It’s not about signing; it’s about the use case

In this two-part blog series we provide an overview of the problems around digitization, specifically on the challenges with remote signatures and some of the options available to limit the risks of fraud and increase confidence in your signing process.

The move to electronic signatures over pen-and-paper ones did not start with the COVID-19 pandemic – in fact, most of today’s laws regulating the use of electronic signatures were published in the early 2000s to facilitate the growing needs of online commerce.

But, it’s fair to say that the pandemic did represent an important transition in the world of digitization and electronic signing: Within the last two years, electronic signatures went from a “nice to have” – and organizations who deployed them were considered innovative – to a must-have that’s here to stay. Electronic signature solutions provide so much more traceability and efficiency than the traditional pen-and-paper version that there is little chance you would think about reverting to print & sign.

What you may be wondering, however, is how to digitize the rest of your signature and other approval processes that still rely on in-person, face-to-face interactions. These processes are typically high-value and considered critical to a business; you may be reluctant to digitize them over fear that using a remote signature would increase risks of fraud, impersonation, document repudiation, nullification, etc.

Signatures are evidence of intent, consent… and identity

The admissibility of an electronic signature very much depends on the law(s) and regulation(s) that apply to your organization, and your local attorney will be best positioned to advise you on the specific requirements for your signatures.

Some industries are good at providing frameworks to enable remote business while mitigating the risk of fraud. For example, the banking sector is known for its strong regulations and standards for identity verification (i.e., Anti-Money Laundering, Know-Your-Customer, etc.) and these can easily be reused as part of a signing process.

But your organization’s industry may not have come up with such standards yet. If you are looking for solutions to ensure that your signatories are properly identified before they sign your documents remotely to limit your risks, there are several options for you to consider – and for which Entrust can help:

  • ID or passport checking software/service
  • Identity verification services from a publicly trusted certification authority (CA) – or a qualified trust service provider (QTSP) in the European Union
  • Private or national eID schemes

Therefore a good first step toward the digitization of your business-critical processes is to work out which of these options would be suitable for your organization from a security, legal, and compliance point of view. Definitions and requirements for electronic signatures vary across countries and states; this is why electronic signature requirements should always be discussed on a case-by-case basis with your legal department and/or an attorney.

Software and services related to identity verification are ideal when you are looking to fully own and control the process. However, not all solutions in the market are designed to be used as part of a remote signing process, so it’s important to pick the solution adapted to your specific use case(s).

Perhaps the most widely used option for remote electronic signatures that provide strong evidence of the signatory’s identity and consent to sign, is to work with public CAs (and QTSPs if you are in the European Union). These authorities specialize in verifying identities of organizations and people as part of a signing process. The verified identity details are issued in special credentials called digital certificates, which can in turn can be used to generate digital signatures.

Finally, eID schemes are becoming more and more prominent, especially in the European Union thanks to the eIDAS Regulation, but remain limited to certain industries or countries. In the second part of this blog series, we will provide further insights into digital signatures and eID schemes, but you can already check out our Digital Signing 101 infographic, and learn more about our signing-related solutions here:

Taking it further: Watch our latest webinar on document signing problematics and solutions