Well not PKI, but I have always had a grudge about those digital tablet or handheld POS things you are sometimes asked to sign on top of. With all the talk about Chip + PIN, it reminded me...
I mean, you are basically digitising your signature into some merchants system, which is stored, somewhere, and in theory used to verify that you did purchase said item because they have your signature to prove it.
But surely, they now have my signature stored digitally, so it could be applied to any sales ledge they store a copy of, thus rendering it pointless. I mean, what's the point? They would always have to produce the paper original to show the ink.
So, I make a point of refusing to sign on these things, mainly in the US, and they have to print a paper version to sign, or I sign with a cross, which is worse.
Chip and PIN is therefore good for me, except I now have about 6 PINs to remember. Most are as issued. I have cards I can't use because I long ago discarded (nay destroyed) the PIN advisory and forgot the PIN (because I didn't create it). But at least
I could change a PIN from time to time. Not so easy with an actual signature... I never heard of people changing their signature on record? But say I made all my PINs the same - then say my PIN was compromised/observed? Then stealing my wallet and cards
is a factor of times more expensive to me, because Banks don't guarantee me against fraud if I have 'lost' my PIN.
And while I am musing these things. What good is the CVV number? Who says this is any proof whatsoever that you have your card in your posission? Sure its on the back of your card, and not raised, so in the old 'roller' machines which took imprints of
your card, it's not left on the counterfoil. And I guess its not on the mag-stripe either, if someone is double scanning your card.
But every merchant who makes a note of this number, stores it in their system, together with my card details. So again, my CVV is 'out there' and can't be trusted as an indication I have my card with me. I mean, I even store my CVV someone safe on my
PDA so I can use my 'Credit Card' if I have to, without having my wallet on me.
We do these things because we have to. They only marginally improve your identification.