Digital Onboarding: How to Remotely Authenticate New Clients

Michael Pupil,

Digital onboarding & authentication highlights from wealth management conference In|Vest 2017, based on my experience as a presenter and SaaS vendor

As a sales manager, I love to challenge prospective customers with a new way of thinking about a topic. I speak to banks and fiserv companies every day about e-signatures and how to go digital and mobile with their customer transactions. The same questions tend to come up over and over, but last week at In|Vest 2017, a wealth manager asked me a question about authentication that is worth sharing.

eSignLive and Appway Presentation

In|Vest is the wealth management industry’s leading FinTech event. Earlier this month, I was honored to co-present there alongside Glen Bolstad, NA General Manager at Appway.

Appway and eSignLive have a strong partnership. Our solutions are integrated and work together to enable fully digital onboarding. For the last few years, we’ve seen a noticeable increase in e-signature adoption in wealth management, where the primary use case for e-signature is digital onboarding.

appway esignlive

From left: Amruta Dongre (Appway), Glen Bolstad (Appway), Michael Pupil (eSignLive) at In|Vest 2017[/caption]

At In|Vest, we spoke about how clients expect a digital onboarding experience that is seamless and tailored to meet their needs. At the event, the interest in a digital and mobile onboarding process – complete with e-signatures – was easy to see. The room was full and there were plenty of questions.

But wealth managers are just not moving to digital fast enough.

The good news is that, "Rapid onboarding for new clients is a top priority for wealth in 2017 and digitization will replace the use of paper forms and wet ink signatures," according to analyst firm CEB.

In fact, "By 2020, 51% of wealth executives plan to adopt new e-signature technology, or replace their current e-signature solution." By the way, eSignLive is offering a complimentary copy of this CEB report.

E-Signature Authentication

One of the most popular questions during our presentation was on authentication. An attendee asked:

"What’s the best way to authenticate millennials online, specifically those who have almost no electronic presence?"

According to a study from ID Analytics, 33% of millennials have no credit history.[1]

Identity Proofing is Step #1

The first step is identity proofing. First you need to confirm that Jane is who she says she is, before you can authenticate her online.

One of the most reliable ways to confirm a new client’s identity (in a remote onboarding scenario) is to use Dynamic Knowledge Based Authentication. Dynamic KBA provides a high degree of assurance that a new and otherwise unknown client is who they say they are. With dynamic KBA authentication, questions are compiled from public and private data such as marketing data, credit reports or transaction history.

To start, basic identification factors (name, address, date of birth) must be provided by the client. These are checked against a third-party service, such as Equifax. Then out-of-wallet questions are generated in real-time, making it difficult for anyone other than the actual user to answer correctly. "Out-of-wallet" information is something that wouldn’t typically be held in someone’s wallet, social media site or even a utility bill, making it more difficult to impersonate that individual. For example, questions about previous addresses, like:

Which of the following streets have you NEVER lived on?

According to LexisNexis, "Dynamic KBA can be made more effective because of the depth and breadth of questions which reference both current and historical information. The data used to generate these questions should include sources that are generated through non-traditional or ‘alternative’ data in order to capture customers who may not have traditional credit profiles. […] These data sources need to take into account populations that may not have typical credit profiles, referred to as thin credit customers, such as those in younger demographics.

User Identity Verification and Authentication
White Paper

User Authentication for E‑Signatures

Learn how to create a trusted digital transaction by implementing the right user identification and authentication method.

Download Now

I asked attendees to think about what they are already doing today. How do they authenticate new clients – especially those with no electronic presence – through their call center or by mail?

At this point, our In|Vest presentation really took off.

For the initial onboarding, many still require a face-to-face meeting where the client uses a piece of government-issued photo ID to prove their identity. Either the wealth manager travels to the client, or the client travels to the wealth manager’s office.

If you are asking prospective clients to fax or mail in a copy of their driver’s license, you can get them to take a photo with their smartphone and upload that instead.

We also heard some very interesting alternative identity verification methods that firms have adopted. The first place ribbon for creative solutions goes to the age of the email address the prospective client is using. This is not an authentication model we would recommend you use, but I will say it was creative.

Authentication is Step #2


Once a client’s identity is confirmed, they are typically given credentials such as a username and password to facilitate future transactions. User authentication is the process of verifying credentials, prior to giving access to a system – in this case, the e-signing ceremony.

When using eSignLive, you have a few options for authenticating remote clients, but I recommend SMS PIN. It’s easy to use and we are all familiar with texting. eSignLive generates a unique PIN and sends it to the customer’s cell phone. The signer types it into a browser to authenticate. Email authentication, combined with SMS PIN, provides a reliable two-factor authentication process. And unlike DocuSign, there is no additional charge for SMS authentication with eSignLive.

To learn more about authentication, download the User Authentication for E-Signature Transactions white paper.