In a World of Deep Fakes, How to Bring Trust and Integrity Back

Matt Moynahan,

When I look around today, it’s hard to know what’s real anymore. Deep fakes, fake news, bots spreading that fake news, and those doctored videos. We’ve started to question the world we live in and our digital interactions in ways we didn’t before. Is the story I read on CNN about President Volodymyr Zelenskyy being in the hospital recently due to a serious health condition true? Am I signing a real contract, or is this a phishing scam? 

Five years ago, these were questions we wouldn’t have asked ourselves, but things have changed, and things are going to keep changing as we enter Web 3.0. Some could say this question of real-ness on the internet was brought to the forefront during the last U.S. Presidential Election when deep fakes and fake news plagued the country. Welcome to our new “normal”, and while it sort of bums me out, this is the lesser of my concerns. 

When e-signatures first entered the market years ago, the complex and time-consuming task of signing contracts, getting a loan, or applying for a mortgage was expedited, saving companies time and money, mobilizing workforces, and improving customer experience. This resulted in happier, more loyal customers – both great things for business. But something else began to happen that caught my attention years ago, and that is the erosion of trust and integrity in digital processes and interactions with digital customers. This is a real problem, and it is only going to get worse. 

DocuSign was the first to latch onto e-signatures in a big way, and certainly the industry got a big boost from the pandemic. A $5 billion market was created, and it became quick and easy for employees to sign a waiver confirming they’d read the latest company policy while working remote. Quick and easy for parents to sign a permission slip for next month’s field trip. Quick and easy for a new employee to sign their contract before their first day on the job. But as the world became more digitized, so did the nature and value of the agreements and contracts that were getting signed. We’re past signing permission slips and confirming we’ve read the latest company guidelines. Now in Web 3.0, high-value transactions are happening digitally and in massive volumes with more complicated cloud workflows. This is the perfect storm that has created a necessity for a more sophisticated approach to digital agreement security, something much bigger than what is offered by other e-signature companies.

As this market has grown and e-signatures became largely commoditized, as noted in Gartner’s recent Market Guide for Electronic Signatures, we’ve started to circle a more significant question – how can we ensure an interaction in today’s digital world is actually legitimate and real? It’s become effortless to sign a contract online, but how many of us are checking to ensure we are signing a real contract or sending real money to a real company to purchase a real product? Or how many companies actually confirm whether the person signing a contract is who they say they are? How do we really know whether the person you met for the first time in a Zoom session is who they actually tell you they are? Think about it… 

The e-signature market started with simple documentation – think real estate documents, non-disclosure agreements (NDAs), and employee onboarding paperwork. It became easy, almost mindless, to scribble your name regardless if it didn’t even resemble your real signature. A few clicks and you’re done – the document is signed. The problem is that we aren’t signing simple forms anymore, but legally binding contracts between individuals and enterprises, and the cloud workflows associated with the user journey are more complex with Web 3.0 digital products. Yet we’ve become so conditioned to simple click and scribble processes that we aren’t thinking about the security of the workflows or people interacting, especially for high value transactions. We simply trust that the SaaS provider is doing this for us when the truth is, it’s not there across the entire business process.  

Digitizing processes is essential today, but are digital business processes that save you time and money, but increase your security, financial or regulatory risk really worth it?  

It is this question that ultimately led me here to OneSpan after having worked in almost every facet of the cybersecurity industry for decades. With OneSpan I saw a company with deep roots in customer identity verification and authentication that could marry that with its expertise with e-signatures and customer-facing cloud workflow in a way that no one else could. And with that, we’re able to do more than answer the question; we can also solve it, by re-instilling not only trust but also integrity to fragmented, risky cloud business processes in a world of uncertainty. 

Today, a war on trust and integrity is taking place on the internet, and it is being waged on the average citizen who has become a pawn in the global game of espionage and nation-state activity. As the threat landscape continues to evolve, there is a growing concern that hackers will increasingly manipulate the integrity of digital agreements and their underlying artifacts, essentially the foundation of business and our capital markets. We’ve already seen this happen with the DocuSign phishing attacks. Manipulation, tampering, and alteration of the underlying contracts associated with high-value transactions, such as mortgages, loans, and insurance policies, are increasingly challenging the legitimacy of conducting business on the internet. 

At OneSpan, we recognize this opportunity in front of us and have mobilized behind it. Why? Because we know that when it comes to a digital agreements process, security is more than just selecting which images in the grid have a traffic light in them. It’s more than multi-factor authentication or typing in a four-digit code you received via a text message. More than checking the box that says, “Yup, I’m not a robot.” 

When it comes to securing digital agreements, it’s about having assurance throughout the entire transaction lifecycle. Security must be woven throughout the transaction process given the patch-quilt nature of today’s cloud, and this is where the e-signature market is falling short because e-signature companies are not security companies. In a world of deep fakes, fake content, and fake people, businesses are responsible for restoring integrity and trust in these digital processes. DocuSign is an e-signature company that happens to dabble in some security, OneSpan is a digital agreement security company that happens to offer e-signatures – there is a big difference.  

We are proud that thousands of customers use our secure solutions to conduct millions of agreements and billions of transactions each day. I invite you to follow our transformation journey, stay tuned for updates, and keep an eye on what’s coming from our team. Cybersecurity will have to move into a completely new realm to protect Web 3.0, and we are poised for that opportunity.

Missing media item.

A former OneSpan executive, Matt Moynahan served as OneSpan’s CEO until early January 2024. In that role, Matt brought more than two decades of global technology experience across on-premises and cloud services, and nearly every facet of cybersecurity. Prior to his role at OneSpan, Matt served as CEO at Forcepoint, a global leader in cybersecurity, where he transformed the company’s offerings from predominantly on-premises to a cloud-consumption model and drove new business growth.