the computer system requests the purported customer to undertake one further act to confirm they (or a person authorised by them) have physically inserted the card into the ATM or the point of sale terminal, by keying in the correct PIN. Generally, if the computer systems receive positive results from both interactions, then the bank will permit the person at the ATM or the point of sale terminal to undertake whatever activity they are permitted to do within the terms of the mandate.
The first function of the PIN acts as a means of authentication. The PIN purports to demonstrate that the person that keyed in the PIN knew the correct PIN (there are some forms of attack that do
The first function of a PIN
Prefacenot need the correct PIN – any combination of numbers will act vii to deceive the card issuer that the correct PIN has been keyed in).

Once the computer systems of the bank are satisfied that the card is legitimate and the PIN is the correct PIN of the customer, then the person at the ATM or the point of sale terminal can undertake any activity on the account that is permitted within the mandate and within the limitations of the technology.
The second function of a PIN
The PIN, even though it is offered to the machine before a transaction is effected, acts as a signature to verify a payment or other form of transaction. This means that the presentation of a card to an ATM, and the input of a PIN, is similar to a cheque that is written out by the account holder, signed, and then presented to the cashier at the bank. The customer completes the action necessary to request a payment in advance of the payment being made by the cashier, and then signs the cheque in the presence of the cashier – all before receiving acknowledgment that a transaction has been authorised. This means the PIN is a form of electronic signature.
It might be considered that the action of clicking the ‘I accept’ icon or box, or typing in a PIN are merely a means by which the person agrees to conclude the contract, but the act is not that of appending their electronic signature.
This analysis might be right, but we must recall that the digital world is different to the physical world. Conceptually, some of the forms of electronic signature may not strictly be considered ‘signatures’ in the physical world. Nevertheless, it is a convenient shorthand to refer to some forms of agreeing to enter a contract as an ‘electronic signature’ – at least we can all understand the meaning behind these words, even if the form is not quite what we expect.

Case Law:

Standard Bank London Ltd v. Bank of Tokyo Ltd [1995] CLC 496; [1996] 1 C.T.L.R. T-17 and Industrial & Commercial Bank Ltd v. Banco Ambrosiano Veneto SpA [2003] 1 SLR 221, where a message using an authentication code sent through the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system has the legal effect of binding the sender bank according to its contents, and where a recipient bank undertakes further checks on credit standing or other aspects, it does not detract from this proposition. 

What is ones responsibility as a cardholder?
You, and all your supplementary cardholders, must take all reasonable precautions to prevent the card and the card number, the PIN, or any other security details for the card or account (the “card security details”) from being misused or being used to commit fraud. These precautions include:
  • sign the card as soon as it is received and comply with any security instructions;
  • protect the card, the PIN, and any card security details;
  • do not allow anyone else to have or use the card;
  • do not write down the PIN or the card security details nor disclose them to anyone else including the police and/or banks staff;
  • do not allow another person to see your PIN when you enter it or it is displayed;
  • do not tamper with the card;
  • regularly check that you still have your card;
  • keep card receipts securely and dispose of them carefully; and
  • contact bank about any suspicious matter or problem regarding the use of the card at a terminal.
You must notify bank immediately if:
  • your card is lost or stolen; or
  • your PIN may have been disclosed; or
  • your card is retained by an ATM; or
  • your address or contact details have changed

Definition of Electronic Signature in various Countries

Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001-7003. 
ELECTRONIC SIGNATURE. – The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. 
The Uniform Electronic Commerce Act provides a single, media neutral, definition of an electronic signature in s1(b):
(b) “electronic signature” means information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document.
Order No. 24 of the President of the People’s Republic of China, promulgated on and effective since 4 April 2015, amending the 2004 law.  
Electronic Signatures Law of the People’s Republic of China of 2015. Article 2 provides a definition of electronic signature and data message, both of which are widely drafted:
“Electronic signature” in this law means data in electronic form in or affixed to a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message.
“Data message” means information generated, sent, received or stored by electronic, optical, magnetic or similar means.

The Regulation provides the definition of an electronic signature in article 3(10)
‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
Sec 2 (ta) of Information Technology Act 2000 had defines electronic signature as
“Authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.”
The definition of electronic signature includes digital signature and other electronic technique which may be specified in the second schedule of the Act, thus an electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.

No comments:

Post a Comment

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction By Prashant Mali In the case of D...