Forrester Has it Right: Authentication is Key to Adoption

Jeannine Mulliner, December 17, 2014
Esignature Authentication

When an e-signature champion steps up to convince decision makers to fund an e-signature project, they are often putting their reputation – and in some cases, their career – on the line. Naturally, one of their biggest concerns is adoption. They typically ask us:

  • How do organizations like U.S. Bank get adoption rates in the 80 - 90% range?
  • How long does that take?
  • What do we need to do in our digital process, to achieve the same results?

E-signature adoption is always on my radar, so when Forrester analyst Craig Le Clair published E-Signatures – A Few Simple Best Practices Drive Adoption earlier this month, the first thing I noticed was how often he mentions authentication. Authentication is THE topic early on in the evaluation stage.

In his report, Craig shares five best practices for e-signature adoption. Three of them touch on authentication.

User Authentication for E-Signatures

Learn how to select the right authentication methods to prove who signed.

Read the white paper
  1. Focus on customer experience to drive adoption. "Adoption will depend on the customer experience provided and the key step is authentication. Overly complex processes lower adoption significantly."

We couldn’t agree more. At Silanis, the advice we give customers is: balance security against ease of use. Do a risk analysis so you don’t create something that is so secure it becomes hard to use. A good way to avoid over-engineering authentication is to recognize that your business processes (whether paper or electronic) already have many safeguards in place. For example, a credit check is done on loan applicants before funds are disbursed. Carry over thesecurity that is already built into your processes and it will help you achieve the ease-of-use customers expect in the online world.

  1. Offer the business a variety of e-signature approaches. "…consider two approaches: One for new customers – perhaps targeted at millennials, i.e., with two-way SMS authentication using a smartphone – and a second one using the existing PIN authentication for existing customers."

Throughout the report, Craig emphasizes the need for options. Clearly, an e-signature solution that supports a wide range of authentication choices will make it easier for business process architects to optimize the signing experience for new and existing customers, since these will be two different authentication experiences. Those options should include leveraging existing credentials, integration to third party ID verification services, random password generation via SMS text or any combination of these, as shown in this infographic.

In a recent white paper on authentication for e-signature transactions, we recommend looking for the following in an e-signature solution:

  • Email authentication
  • One-time password sent by SMS text or email
  • Static KBA (AKA shared secrets or secret question challenge)
  • Dynamic KBA
  • Single sign on (SSO) where e-signatures are embedded within the authenticated web session
  • Digital certificates
  • Smartcards
  • Username/password credentials
  • Ability to upload a photo of the signer’s ID (e.g., driver’s license) or enable field agents to sign an affidavit confirming they verified the customer’s ID
  • Ability to capture a hand-scripted signature on a tablet (this is the closest thing to wet ink)

And finally:

  1. Use knowledge-based authentication as a key approach. "There is a recurring battle between risk and customer experience, and we expect customer experience – at least in the US – will win."

There are two kinds of knowledge-based authentication (KBA): static and dynamic. Static KBA provides a usable, reliable and cost-effective way to authenticate existing customers, while dynamic KBA is used to authenticate new customers. Dynamic KBA harvests public records, credit reports and other sources to ask out-of-wallet questions on the fly. "Out-of-wallet" is information that wouldn’t typically be in someone’s wallet, social media site or even a utility bill, making it difficult to impersonate that individual.

To learn more about KBA for e-signatures, watch a webcast on User Authentication Best Practices for E-Signature Transactions. This on-demand webcast features expert advice from Equifax on dynamic KBA as a strong tool for authenticating new customers, especially for online account openings. 

For 20 years, Jeannine has been writing about technology and how to apply it to solve everyday challenges. In her role as Content Director at OneSpan, Jeannine leads a team of writers and content developers focused on helping financial institutions and other organizations gain value from security