How e-signatures are changing the commercial world [Q&A]
The idea of electronic signatures has been around for a while, but their importance has been highlighted by recent changes brought about by the COVID-19 pandemic, meaning signing documents in person may be difficult.
We spoke to Sameer Hajarnis, practice lead for e-signature at digital fraud prevention specialist OneSpan to find out more about adopting e-signatures in the current business landscape, what businesses need to look for and how these technologies can securely enable efficiencies, improve processes, ensure legal compliance and deliver an improved customer experience.
BN: Are there any particular standards for e-signatures that businesses need to adhere to?
SH: The legal and regulatory requirements for e-signatures vary globally and to certain extent by use case as well. At one end of the spectrum some countries have implemented regulations which are extremely prescriptive and tell you what type of identity proofing you need to do, what is the level of assurance required for that, what type of authentication requirements you need and what kind of cryptography.
On the other hand we have seen common law countries like the US, Canada and the UK are quite permissive in the sense that they allow you to run it, the law basically says you've got to be able to show consent, you've been able to show intent on the signature and then capture the evidence for it.
There are also specifics that each industry has. In the US for example there's an $800 billion aid package for small businesses and this is backed by the Small Business Administration, the SBA has its own checklist and requirements of for lenders if they want to comply with e-signatures.
BN: How easy is it for enterprises to tie e-signatures into their existing back office systems?
SH: From an implementation perspective, at vendors like OneSpan we've really simplified this. We've done the regulatory framework requirements, we've created products which comply with the standards, and then what we make available to our customers is a cloud based service. With a few clicks and a few simple API calls, any customer today could embed this into their applications, so they can use standard RESTful API calls used by most SAS vendors today.
At the back end there is obviously a system of record, once a transaction is completed at the front end you push it to the system of record, whichever platforms you use to store these documents on from a compliance perspective. We've created connectors to these third-party cloud application vendors, whether it's Salesforce or Microsoft SharePoint, all of these components have connections available where a user who's using those platforms with a click of a button can send the documents for signing.
BN: So it doesn't really matter then what format the signature is in whether it's a fingerprint or squiggle on a touchpad or something else?
SH: That's right, it's something that you can ask as the sender, so that if I'm sending this to somebody and I want it to be signed in a certain way, or if I'm sending it to somebody else and I want them to just to pick the signature, you can define that as the sender.
BN: What are the big advantages of e-signatures for businesses?
SH: What's really driving this is customer experience. How do I get more and more of my business to the online and mobile channels? Both from a customer acquisition perspective and in the onboarding applications that come through, or even from an ongoing maintenance perspective customer experience is the biggest driver.
The other thing is back office efficiencies, when you do a digital transaction it's going to ask you for the signature and it's not going to let you proceed if some required fields are not completed, so it really ensures that documents on good order and that signatures are clear and legible. This means you’re automating more of the process and you’re reducing costs.
For banks, financial services companies, insurance companies, governments and so on it makes it much easier ensure compliance with their regulatory frameworks.
BN: The big question everybody would want answered is, is it possible to forge an e-signature?
SH: That's a good question and we get asked that quite often. When you install the software you may be just clicking to sign something that perhaps doesn't really matter much -- like accepting a package. But when you're looking at a contract or financial agreement between two entities there are implications and you want to make sure of that, especially with multiple signatories involved. You want to make sure that the document that you signed hasn’t changed in between signing individuals, that the signature was not used by somebody else, and there are various ways we do this.
The first level is we use technology to tamper seal a document after every signer has signed or initialed a document. So instead of waiting for all three signatories we would have two digital signatures embedded in that audit trail and we are happy that we are sealing the document after every one. So, if it comes from me to you, you would know if the document was tampered with or changed between your and my signing signatures happening. What that does is bring trust in the signing process if you are signing off on a document, you know it is clean and is in line with what the intent was, so that's one way.
Besides that, we also capture an evidence trail or audit trail. That’s in case there's any regulatory questions or compliance questions that come up we can provide backup documentation.
We also help people meet their regulatory requirements. So if it's a simple use case in person at a branch when someone's coming in I can send them a document to just sign on their phone, I can just send it via email. If it's a remote transaction and I need a verification I can do a two factor authentication. If I want to take a photograph I could ask them for it at the time of signature, I could ask them for a document ID or government issued ID and verify against them taking a selfie. Sometimes you can do a third party bank ID check, where if I'm applying for a loan or something I could log into my bank as proof.
There are a host of options available for our customers to build these things together and provide assurance based on the requirements for a particular use case.