Electronic Signature Complete Guide

What is an electronic signature?

An Electronic signature, or e-signature is a legal concept, much like their paper equivalent, and defined by the US Federal ESIGN Act as ”an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."

The function of an electronic signature is to capture the intent of the signer to be bound by the terms and conditions in a contract. Electronic signature software is designed to capture legally-enforceable signatures online.

Generally, it is about having a lasting record of an individual’s intent. Digital signature refers to the encryption technology used in a number of e-business and e-commerce applications, including electronic signature.

There are generally three types of electronic signatures recognized around the world: Basic, Advanced, and Qualified. See details below.

 

 

What are the benefits of electronic signature?

Built on 25 years of best-in-class electronic signature capabilities

• Great User Experience
  Ensure high user adoption and satisfaction with the most seamless, white-labeled e-signing experience
• Advanced Security 
  Protect your users and documents against fraud with military-grade digital signature technology.
• Audit Trails 
  Strengthen your compliance and deter legal disputes with the most comprehensive audit trails in the market
• Efficient and Scalable 
  Scale electronic signatures across your organization and channels – quickly and cost-effectively
• Cost Effective 
  Get predictable pricing and a cost-effective solution regardless of your volumes – no nickel and diming.
• Versions 
  Available as a web or mobile app, developer SDK, 3rd party connector, and specialty solutions for financial services

 

 

How do electronic signature work with OneSpan Sign?

• Step 1: Access
  Email Invitation Link in a customer portal
• Step 2: Identify / Authenticate
  Email, Login credentials, Challenge-response questions, SMS PIN, 3rd party ID check, Digipass®, Biometrics, Government ID
• Step 3: Present
  Documents are presented on a desktop or mobile device. Define workflow rules and control which documents are visible to participants in the transaction
• Step 4: Data Capture
  Capture data at the time of signing and make that data available to downstream systems
• Step 5: Re-authenticate
  Optionally verify the signer’s identity at the time of signing. For example, signers can use their government-issued electronic ID (eID) to create a Qualified electronic signature (QES)
• Step 6: Sign
  Click to sign, Click to initial,Hand-scripted, signature capture
• Step 7: Document Insertion
  Additional documents or images (e.g. a photo of a driver’s license) can be inserted as part of the transaction
• Step 8: Deliver
  Signed records can be distributed electronically or on paper

 

 

What is electronic signature used for?

Processes like sales contracts,  HR, invoicing, and more are achieving rapid gains in efficiency and drastic reductions in cost thanks to widespread acceptance of electronic signature in the market.

• Procurement and sourcing
• Contract modifications
• Credit or loan applications
• Federal tax returns
• e-Contracting
• Service agreements
• Real estate transactions 
• Claims and appraisals
• Account openings
• Commercial lending
• Delivery order requests
• Retail finance

Are electronic signature legally binding?

Yes, OneSpan Sign’s electronic signature is legally binding and enforceable in countries that have enacted electronic signature laws.

Electronic signature created using our solution comply with both the U.S. ESIGN Act and UETA. OneSpan Sign electronic signature also comply with Regulation No 910/2014 on Electronic Identification and Trust Services Regulation (eIDAS) in the European Union. 

For a legal opinion on the enforceability of e-signatures in any given country and any local data residency requirements, consult your legal counsel.

Are electronic signatures legal in the United States?

Yes.Today, long after the passing of ESIGN and UETA, there is no longer any question about whether electronic signatures are legal. Federal and state law gives electronic signature the same legal status as handwritten signatures.

E-SIGN & UETA

The federal Electronic Signatures in Global (ESIGN) and the state Uniform Electronic Transactions Act (UETA) give legal recognition for electronic signature and records to satisfy the “in writing” legal requirements for transactions and permit companies to satisfy statutory record retention requirements solely through the use of electronic records.

These Acts essentially enable organizations to adopt a uniform electronic signature process across nearly every states with the assurance that records cannot be refused by a court of law solely on the basis that they were signed electronically.

These US laws are technology-neutral and do not favor any one type of technology over another, but it is important to note. UETA applies to 47 of 50 states. Washington, Illinois, and New York have developed their own e-signature legislation.

Are electronic signatures legal in Canada?

Yes. Similar to US UETA laws, Canadian provincial electronic signature laws give the same legal status as handwritten signatures.

In a report entitled Electronic Signatures in Canadian Law, Stikeman Elliott LLP states, “All the provinces and territories have stand-alone e-commerce statutes of general application based on model laws promulgated by the U.N. and the Uniform Law Conference of Canada. While there are some variations, the provincial e-commerce statutes generally stipulate that signatures, documents and originals are not invalid or unenforceable by reason only of being in electronic form.” The Canadian provincial laws are technology-neutral.

The Federal Personal Information Protection and Electronic Documents Act (PIPEDA) also documents the processes covered in Federal laws and regulations that apply to federally-regulated entities (FRE), as well as any documents and processes used within the Federal government. The Act provides for use of Basic and Advanced Electronic Signature while limiting secure electronic signature to a small number of applications. Secure Electronic Signature (equivalent to a Qualified Electronic Signature) is required for certain documents and processes, and requires the use of digital certificates in such cases.

Are electronic signatures legal in Europe?

Yes. Directive 1999/93/EC of the European Parliament (also referred to as the EU Directive) was replaced in 2016 by the eIDAS regulation as the prevailing legislation on e-signatures in Europe. The move was made to accelerate the digital transformation of Europe. eIDAS maintains the definitions of the three different kinds of e-signatures outlined earlier in this ebook, but has a few unique characteristics of its own.

• eIDAS is a regulation. Unlike the Directive, it applies equally to each EU Member State.
• eIDAS notes that signatures leveraging cloud-based systems can fit under the definition of a Qualified Signature.
• eIDAS establishes automatic recognition of the Qualified E-Signature across the EU.
• eIDAS also establishes recognition for the Basic and Advanced signatures as well (as described earlier in the eBook).
• eIDAS will serve to accelerate digital transformations in countries across Europe.

Additional Resources

• eIDAS and E-Signatures in Europe: A Legal Perspective with Lorna Brazell, IP Lawyer, Osborne Clarke

Are electronic signatures legal in Australia?

Yes. In 1999, the Australian Parliament passed the Electronic Transactions Act, which was amended in 2011.

The Electronic Transactions Act gives electronic signatures the same legal status as handwritten signatures. According to the Australian government, “If a Commonwealth law requires you to give information in writing, provide a handwritten signature, produce a document in material form, or record or retain information, the Electronic Transactions Act means you can do these things electronically.”

The law is technology-neutral and requires a person’s consent to conduct business electronically. Each state and territory also has their own Electronic Transactions Act, which is very similar to the Commonwealth’s act.

Additional resources

• View Australia’s electronic transactions legislation by state and territory
• Electronic Signature Guide for Banks: Australian Edition

Are electronic signatures legal in Japan?

Yes. Japan’s Law Concerning Electronic Signatures and Certification Services has been in effect since 2001. Japan recognizes the legal enforceability of two types of electronic signature used worldwide:

• Advanced E-Signatures
• Qualified E-Signatures

Note that in Japan, using a red seal or stamp instead of a handwritten signature is common practice when signing personal and business documents. However, the law supports the use of electronic signatures without the use of a seal or stamp.

 

 

What are the different types of electronic signature?

There are generally three forms of electronic signature recognized around the world: Basic, Advanced, and Qualified.

The Basic electronic signature

The Basic electronic signature is not a standardized term across nations. Depending on the state, some countries may refer to this as a “Simple electronic signature.” However, both terms describe the same concept.

The Basic electronic signature is technology-neutral. Meaning, any electronic form or process is generally accepted so long as the resulting electronic signature meets three basic requirements for signing:

1. The electronic signature should be applied in a manner that demonstrates the intent of the signer. The electronic signature can be captured by click-to-sign, typing a name, or a handwritten signature
2. The electronic signature should be applied by the person associated with the signature
3. The electronic signature should be associated with the document or data the signer intended to sign

OneSpan Sign meets the requirements for Basic electronic signature

The Advanced electronic signature

Advanced electronic signature goes beyond the Basic by tying authentication to the signature and agreement. This mitigates risk in the transaction by providing additional evidence that can be used to verify the authenticity of the signature.

Most organizations and banks opt for the Advanced electronic signature as their standard form of electronic signature. The inclusion of built-in authentication increases signer assurance without a significant impact to the customer experience.

This form of electronic signature adds four additional requirements beyond those of the Basic Electronic Signature. The Advanced electronic signature must:

OneSpan Sign meets the requirements for Advanced electronic signature.

1. Be uniquely linked to signer
2. Identify the signer
3. Be under the sole control of signer
4. Detect changes to the document or data after the application of the electronic signature

The Qualified electronic signature

The Qualified electronic signature is the legal equivalent to a handwritten ink signature.

The extra security of a Qualified electronic signature can also create friction in the transaction. Your signers are required to procure a signer-held digital ID and meet face to face. These extra steps create a longer signing process and ultimately increase the overall cost beyond what other e-signatures might require.

OneSpan Sign meets the requirements to use a third party digital certificate as an electronic signature, but we do not issue these certificates to users ourselves. Instead, we can assist clients in finding a trusted partner to issue digital certificates.

The term, Qualified electronic signature, is based on the EU regulation known as eIDAS, but it is similar to many other laws around the world that require a certificate issued by an accredited organization.

 

 

Security for electronic signatures and electronic transactions: Vendor qualification best practices

User Identity, authentication, and attribution

• Flexible user identification methods:
  • Remote user identification through third-party databases (i.e., dynamic knowledge-based authentication)
  • Remote user identification through personal information verification (PIV)
• Ability to upload images as part of the e-sign transaction (e.g. photo of a driver’s license)
• Flexible user authentication methods:
  • Flexible user authentication methods:
  • Remote user authentication through user ID and password
  • Email address verification through e-sign session invitation
  • Remote user authentication through static knowledge-based authentication (i.e., secret challenge questions)
  • Ability to customize the challenge questions
  • Ability to leverage existing credentials
  • Ability to fully white-label the e-sign process to reinforce an end-to-end trusted experience
• Ability to configure different authentication methods within the same transaction
• Flexibility to adapt the authentication method to:
  • The risk profile of your organization
  • EACH process being automated
• Flexible options for in-person signature attribution:
  • Hand-off affidavits
  • SMS password (PIN) sent to a personal mobile device (smartphone)
• Integration with strong, multi-factor authentication solutions (i.e., OneSpan's Digipass)
• Ability to sign using client-side certificates ("qualified certificates" under eIDAS) associated to an individual person

Document and signature security

• Audit trail information must be securely embedded in the document.
  
  First, document authenticity can be verified independently of the electronic signature software, meaning you do not need to worry if a verification link back to a server will be valid years from now.
  
  Whether or not you maintain an account on the e-signature service, or whether your vendor is even still in business, your documents are not affected since you, your customers, and other stakeholders do not have to go online to check the document.
• The document and EACH signature must be secured with a digital signature
• A comprehensive audit trail should include the date and time of EACH signature
• The audit trail must be securely embedded in the document and linked to each signature One-click signature and document verification (e.g., ability to verify documents and signatures offline, without going to a website)
• Ability to download a verifiable copy of the signed record with the audit trail

Cloud and data security

• Flexibility in deployment methods to align with your IT and data security policies:
  • On-premises deployment
  • Public and private cloud deployment, hosted on world-class cloud infrastructure platforms such as Amazon, IBM and Microsoft
• SOC 2 and FedRAMP compliant electronic signature solution
• Publishes security practices, certifications and the results of security audit
• Has a consistent track record of keeping customer data secure
• Global data centers to satisfy in-country data residency requirement