The electronic signature market has been around for more than 20 years, but it has seen significant expansion and adoption in the past decade. Highly regulated industries like financial services, insurance, government and health care have led the charge when it has come to implementing this technology because of its ability to enable digital business while keeping processes secure and compliant. Recently, the industry has experienced increased growth in the mid-market as even more small- to medium-sized businesses have started adding e-signatures to their customer-facing processes.
A December 2015 report from Forrester Research, “E-Signatures – A Few Simple Best Practices Drive Adoption” (access requires subscription), attributes this recent increase in adoption to the fact that as customers become more digital, they increasingly expect the companies they do business with to provide high-quality digital experiences. Replacing manual, paper processes with ones that are automated and electronically signed has enabled organizations of all sizes to significantly reduce cycle times, errors and costs while offering the experience customers expect.
As more businesses transition their customer transactions to the web, security is understandably a top concern. When organizations are looking at various e-signature vendors, it is not enough to simply look for an e-signature that is “ESIGN compliant” or has a certain security certification. Taking a broader view of e-signature security will help companies strengthen their legal and compliance position while ensuring maximum adoption. In this slideshow, Silanis, provider of e-SignLive, takes a closer look at the top electronic signature security requirements for digital transactions.
A Closer Look at E-Signature Security
Click through for a closer look at the top electronic signature security requirements for digital transactions, as identified by Silanis.
Identification, Authentication and Attribution
First and foremost, organizations need to take steps to identify users prior to e-signing, and they need to tie that authentication to the e-signature and e-signed record. Identification takes place the first time a signer conducts a transaction with an online user. Common approaches to user identification are self-identification (user enters personal information about themselves) and third-party identification (when that information is verified against a third-party verification service such as Equifax).
User authentication is the process of verifying credentials entered by a user. The most common approach and widely accepted standard for user authentication in online transactions is user name and password. Digital certificates, tokens or biometrics are other options for very high-risk processes. The final step is signature attribution; this is the process of proving who actually clicked to apply an e-signature. The two most common approaches for establishing attribution are affidavits and the use of SMS passcodes.
Digital Signatures as Part of E-Signature Security
People often assume that digital signatures and electronic signatures are the same, however, they are actually two different things. An e-signature is a legal concept, while a digital signature is a security technology. If an e-signed document is modified or tampered with in any way, the digital signature technology will detect it and indicate that the document has been altered. Digital signatures are therefore the foundation of any reliable electronic signature and a core requirement for a trustworthy solution. This is a unique and significant advantage over the paper world, where it is not always possible to detect whether changes have been made to a document.
Document and Signature Security
Document and signature security are at the heart of any electronically signed business transaction. The best e-signature solutions not only secure the document but also each signature within the document with a digital signature. This renders the document tamperproof and ensures that the signatures cannot be copied and pasted. It’s important to note that a single tamper seal only validates the document, not the signatures. Look for an e-signatures solution that has the ability to reproduce every step in the process; this demonstrates compliance with all legal and regulatory requirements. e-SignLive records the entire document review and signing process from start to finish including the actual web pages and documents that were displayed, how long customers spent on each page, all actions they took, IP address, and much more.
A Detailed Audit Trail and a Simple Verification Process
All electronic signatures, time stamping and audit trails should be embedded directly within the document rather than stored separately in the cloud or ‘logically’ associated in a vault or proprietary database. Not only is this a more secure option, it is also easier to manage. Finally, make sure the verification process is simple. If it is too complicated, users may wrongly assume that the document and signatures are valid, without proper verification. Solutions that have a one-click signature and document verification are best.
Before selecting a vendor, research the company that hosts the e-signature service to understand their security practices, certifications, track record and the frequency of their security audits. For example, e-SignLive partners with Amazon Web Services (AWS) and IBM Cloud, both market leaders for cloud infrastructure as a service. In addition, e-SignLive has attained a Service Organization Control (SOC) 2 attestation, which is the highest standard for cloud security and data protection. Having successfully completed this attestation gives customers the peace of mind that the e-signature service is secure and protected against data breaches thanks to the strictest of controls.
Remember: Take a Broad View of Security
When looking to implement an e-signature solution, it is important to take a broad view of security, starting with methods for signer identification and authentication and ending at the ability to access and verify signed documents, even years down the road, without documents and their audit trails being tied to a particular vendor.
It’s also important to balance security concerns with the usability of the solution, as over engineering security requirements can negatively affect usability and adoption. Taking a broad view of e-signature security ensures your organization stays secure and legally protected in the event of a dispute at any point.