The Urgent Need for Trusted Digital Signatures in Europe
COVID-19 has inevitably brought a lot of change to the way consumers behave and consume financial services. With more consumers purchasing and interacting digitally, now is the time for businesses to offer better digital experiences. Digital and electronic signatures are one example of technology that is enabling digital transformation across a wide span of business cases.
In a recent webinar, The Urgent Need For Trusted Digital Signatures in Europe, I chatted with Enza Iannopollo, Senior Analyst at Forrester, about how digital signatures, e-signatures, and digital identity verification enable digital transformation. Specifically, the digital transformation of business processes that require a legally binding agreement between parties and the importance of digital identity verification in today’s remote-first world. Here are the highlights.
Digital Trends among European Consumers
Digital transformation is a priority for businesses looking to differentiate. The dramatic shift to digital over the last year can make it easy for businesses to get swept up in the latest trends. However, when considering digital strategy, financial institutions will find the greatest success by focusing on consumer behaviors that are here to stay beyond the pandemic.
To provide a snapshot of how consumers’ digital banking habits have changed, Enza Iannopollo shared 2021 market research data for the UK, France, Spain and Italy. In the current COVID-19 context, many sensitive banking operations have moved online. In the UK, 80% of respondents confirmed they have applied online for new accounts. In Spain, just over half of respondents have done so.
Even the more complex financial processes such as mortgage applications have seen a boost in digital adoption. More than one-quarter of respondents in Italy (27%) confirmed they had applied online using a smartphone, tablet, or desktop computer in the last 12 months. That increased to 36% in Spain, 39% in France, and 58% in the UK.
As a result, European companies are reshaping their priorities to respond to customers’ demands, where they need it, when they need it. Businesses are bolstering innovation efforts through key actions, such as improving their understanding of customer needs, investing in emerging technology to drive innovation, and improving collaboration with partners.
The Time for Digital Signatures is Now
Transferring manual transactions into digital experiences is an essential aspect of digital transformation. At the core of many financial interactions are signatures. The use of electronic signatures applies to many processes, such as account opening agreements, mortgage applications, life insurance beneficiary designations, data processing consent forms, and any of the myriad of financial forms and documents that require signature.
Electronic signing can be used for a broad range of transactions and activities, both internally and externally. However, going digital with signatures requires more than simply acquiring the technology to execute signed agreements. Depending on the use case, there may be different security compliance and identity considerations that need to be taken into account.
Establishing a Trusted Digital Identity for Signers
Because e-signature transactions involve remote signatories – sometimes people who the bank has no relationship with and has never met – we are often asked about identity verification and authentication. How can you really know who you’re transacting with?
For the purpose of enforceability and compliance, organizations need to take steps to identify and authenticate signers. There are many different ways to identify remote signers and the choice of identification method will depend on the risk profile of the process.
Depending on the workflow, identity verification can happen at different points in the e-signature process. By default, this typically happens before offering access to documents, because you wouldn’t want to show one’s mortgage documents, for example, to the wrong person. But it can also take place a second time at the point where the signer is ready to apply their signature to the document(s). Some European organizations need the added security of both identity verification steps.
Step 1: Before giving access to the documents
There are many identity-proofing options available when it comes to verifying the identity of signers. One of the more popular ways to do this is using government-issued photo ID. The technology to remotely verify the authenticity of an identity document (e.g. driver’s license, passport, ID card) is known as digital identity verification.
A digital identity verification solution such as OneSpan Identity Verification uses artificial intelligence (AI), machine learning and authenticity algorithms to analyze the image the customer has uploaded of their ID document (driver’s license, passport, or ID card). This produces an authenticity score to determine if the ID document is fraudulent or genuine.
The ability to prove that a user is physically present during remote account opening is another critical component in the fight against identity fraud. Best practice is to leverage facial comparison capabilities to extract biometric indicators from the selfie and compare that against the image in an authenticated ID document. Facial comparison extracts facial biometric data from a selfie and compares that data against the applicant's authenticated ID document to validate whether they are who they claim to be.
Step 2: At the point of signing
Some processes require a higher level of authentication, which comes in as the second verification step. The best practice for verifying the identity of signers when they are ready to apply their signature, is to use personal digital certificates (also referred to as identity certificates) issued by a qualified trust service provider such as itsme, Asseco, TrustPro, Swisscom or others. The certificate can be stored locally on a smart card, token, or European ID – or it can be stored in the cloud.
Advanced and Qualified E-Signatures can both use certificate-based IDs. As a personal certificate, it is unique to the individual who is signing and under their sole control. E-Signature solutions like OneSpan Sign can leverage this type of certificate to apply an electronic signature.
What Type of Signature to Use?
In the European Union, organizations often wonder what types of e-signature they should be using: the Advanced Electronic Signature (AES) or the Qualified Electronic Signature (QES), which involves the use of a qualified certificate. However, businesses should consider two important items:
- Does the law require specific types of electronic signatures? Depending on the transaction, the eIDAS regulation (Electronic Identification and Trust Services for Electronic Transactions) may require a Simple, Advanced, or Qualified eSignature. This can render the decision fairly straightforward. Learn the facts about e-signature laws and regulations around the world in this free online legality resource.
- Balance the trade-offs. Do you want to optimize for efficiency and the customer experience or are you dealing with a high-risk interaction that justifies additional friction in the process?
Finally, financial institutions should also seek a solution that provides a comprehensive audit trail. Having a single, unified audit trail of the electronic identification, authentication, e-signature, and esign events can offer a complete picture of the transaction, with strong identity assurance to demonstrate compliance.
One of the biggest challenges for organizations adopting a fully digital process is balancing customer experience and security. A poor customer experience can often affect the adoption rates of electronic signatures. Look for a full-service electronic and digital signature platform that offers flexibility to create the necessary security safeguards to build digital trust, while meeting consumer demands for a seamless digital experience.