Submitted by adewunmi@signte... on Wed, 02/06/2021 - 12:53
SignTech Safe eSignatures

Are eSignatures Safe?  This is a question we get asked over and over again. The simple answer is Yes, electronic signatures are safe.  In this post, we’ll cover why an eSignature is more secure than a wet signature, we will explain how e-signatures work and talk about some of the key  features that help keep them safe.

eSignatures are safer than wet signatures

People commonly ask if their digital e-Signatures can be forged, duplicated or used without their knowledge. The truth is that it is easier to forge or duplicate a wet signature moreso than en electronic signature.  E-Signatures have many layers of security and authentication built into them as well as legal proof of transaction.  However, the SignTech e-Signature soltuion goes a step further than the rest as you cannot simply apply an existing image of a pre-uploaded signature.  With the SignTech eSignature solution you always have to sign the digital document everytime you complete a new template, form, document or contract.

Digital Electronic Records

The SignTech eSignature solution comes with an electronic record that is used as an audit trail to provide proof of the transaction or process that the user has gone through.  This includes a hostorical log of all the actions taken with the document and business workflow process, including informaiton on when it was accessed by each user, their device used etc.  Furthermore, depending on the permissions agreed to by the signer information on their geolocation and IP address can be stored.  

Tamper-proof sealing 

Once the process of signing, routing a digital form is complete, all documents are sealed and stored digtially using Public Key Infrastructure (PKI).  This indicates the documents are valid and have not been tampered with since the date of signing. 

How the SignTech Paperless Digital eSignature Process works

The SignTech eSignature platform allows you to create a standard process once and use it many times.  Or simply upload a document to signed as a one-off.

Upload your document/template

  • First think you need to do is upload your document or template and decide who you want to complete it.  If your document is part of a workflow process that involves many people then you decide how many people you want to complete.  You can also create your template even if you do know the email addresses of the people you want to complete the form at the time.  This is done by using a unique SignTech exclusive feature called ‘Set by Recipient’ or ‘Set by Admin’.
  • Next you simply tag the information required, e.g. Name, Signature, Address, Phone number etc.

Sending

  • Once you have created the template simply send a link to the template to your desired signers by email or text.  
  • Note that you can also embed the form or document into your website so it can be a seamless part of your business process.

Signing or completing a workflow form/document

  • You will receive an email notification, text message, WhatsApp or other communication method to review, complete and sign a document
  • You will receive an email with a secure code or you may need to login (if the sender requests that option) 
  • Preview the document and complete any necessary fields, including attaching any additional required documents, images, files etc (of any format)
  • Sign the document with your finger or stylus (note that some senders can request more secure authentication such as biometric, finger print, facial recognition etc. if your device allows it)

Once all participants have signed the document everyone receives a copy of the signed document by email and it is stored centrally by the requestor or the company that has asked for the document to be signed.

Methods of verifying signer identity

The SignTech eSignature solution allows for a number of identity verification situations, depending on the owning company’s requirements and preference.  Note that SignTech Paperless Solutions can customise and integrate with any Identity Verification authority you require for your specific use case.

Below are the standard forms of eSignature identification verification processes we provide:

  • Email address: Signers that are part of a registered organisation will have already been authenticated by email in order to sign specific forms.  They will have to login to one of the SignTech Paperless mobile apps (freely available on iOS and Android platforms).  This will be with the same email address that will be used for the invitation.  Note that where a signer is part of a standard business workflow, this will all be automated.
  • Access code: at SignTech Paperless Solutions, we do not force signers to have an account in order to use our eSignature platform. In this case the signers will be sent a unique link to the form or document they need to sign.  They will be authenticated by a One-Time-Passcode (OTP) that will be sent to them separately.  the sender supplies a one-time passcode that signers must enter
  • Biometric: for highly secure processes some organisations my invoke the biometric security on their user’s devices.  This can include a fingerprint, facial recognition, iris scan etc.
  • Other: SignTech Paperless Solutions can work with other advanced digital eSignature security protocols as required by your particular use case.  Feel free to contact us to discuss your needs and requirements.

The importance of a security-first approach to e-signatures

The SignTech Paperless eSignature and workflow platform uses both Google Cloud and Amazon Web Services (AWS) technologies.  They provide very good physical and platform security along with the highest standards of certification ensuring all eomployess and partners follow excellent privacy and security best practices.

These include:

Physical security

  • Geo-dispersed data centers with active and redundant systems and physical and logically separated networks
  • Commercial-grade firewalls and border routers to detect IP-based and denial-of -service attacks
  • Malware protection
  • Secure, near real-time data replication
  • Around-the-clock onsite security
  • Strict physical access control with monitored video surveillance

Platform security

  • Data encryption in transit and at rest with TLS connections and AES 256-bit encryption
  • Data access and transfer via HTTPS
  • Use of Security Assertion Markup Language (SAML), giving users the latest capabilities for Web-based authentication and authorization
  • PKI tamper-evident seal
  • Certificate of completion
  • Signature verification and unalterable capture of signing actions and completion status
  • Multiple authentication options for signers

In conclusion digitan eSignatures are very safe.  In fact, much safer than wet signatures on paper. If you have any questions or queries please contact expert@signtechforms.com and we will be happy to help.