MENU
GET LISTED
GET LISTED
SHOW ALLPOPULAR CATEGORIES

Top 2022 Trends in E-Signature Technology

Electronic signatures have been rapidly gaining adoption in recent years with major regulatory agencies and governments around the world. The e-signature technology itself has matured and evolved to facilitate the changing regulatory and business landscape. What has changed recently and how does it affect your choice of electronic signature providers? 

The most important changes in the past decade have been the adoption of electronic signature laws in many geographies, making it easier for you to know what is needed to ensure that electronic signatures are legal. More recently the COVID-19 pandemic of 2020 has led many government and regulatory agencies to allow the use of electronic signatures for transactions that previously required paper and ink signatures. In the US for instance, the Federal Reserve Bank, the Securities and Exchange Commission (SEC), and the Internal Revenue Service (IRS) have all released electronic signature guidance that enables more forms, documents, and transactions than ever before to use electronic signatures. The Canada Revenue Agency (CRA) has released similar measures.

 The impact of these changes for you is that certain technology capabilities have become more important to keep your e-signature solution compliant and future proof. We review some of the key changes, with a focus on advanced identity verification and biometric signature options. Both these are crucial to consider because more electronic signatures are happening remotely (all signing parties are not physically present in the same location and identity documents are not being verified in person).

Biometric Signatures

It is important that all parties involved in the electronic signature transaction feel secure and confident about executing the signature electronically. Biometric signatures help with that. A biometric signature is based on a person’s unique characteristics such as their handwriting or fingerprints.  

Handwritten Biometric E-Signatures 

Handwriting has been trusted for signatures for a long time and is known to be difficult to fake in the normal course of business transactions, even when not using electronic signatures. Biometric signatures help assure the signing party that no one else can sign in their place without their knowledge. The other parties in the transaction can also be confident that once signed, the signer cannot back out of their signature since the signature is easy to associate with that specific signer.

The most well-regarded electronic biometric signatures are hand-drawn ones as they most closely resemble the handwriting process, especially those drawn using a touch screen or stylus device. Drawing using a mouse is not as natural and techniques to detect faking are less developed. Even though typed signatures do have some biometric characteristics, such as typing cadence, they look the same if typed by one person or another and do not instill the same level of confidence.

 In the past, such biometric hand-drawn signatures required either a touch screen or a stylus device. A business that frequently engages in e-signature transactions can provide such devices at their own site but for remotely signed documents, it is difficult to assume that all signing parties would have either a touch screen or a stylus on their computer. Even the very latest computers, including mobile and high-end ones such as the Pro version the Apple MacBook, do not have a touch screen.

One of the latest innovations in electronic signature technology lets you draw your signature using your phone while signing a document on your computer. You review and fill in the document to sign on your computer, but when you need to sign, you are shown a QR code to scan with your phone. Scanning the QR code establishes a secure connection between your phone and your computer automatically. You then draw on the phone screen. To make it really easy, the signature appears live on your computer as you draw on the phone. 

This innovative capability is already available on Encyro E-Sign and may become available on other products in the future.

Fingerprint Based E-Signature

Biometric signatures can also use fingerprints. Of course, this requires using fingerprint readers, and such readers are commonly being embedded in smartphones for unlocking the screen without typing a code. However, the drawback is that the fingerprint readers found on smartphones use a two-dimensional scan of the print and those are easy to fake using what are called master-key prints (artificial fingerprints designed to match any person’s fingerprints). More sophisticated fingerprint readers that use three-dimensional scanning are resilient to such master-key prints. While such specialized equipment may be provisioned for on-site e-signatures, it is usually not practical to assume that all signing parties have access to it when signatures are executed remotely.

Advanced Identity Checks

Almost all regulations require unique identifiers to be associated with a signer to establish their identity, especially when the signature happens remotely. This is important to ensure that the correct person has signed, and they cannot back out of their signature by claiming someone else signed it. Identity may be established using several methods, and the newer e-signature technologies offer the choice of multiple such methods:

  • Email Access: The most common way to identify the signer is their email address. A link is sent to their specific email address and used to start the signature process. This helps ensure that the person with access to that email inbox is the one signing the document. Indeed, if email data has been breached, either over the network, or when stored on any of the user’s devices, this identity check is compromised. Since email is often synchronized to mobile devices including laptops and smartphones, and device theft is one of the leading causes of data breaches, this identity check is not considered to be the strongest. It is however among the oldest and often the only identity check supported by many older e-sign services, in their lower-cost plans.
  • Passwords: Another way to establish the identity of the signer is to have them login using their password. This makes it resilient to email data breaches where e-signature invitation links from someone’s email inbox may be leaked. The password is something only the person using the login knows and is uniquely associated with them. The only drawback is that the person signing the document must first sign up for an account on the e-signature provider’s system. And to be certain that the login belongs to the correct person, some previous non-signature transactions must have occurred with that person using the same system. While this is hard to assume in systems dedicated to electronic signatures such as DocuSign and SignNow, this can be a good option when using an e-signature system that is also used for other transactions. For instance, when using Encyro E-Sign, the user may have previously used their Encyro account to share files or messages and that prior transaction helps establish the identity of the user.
  • One Time Password (OTP) by Text Message: Many e-signature providers offer you to add the signer’s phone number so that the signer must receive a secret code by a text message and then enter that before they can sign. This is useful from a signer identity standpoint because now in addition to their email (and possibly a password), their mobile phone number is also associated with the transaction. In most geographies, obtaining a mobile phone does involve at least some degree of an identity check, and at the time of signing, receiving the text message requires physical possession of the phone. As a result, some authorities, such as the US Food and Drug Administration (FDA) specifically require the use of at multiple identity checks, typically interpreted as two-step verification (a.k.a MFA) via the use of such a secret code. The price of this feature can vary greatly among various e-signature service providers.
  • Credit report checks: Another option to establish the signer’s identity in certain countries is to ask the signer to answer questions based on their credit report. The questions typically include the person having to recognize some addresses they lived at several years ago, some loan or credit line they have or have had in the past, or other such information expected to be known only to that person. The key drawback of this approach is that these questions are hard to answer and often the genuine signer will get them wrong. Another drawback is that the use of such checks in the e-signature process incurs a high cost for the person requesting the signature. It has been argued that the use of this option is no longer secure because over 140 million credit reports were recently stolen from EquiFax and other such data breaches are under investigation. Indeed, the US National Institute of Standards and Technology specifically recommends not to base authentication on types of data that may be available on the black market (NIST Publication 800-63).
  • Identity proofing with documents: Another new approach that is emerging is the use of remote identity proofing, initially developed for the new Know Your Customer (KYC) requirements placed on financial institutions. This is an emerging technology that asks the user to first take a selfie using their cellphone and then take pictures of their government-issued identity documents such as a driver’s license or passport. The technology includes liveness checks that ensure that an actual person is in the selfie and the camera is not pointed at a photo of the intended person. This technology is becoming available on some e-sign providers such as DocuSign.  While the costs are currently high and the identity check is not instantaneous, it can be very secure since it establishes the identity using government-issued identity documents.

What does this mean for you?

As the number of electronic signature products has grown, so has the variety of features and tools offered. The exact set of features needed may depend on the nature of your workflow and organization needs but two things must be ensured for all transactions: the correct person has signed, and that the e-signature transaction meets legal requirements. For this reason, it is crucial that you select an e-signature technology that offers the required technology capabilities for meeting both those requirements. Always check at least the following aspects during your selection.

  • Identity verification: Does the product you are considering offer signer identity options such as password-based logins and one-time passwords (OTP) or access codes by text message? These will let you associate the e-signature with the correct person and prevent any repudiation attempts. Some electronic signature products such as DocuSign and SignNow only offer these features in their enterprise plans at a high monthly cost, while others such as Encyro E-Sign include these in their lower-tier plans as well. In addition to having the option, there is almost always an extra cost to sending out the OTP via text message. These costs also vary greatly among providers and it’s best to check before you purchase.   
  • Biometric hand-drawn signatures: Check if the e-sign platform lets you disable signatures created by typing or uploading a picture. Some electronic signature services, such as Encyro E-Sign go a step further and also let you dis-allow mouse-drawn signatures where needed, requiring the signer to either sign the document on a touch screen device or use their secure QR code scan to draw on the phone screen.
  • Audit trails: These are an integral part of making an electronic signature legal. You must ensure that all your workflows that utilize electronic signatures do have audit trails available for signature authenticity. The easiest option is to include the audit trails in every signed document, so you do not have to depend on any external system. While this may seem obvious, the reality is that some services such as PandaDoc do not even offer audit trails in their free plan. Others restrict access to only the sender with an active paid account with the provider, and some such as DocuSign may split the audit trails data into a separate document to be downloaded and tracked. Make sure that you select a product that lets you include the required audit trails within the e-signed document, so the copies saved outside the service provider’s account are fully self-contained and can be used even if you cancel your account in the future. Adobe Sign offers this feature if you configure it correctly.  Encyro E-Sign offers this by default.
Jenny Chang

By Jenny Chang

Jenny Chang is a senior writer specializing in SaaS and B2B software solutions. Her decision to focus on these two industries was spurred by their explosive growth in the last decade, much of it she attributes to the emergence of disruptive technologies and the quick adoption by businesses that were quick to recognize their values to their organizations. She has covered all the major developments in SaaS and B2B software solutions, from the introduction of massive ERPs to small business platforms to help startups on their way to success.

Leave a comment!

Add your comment below.

Be nice. Keep it clean. Stay on topic. No spam.

TOP

Why is FinancesOnline free? Why is FinancesOnline free?

FinancesOnline is available for free for all business professionals interested in an efficient way to find top-notch SaaS solutions. We are able to keep our service free of charge thanks to cooperation with some of the vendors, who are willing to pay us for traffic and sales opportunities provided by our website. Please note, that FinancesOnline lists all vendors, we’re not limited only to the ones that pay us, and all software providers have an equal opportunity to get featured in our rankings and comparisons, win awards, gather user reviews, all in our effort to give you reliable advice that will enable you to make well-informed purchase decisions.