Electronic Signature Certification

Since the start of the COVID-19 pandemic, consumer preferences have shifted. Where once customers tolerated signing contracts with a handwritten signature on paper, now in an effort to reduce risk of infection, remote processes have become much more valuable from both a customer experience and business continuity perspective. Electronic signatures allow businesses and government organizations to construct fully remote, end-to-end digital processes and document workflows to increase efficiencies, cut costs, and meet these changing consumer demands.

OneSpan Sign empowers your organization to sign documents, agreements, and other contracts from any location at any time and on any device. And, the legality of electronic signatures is not in question. Over 90 countries around the world have passed e-signature legislation establishing the legitimacy of electronic signatures and their equivalence to a wet ink physical signature. For example, the Electronic Signatures in Global and National Commerce Act (ESIGN Act) has been in place in the United States since the year 2000 along with the Uniform Electronic Transactions Act (UETA).

What is a Qualified Electronic Signature

Though the legality is not in question, requirements and standards will vary from country to country. Some states and jurisdictions may require what is often called a Qualified Electronic Signature (QES) which includes certification from a trust service provider (TSP). Though there are other types of electronic signatures, a QES is reserved for the highest risk transactions and require the highest level of security. The TSP is an unaffiliated third-party organization or legal entity that issues and preserves a digital certificate, also known as a qualified certificate or signing certificate, to validate the authenticity of the qualified electronic signature.

Though QES is used around the world, they are a common type of e-signature in the European Union (EU) as their electronic signature legislation, the eIDAS regulation, clearly outlines their use.

How Does OneSpan Sign Electronic Signature Provide E-Signature Certification

Beyond TSPs and digital certificates, all OneSpan Sign electronic signatures are secured with a digital signature. This may sound redundant, but the terms electronic signature and digital signature refer to two distinct concepts. Terms like digital signing should be avoided, because they muddle these two already-similar terms.

An electronic signature is a legal concept. It marks the signer’s intention to submit to the terms of the contract being signed. Though the term “signature” is used, which evokes images of a name written in cursive text, many electronic signature laws enable symbols or other forms of identification. It is a physical signature in electronic form, but the point is the consent, not the form the consent takes.

Digital signature technology, however, refers to encryption technology used to verify the authenticity of a signed record. It is based on public-key infrastructure (PKI) (as opposed to private-key cryptography) which generates both a public and a private key using cryptographic algorithms. This tamper-seals the contract after it is signed, so if anyone where to make changes to the PDF document or other document after it is completed or during transfer from one signer to the next, it would invalidate the contract or at least make those changes identifiable to the next signer.

Therefore, an effective electronic signature solution will utilize both electronic signatures and digital signatures. Without the former, no consent will be captured. Without the latter, the contract may not be secure.

As an added level of protection, organizations using OneSpan Sign have access to audit trails of their transactions. An audit trail records the activity of the signers in case the contract comes into dispute at a later date. In court, the company can produce the audit trail to demonstrate how, when, and by whom a contract was signed.

Benefits of Digital Signatures

There are many benefits of using digital signatures with an electronic signature, including:

• Trusted and compliant: Digital signatures are a well-accepted and adopted standard among electronic signature providers and used in the most security-conscious industries and for the highest risk transactions. Their use is supported, and in some cases required, by relevant e-signature legislation.
• Unique to the signer:  Each signer in the transactions must identify and be uniquely linked to the signature. The person who signed the document can be determined with a high degree of trust.
• Easy to validate: With PKI, tamper seals, and audit trails, organizations have ample evidence for certifying the authenticity of signatures.

Digital Signature FAQs

What are timestamps?

Timestamps are used by digital signatures to denote the precise time in which the electronic signature was applied. This allows an organization to recognize if alterations have occurred after the timestamp.

What makes certificate-based digital signature so secure?

Each signer is issued a certificate from a TSP or certificate authority (CA), which functions to verify the signer’s digital identity (digital ID). Once the document is signed, the identity of the signer is validated, and the signature is bound to the document using PKI.

What is the difference between an Advanced Electronic Signature and a Qualified Electronic Signature?

Advanced electronic signatures have many of the security measures of the QES. The primary difference is that an advanced electronic signature does not require the digital certificate from the TSP.

Getting Started with OneSpan Sign

Organizations deploying OneSpan Sign have two general options for their e-signature solutions:

• User-initiated: In this deployment option, users can send and sign electronic documents through a web portal, third-party connector, or a mobile app. Typically, this path is ideal for lower volume and user-initiated transactions, but the advantage is that a user-initiated approach can be deployed in as little as 24-hours.
• Integrated: The integrated deployment option allows for full automation of the signing process through their business application, core systems, or mobile app. Digital documents are system-generated and fully automated, so this approach is ideal for larger-volume and system-initiated e-sign processes.

Ready to start signing? Download our E-Sign Readiness Checklist to find out how to get started.