Securing Multi-party Signatures for Audit Purposes

Rahim Kaba, May 20, 2015

The majority of business transactions in the digital domain are conducted remotely over the web. Many involve multiple participants, with various sections of a form or contract requiring each signing party to complete their respective data fields and apply a signature. When it comes to securing multiple signatures in a document, there’s a fundamental difference among e-signature vendors. While it may seem subtle, this is not something you want to discover during an audit.

But first, let’s review some background information.

The term "e-signature" is often confused with "digital signature". An e-signature is a legal concept. It is about having a lasting record of someone’s intent. Digital signature refers to the security technology used in a number of e-business and e-commerce applications, including e-signatures. It’s important that your electronic signature application use digital signatures because they:

  • Tamper-seal the document
  • Guarantee the authenticity of the e-signed document, audit trail and evidence
  • Prevent e-signatures from being copied into other documents
Security and Trust

Electronic Signature Security and Trust

Build digital trust through security, authentication, verification and reliability

Download Now

While most e-signature solutions rely on digital signatures, a common concern our customers have is the way in which the digital signature is applied during a multi-signer process. Vendors such as DocuSign take what is known as the "envelope" approach. This is where the digital signature is applied only after all parties have signed – rather than locking down the document each time someone signs it.

Applying a digital signature as an envelope to a document once all signatures have been captured is not a recommended practice. This approach leaves the document and signatures unprotected while the process is being completed and results in the wrong date and time stamp being place on individual signatures. If a signer and co-signer e-sign a contract on different days, you want that history reflected in the audit trail. The best practice is to instead apply a digital signature as each participant e-signs, to build a comprehensive audit trail.

At e-SignLive, we believe it is more secure to digitally sign the document’s contents each time someone new signs. This creates a distinct tamper-seal for each signer to ensure the audit trail is accurate and that there is no confusion as to who signed, in what order and when. This approach also ensures that if a change is made to the document between signers, it will be detected.

To learn more about e-SignLive’s evidence and security features, follow what actual users are saying on business software review sites like G2 Crowd:

  • "I have tried Docusign and others and find that e-SignLive is the most friendly for multi-party signatures, certainly the most secure as it embeds the signature using Adobe encryption." Greg R., Sr. VP of Technology at CallTower
  • "I love the audit trail that is available with every collected signature." Administrator in Financial Services
  • "Make sure you look under the hood when comparing vendors. Some vendors claim their product is easy to use, secure and complete. When you dig deeper, you will see that Silanis is the only "Industrial Strength" - "Prove it in court" solution." Executive sponsor in Computer Software

To learn more about the importance of locking down individual signatures, we recommend this white paper: Security for E-Signatures & E-Transactions: What to Look for in a Vendor.

Rahim Kaba is a passionate and results-driven digital technology leader who has played a key role in advancing digitization initiatives at organizations around the world. As VP Product Marketing at OneSpan, he leads the go-to-market strategy of the company's growing portfolio of solutions.