Richard has been talking about security scams over at Gendal World. There certainly seems to be a lot of empirical evidence that security principles aren’t well understood by the general public.
For example: My credit card expired recently. On receiving the new one, I forgot to sign it, and put it in my wallet with the back blank (yeah, I know). I’ve since been able to use it twice unsigned:
At a pub, I paid for ~£10 worth of drinks. They didn’t use chip-and-pin, so I was asked to sign. When the barman noticed I was missing a signature, he pointed out that I really should sign it, but ‘this time’ he’d take other ID. I showed him my photo driving licence (with a signature), and there were no further questions. I was sufficently fazed that I forgot to sign it again, and:
At a shop in Southampton airport, I went to pay for a magazine. Again, no chip-and-pin. When noticing the card was unsigned, I was again encouraged to sign it, but this time no other ID was required - even though I offered my driving licence. ‘I’ll trust you’, I was told.
Of course, it is dumb for me to walk around with an unsigned card in my wallet. However, it’s also dumb for these retailers to accept it. You could argue that it’s a low risk for them - I look respectable, I have other ID with my photo and signature, and these are low amounts involved. Whether they are breaking their contract with the bank by accepting it, though, I don’t know - I suspect it would frowned upon, at least - and they are probably liable for any fraud.
I was tempted to leave the card unsigned and see how much longer I could get away with it. If I wasn’t putting myself at risk, I’d do it, but I’m paranoid about losing things, so I haven’t. But it’s curious to see just how easy it is to get away with some things.