Electronic Signature Complete Guide

Ensure the most seamless and secure electronic signature experience with OneSpan Sign

Contents

Across the board, businesses are going digital. They’re transforming customer-facing transactions and the customer experience as a whole by shifting away from paper and toward the adoption of electronic signatures across the enterprise. In addition, processes like contracting, HR, invoicing, and more are achieving rapid gains in efficiency and drastic reductions in cost thanks to widespread acceptance of electronic signature in the market.

What is an electronic signature?

An Electronic signature, or e-signature is a legal concept, much like their paper equivalent, and defined by the US Federal ESIGN Act as ”an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."

The function of an electronic signature is to capture the intent of the signer to be bound by the terms and conditions in a contract. Electronic signature software is designed to capture legally-enforceable signatures online.

Generally, it is about having a lasting record of an individual’s intent. Digital signature refers to the encryption technology used in a number of e-business and e-commerce applications, including electronic signature.

There are generally three types of electronic signatures recognized around the world: Basic, Advanced, and Qualified. See details below.

What are the benefits of electronic signature?

Built on 25 years of best-in-class electronic signature capabilities

User experience gray
Great User Experience

Ensure high user adoption and satisfaction with the most seamless, white-labeled e-signing experience.

advanced security gray
Advanced Security

Protect your users and documents against fraud with military-grade digital signature technology.

audit trails
Audit Trails

Strengthen your compliance and deter legal disputes with the most comprehensive audit trails in the market

scalable platform gray
Efficient and Scalable

Scale electronic signatures across your organization and channels – quickly and cost-effectively

Cost reduction gray
Cost Effective

Get predictable pricing and a cost-effective solution regardless of your volumes – no nickel and diming.

versions gray
Versions

Available as a web or mobile app, developer SDK, 3rd party connector, and specialty solutions for financial services

How do electronic signature work with OneSpan Sign?

Step 1: Access

Email Invitation
Link in a customer portal

Step 2: Identify / Authenticate

Email, Login credentials, Challenge-response questions, SMS PIN, 3rd party ID check, Digipass®, Biometrics, Government ID

Step 3: Present

Documents are presented on a desktop or mobile device. Define workflow rules and control which documents are visible to participants in the transaction

Step 4: Data Capture

Capture data at the time of signing and make that data available to downstream systems

Step 5: Re-authenticate

Optionally verify the signer’s identity at the time of signing. For example, signers can use their government-issued electronic ID (eID) to create a Qualified electronic signature (QES)

Step 6: Sign

Click to sign, Click to initial,Hand-scripted, signature capture

Step 7: Document Insertion

Additional documents or images (e.g. a photo of a driver’s license) can be inserted as part of the transaction

Step 8: Deliver

Signed records can be distributed electronically or on paper

how do electronic signatures work

What is electronic signature used for?

Processes like sales contracts,  HR, invoicing, and more are achieving rapid gains in efficiency and drastic reductions in cost thanks to widespread acceptance of electronic signature in the market.

Extra-Add-Ons-White
Procurement and sourcing
Extra-Add-Ons-White
Contract modifications
Extra-Add-Ons-White
Credit or loan applications
Extra-Add-Ons-White
Federal tax returns
Extra-Add-Ons-White
e-Contracting
Extra-Add-Ons-White
Service agreements
Extra-Add-Ons-White
Real estate transactions
Extra-Add-Ons-White
Claims and appraisals
Extra-Add-Ons-White
Account openings
Extra-Add-Ons-White
Commercial lending
Extra-Add-Ons-White
Delivery order requests
Extra-Add-Ons-White
Retail finance

The Beginner's Guide to Electronic Signatures

This comprehensive, 31-page beginner’s guide to electronic signatures introduces important legal concepts and key considerations when creating digital business processes with e-signatures.

Are electronic signature legally binding?

Yes, OneSpan Sign’s electronic signature is legally binding and enforceable in countries that have enacted electronic signature laws.

Electronic signature created using our solution comply with both the U.S. ESIGN Act and UETA. OneSpan Sign electronic signature also comply with Regulation No 910/2014 on Electronic Identification and Trust Services Regulation (eIDAS) in the European Union. 

For a legal opinion on the enforceability of e-signatures in any given country and any local data residency requirements, consult your legal counsel.

 

Are electronic signatures legal in the United States?

Yes.Today, long after the passing of ESIGN and UETA, there is no longer any question about whether electronic signatures are legal. Federal and state law gives electronic signature the same legal status as handwritten signatures.

E-SIGN & UETA

The federal Electronic Signatures in Global (ESIGN) and the state Uniform Electronic Transactions Act (UETA) give legal recognition for electronic signature and records to satisfy the “in writing” legal requirements for transactions and permit companies to satisfy statutory record retention requirements solely through the use of electronic records.

These Acts essentially enable organizations to adopt a uniform electronic signature process across nearly every states with the assurance that records cannot be refused by a court of law solely on the basis that they were signed electronically.

These US laws are technology-neutral and do not favor any one type of technology over another, but it is important to note. UETA applies to 47 of 50 states. Washington, Illinois, and New York have developed their own e-signature legislation.

 

Are electronic signatures legal in Canada?

Yes. Similar to US UETA laws, Canadian provincial electronic signature laws give the same legal status as handwritten signatures.

In a report entitled Electronic Signatures in Canadian Law, Stikeman Elliott LLP states, “All the provinces and territories have stand-alone e-commerce statutes of general application based on model laws promulgated by the U.N. and the Uniform Law Conference of Canada. While there are some variations, the provincial e-commerce statutes generally stipulate that signatures, documents and originals are not invalid or unenforceable by reason only of being in electronic form.” The Canadian provincial laws are technology-neutral.

The Federal Personal Information Protection and Electronic Documents Act (PIPEDA) also documents the processes covered in Federal laws and regulations that apply to federally-regulated entities (FRE), as well as any documents and processes used within the Federal government. The Act provides for use of Basic and Advanced Electronic Signature while limiting secure electronic signature to a small number of applications. Secure Electronic Signature (equivalent to a Qualified Electronic Signature) is required for certain documents and processes, and requires the use of digital certificates in such cases.

    Are electronic signatures legal in Europe?

    Yes. Directive 1999/93/EC of the European Parliament (also referred to as the EU Directive) was replaced in 2016 by the eIDAS regulation as the prevailing legislation on e-signatures in Europe. The move was made to accelerate the digital transformation of Europe. eIDAS maintains the definitions of the three different kinds of e-signatures outlined earlier in this ebook, but has a few unique characteristics of its own.

    • eIDAS is a regulation. Unlike the Directive, it applies equally to each EU Member State.
    • eIDAS notes that signatures leveraging cloud-based systems can fit under the definition of a Qualified Signature.
    • eIDAS establishes automatic recognition of the Qualified E-Signature across the EU.
    • eIDAS also establishes recognition for the Basic and Advanced signatures as well (as described earlier in the eBook).
    • eIDAS will serve to accelerate digital transformations in countries across Europe.


    Additional Resources

    • eIDAS and E-Signatures in Europe: A Legal Perspective with Lorna Brazell, IP Lawyer, Osborne Clarke

    Are electronic signatures legal in Australia?

    Yes. In 1999, the Australian Parliament passed the Electronic Transactions Act, which was amended in 2011.

    The Electronic Transactions Act gives electronic signatures the same legal status as handwritten signatures. According to the Australian government, “If a Commonwealth law requires you to give information in writing, provide a handwritten signature, produce a document in material form, or record or retain information, the Electronic Transactions Act means you can do these things electronically.”

    The law is technology-neutral and requires a person’s consent to conduct business electronically. Each state and territory also has their own Electronic Transactions Act, which is very similar to the Commonwealth’s act.

    Additional resources

    • View Australia’s electronic transactions legislation by state and territory

    Electronic Signature Guide for Banks: Australian Edition

     

    Are electronic signatures legal in Japan?

    Yes. Japan’s Law Concerning Electronic Signatures and Certification Services has been in effect since 2001. Japan recognizes the legal enforceability of two types of electronic signature used worldwide:

    • Advanced E-Signatures
    • Qualified E-Signatures

    Note that in Japan, using a red seal or stamp instead of a handwritten signature is common practice when signing personal and business documents. However, the law supports the use of electronic signatures without the use of a seal or stamp.

    What are the different types of electronic signature?

    There are generally three forms of electronic signature recognized around the world: Basic, Advanced, and Qualified.

    standard e signature white
    The Basic electronic signature

    The Basic electronic signature is not a standardized term across nations. Depending on the state, some countries may refer to this as a “Simple electronic signature.” However, both terms describe the same concept.

    The Basic electronic signature is technology-neutral. Meaning, any electronic form or process is generally accepted so long as the resulting electronic signature meets three basic requirements for signing:

    1. The electronic signature should be applied in a manner that demonstrates the intent of the signer. The electronic signature can be captured by click-to-sign, typing a name, or a handwritten signature
    2. The electronic signature should be applied by the person associated with the signature
    3. The electronic signature should be associated with the document or data the signer intended to sign

    OneSpan Sign meets the requirements for Basic electronic signature

    advanced e signature white
    The Advanced electronic signature

    Advanced electronic signature goes beyond the Basic by tying authentication to the signature and agreement. This mitigates risk in the transaction by providing additional evidence that can be used to verify the authenticity of the signature.

    Most organizations and banks opt for the Advanced electronic signature as their standard form of electronic signature. The inclusion of built-in authentication increases signer assurance without a significant impact to the customer experience.

    This form of electronic signature adds four additional requirements beyond those of the Basic Electronic Signature. The Advanced electronic signature must:

    1. Be uniquely linked to signer
    2. Identify the signer
    3. Be under the sole control of signer
    4. Detect changes to the document or data after the application of the electronic signature

    OneSpan Sign meets the requirements for Advanced electronic signature.

    qualified e signature white
    The Qualified electronic signature

    The Qualified electronic signature  is an Advanced Electronic Signature that also requires a personal digital certificate in addition to all other standard requirements. The digital certificate is a secure, personal, and unique electronic identity credential that must be issued to the signer in a form they can keep under their control.

    The Qualified electronic signature is the legal equivalent to a handwritten ink signature.

    The extra security of a Qualified electronic signature can also create friction in the transaction. Your signers are required to procure a signer-held digital ID and meet face to face. These extra steps create a longer signing process and ultimately increase the overall cost beyond what other e-signatures might require.

    OneSpan Sign meets the requirements to use a third party digital certificate as an electronic signature, but we do not issue these certificates to users ourselves. Instead, we can assist clients in finding a trusted partner to issue digital certificates.

    The term, Qualified electronic signature, is based on the EU regulation known as eIDAS, but it is similar to many other laws around the world that require a certificate issued by an accredited organization.

    Security for electronic signatures and electronic transactions: Vendor qualification best practices

    User Identity, authentication, and attribution

    Flexible user identification methods:

    • Remote user identification through third-party databases (i.e., dynamic knowledge-based authentication)
    • Remote user identification through personal information verification (PIV)
    Ability to upload images as part of the e-sign transaction (e.g. photo of a driver’s license)

    Flexible user authentication methods:

    • Remote user authentication through user ID and password
    • Email address verification through e-sign session invitation
    • Remote user authentication through static knowledge-based authentication (i.e., secret challenge questions)
    • Ability to customize the challenge questions
    • Ability to leverage existing credentials
    • Ability to fully white-label the e-sign process to reinforce an end-to-end trusted experience
    Ability to configure different authentication methods within the same transaction

    Flexibility to adapt the authentication method to:

    • The risk profile of your organization
    • EACH process being automated

    Flexible options for in-person signature attribution:

    • Hand-off affidavits
    • SMS password (PIN) sent to a personal mobile device (smartphone)
    Integration with strong, multi-factor authentication solutions (i.e., OneSpan's Digipass)
    Ability to sign using client-side certificates ("qualified certificates" under eIDAS) associated to an individual person

    Document and signature security

    Audit trail information must be securely embedded in the document.

    First, document authenticity can be verified independently of the electronic signature software, meaning you do not need to worry if a verification link back to a server will be valid years from now.

    Whether or not you maintain an account on the e-signature service, or whether your vendor is even still in business, your documents are not affected since you, your customers, and other stakeholders do not have to go online to check the document.

    The document and EACH signature must be secured with a digital signature
    A comprehensive audit trail should include the date and time of EACH signature
    The audit trail must be securely embedded in the document and linked to each signature
    One-click signature and document verification (e.g., ability to verify documents and signatures offline, without going to a website)
    Ability to download a verifiable copy of the signed record with the audit trail

    Cloud and data security

    Flexibility in deployment methods to align with your IT and data security policies:

    • On-premises deployment
    • Public and private cloud deployment, hosted on world-class cloud infrastructure platforms such as Amazon, IBM and Microsoft
    SOC 2 and FedRAMP compliant electronic signature solution
    Publishes security practices, certifications and the results of security audit
    Has a consistent track record of keeping customer data secure
    Global data centers to satisfy in-country data residency requirement

    OneSpan Sign Electronic Signature FAQ

    What is the difference between an electronic signature and a digital signature?

    Though related concepts, digital signatures and electronic signatures are different. An electronic signature is a legal concept. Its captures a person’s intent to be legally bound to an agreement or contract. 

     

    However, a digital signature refers to encryption/decryption technology within an electronic signature. Based on public-key cryptography, digital signatures secure signed documents and allow one to verify the authenticity of a signed record.

     

    In short, a digital signature cannot capture a person’s intent to sign a document. When used with an electronic signature application, digital signature technology secures the e-signed data.

    Are OneSpan Sign electronic signatures secure?

    Yes. Security is always top-of-mind at OneSpan.

     

    OneSpan Sign follows a variety of regulatory, industry, and IT standards for security and data protection. In addition, OneSpan Sign meets the compliance standards set by ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, SOC2 Type 2, FedRAMP, HIPAA, Skyhigh Enterprise-Ready, GDPR, and more. Please visit the OneSpan Sign Trust Center for additional information.

    How is OneSpan Sign different from other electronic signature vendors?

    1. OneSpan Sign processes the most regulated B2B and customer-facing transactions in the world.
       
    2. We provide our customers the highest levels of support. The latest electronic signature report from G2 Crowd rates OneSpan Sign with the highest customer satisfaction score in the industry.
       
    3. Our customers can fully white-label the solution to match their brand, so they can provide  a seamless experience for their customers. 
       
    4. We offer the most deployment options – for any project complexity, budget, or size.
       
    5. Our solution guarantees the integrity of the signed document by tamper sealing it after each person signs to protect you and your customers. 
       
    6. We offer the most flexibility for optimizing e-signatures to your processes, workflows, channels, devices and signers.
       
    7. We are the only electronic signature solution in the market that offers a visual audit trail to easily and quickly prove compliance and support your legal case.

    What third-party integrations are available with OneSpan Sign electronic signatures?

    To add e-signing workflows to third–party applications such as SalesforceSalesforce CPQBoxSharePointNintex SharePoint, Pega Systems, Laserfiche and Dynamics CRM, as well as industry-specific software solutions, explore our Partners section for a full list of apps and connectors.

     

    For customized e-signature needs and system-to-system integrations, our open API and fully supported SDKs (software development kits) enable developers to add e-signing capabilities to, third party applications, web portals, and legacy and home-grown systems.

    How do I get a document e-signed?

    All you need to send documents is a web browser and a subscription to the OneSpan Sign Professional Plan. Upload your documents, add recipients, select signature blocks and fields, select a signer authentication method, then click “Send to Sign” to distribute your document for signing. Each recipient will receive an email invitation to sign the document.

    How do recipients e-sign documents with OneSpan Sign electronic signatures?

    Electronic signature with OneSpan Sign are easy, and signing is always free for recipients. They simply receive an email with a link to a signing ceremony in OneSpan Sign. From there, they can access the electronic signature process through their browser on their device.

     

    Once the signing process is complete, both parties can download the e-signed documents for retention in their own system. Alternatively, those documents can also be stored in OneSpan Sign. Try our Quick Demo to see how easy it is to use OneSpan Sign. 

    Can OneSpan Sign electronic signatures be used on mobile devices?

    Use our OneSpan Sign mobile app to securely prepare, send, and sign documents on the go from your iOS and Android devices. It includes robust electronic signature features and is available at no extra charge in our Professional and Enterprise Plans. Download the app today.

     

    In addition, OneSpan Sign offers the ability to e-sign anywhere, anytime, and on any web-enabled device.

    Does OneSpan Sign support Qualified Electronic Signatures?

    Yes. OneSpan Sign provides a solution for Qualified Electronic Signature (QES). We facilitate legally binding Qualified electronic signature through our partnerships with Qualified Trust Service Providers. 
     

    A Qualified Electronic Signature is created using a digital certificate (known as a qualified certificate) assigned to an individual. Think of it as the digital equivalent of a government-issued identity card or passport. 
     

    The qualified certificate and associated key must be obtained from a Qualified Trust Service Provider or Qualified Certificate Authority. It is provided to the individual on a smart card or USB device. That person must connect the smart card or USB device to their computer or mobile device when signing a document, and must enter at least a user ID/password to access their qualified certificate.  
     

    OneSpan Sign fully manages the use of a qualified certificate during the electronic signature workflow. For example: 
     

    • The signer must enter OneSpan Sign by successful authentication
    • The signer e-signs the document 
    • Their electronic signature is secured using digital signature encryption (the digital signature is created using the qualified certificate and associated key) 
    • This creates a Qualified Electronic Signature

     To learn more, visit our Qualified Electronic Signature page.
     

    Get Started with OneSpan Sign Electronic Signatures

    Securely send and e-sign documents ‘out of the box’ or fully integrate electronic signature with your applications or core systems.

    No matter which OneSpan Sign plan you choose, you’ll get an electronic signature solution that balances ease of use with the highest levels of security and compliance, while giving you the option to easily customize the electronic signature solution for your brand and unique business and IT requirements.

    How can I get started with OneSpan Sign electronic signatures?

    OneSpan Sign offers a Professional Plan with out-of-the-box electronic signature features for user-initiated processes as well as an Enterprise Plan to integrate e-signing capabilities into your web applications, mobile apps, and core systems.

    To learn more, visit our pricing and editions page.

    What customers are saying about our Electronic Signature Solutions

    The strongest feature of [OneSpan Sign] is the flexibility of the platform. There are many options to configure and tailor the experience to the customer’s needs. And the integration / connectors make it really easy for users to get up and running.

    us bank png

    US Bank

    Andrew S.

    White-Labeled Flexibility

    Get documents e-signed anytime, anywhere, on any device while keeping the spotlight on your brand

    Provide customers with the most seamless experience to promote high adoption and completion rates. Optimized for desktop and mobile signing right ’out of the box’, while enabling you to fully customize the workflows and screens to create a unique and trusted experience. That includes white-labeling at no extra charge.

    Secure Electronic Signatures

    Secure your documents and online signature using military-grade, digital signature technology

    OneSpan Sign guarantees document integrity by applying a digital signature and tamper seal after each person has signed, and then automatically detecting if a change is made in between signers. And unlike other providers, OneSpan Sign embeds the audit trail directly in the document, enabling you to instantly verify it with just one click.

    Accurate Audit Trails

    Prove your compliance and deflect legal disputes with the most comprehensive audit trails

    Capture the step-by-step signing workflow as seen and experienced by your customers. Our patented “visual” audit trail reproduces all web screens, legal disclosures, and documents that were presented, as well as how long signers took at each step. This makes it faster and less costly to prove what happened.

    Scalable Platform

    Our electronic signature platform gives you the flexibility to choose how and where you want to deploy the service

    Implement electronic signature as a shared service across your divisions and global operations for a quicker time-to-market. OneSpan Sign provides the most scalable platform and integration framework, allowing you to scale the use of electronic signature across your lines of business, use cases, and channels – both locally and abroad.

    Cost Savings You Can See

    Get Transparent Pricing with No Nickel and Diming, No Hidden Fees, and No Surprise Price Increases

    Unlike other electronic signature providers, you won’t see an astronomical price increase at the end of your contract. We work closely with you to review your consumption needs and help you scale your model in the most cost-effective manner. What’s more, if your needs and volume change before your contract is up, we’ll re-assess the terms so that you maintain a cost-effective solution – today and tomorrow.

    Product Versions

    Start e-signing with our web app, mobile app, and pre-built connectors

    Web App

    Sign up for the OneSpan Sign web application and get your documents out for signature in minutes. Simply upload your document, add your recipients, then send your document for signing. No hardware or software investment required.

    Get a Demo  

    create transaction

    Mobile App

    Securely prepare, send, and sign documents on the go using the OneSpan Sign mobile app for iOS and Android . Our app includes robust out-of-the-box electronic signature features for your mobile signing needs.

    Learn More  

    3rd Party Connectors

    OneSpan Sign offers pre-built e-signature connectors for Salesforce, Microsoft SharePoint, Dynamics CRM, Laserfiche, Nintex, Pega Systems, Box, Salesforce CPQ, and other third-party applications. No coding required.

    Learn more  

    Get started with electronic signatures

    Try our a quick demo to see what the e-signing experience looks like.