E-Signature Trends: Security and Assurance
As 2014 moves forward, many businesses wonder what’s on the horizon for the e-signature industry. With the pickup in adoption, the focus has changed from ease of use to security and assurance.
We are finding that customers are much better informed about the e-signature market and the key players, and are also less naïve about the nature of the technology and what it means for their business. However, by the same token, we are also seeing new questions being raised that are more subtle and at the same time important. For example:
- What happens if my electronic signature service goes away?
- What happens to my signatures in 10 years?
- How can I make your signature service not just connect to my product, but become a part of it?
With these questions in mind, here are some of my predictions and thoughts for what we’ll see in the months ahead.
Ease-Of-Use No Longer Key Differentiator. Now before you all protest, let me be clear, I am not saying that ease of use is unimportant – absolutely not. However, ease of use should now be a foundational element of all e-signature solutions. If it’s not easy to use, why bother deploying it? Given that fact, and the maturity of the space, I would argue it’s less of a differentiator.
Assurance is a different story. What do I mean by assurance?
- - Signed documents that remain valid in the long term;
- - Signatures that create a tamper-evident seal on the document;
- - Signatures that are not proprietary or linked permanently to a vendor;
- - Audit trails that show the whole story, not just some summarized mini-view of a transaction;
- - Signers who are strongly verified and authenticated to be sure they are who they say they are;
- - A platform that produces signatures and evidence that a customer can trust whether the vendor is there or not.
In the short history of the e-signature movement, assurance has often taken a back seat to efficiency, simplicity and elimination of paper. Customers were happy to acquire any solution that would make them more competitive, especially if they could close business in seconds versus weeks. But like everything on the Internet, efficiency and speed often come before a realization of the need for security.
Even the Federal ESIGN Act and state UETA laws are notably silent on subjects such as integrity and tamper evidence, preferring an agnostic approach that emphasized rapid adoption over security.
Read more: Security and assurance are king ...
Assurance and Security Are King. In 2013, we witnessed a number of leading indicators of a changing tide and the rising importance of assurance in electronic signatures.
For example, the IRS has long researched and desired to employ electronic signatures to speed up tax returns and the processing of other forms. For years, while the 1040 federal tax form could be signed electronically with a PIN, a great majority of tax forms were relegated to filing via paper and wet ink signature.
So it was with great interest we greeted the IRS announcement that the 4506-T or 4506T-EZ forms of the Income Verification Express Service could now be signed electronically.
However, the IRS would not allow just any electronic signature on these forms. In fact, rather than placing the bar at the level of the ESIGN Act or the state UETA laws, the IRS set a much-higher bar on assurance.
The IRS required that electronic signatures create a tamper-evident seal on a signed document, signers’ identities are verified with multi-factor authentication and signatures be verifiable. This was quite a big step for the IRS, and a blow to the companies whose signature technology focused solely on the efficiency aspects of an e-signature while neglecting assurance.
The actions of the IRS in 2013 represent a major change in the way we should be looking at e-signatures. It’s no longer just enough to say a signature is ESIGN compliant.
It’s critical to remember that ESIGN and UETA are over 13 years old now, and much has changed in the technology space since that point in time. These laws represent a great foundation, but they should not be the sole source of input for designing a more legally verifiable, long-term signature solution. Signatures now need to show integrity, tamper-evidence, signer authentication and verifiability of a signature many years into the future, regardless of the availability of a vendor.
Even Forrester in 2013 pointed out in its Forrester Wave: eSignatures, Q2 2013 report that “the right stress test is to assume your SaaS or on-premises vendor disappears and see what you have to take to court.”
Companies and industries were taking note of this change in 2013. We responded to several Requests for Proposal and for Information at the close of 2013 requesting electronic signature solutions that could be ‘independently verifiable’ and whose signatures relied on open standards.
We are already seeing evidence of the importance of assurance carrying through into 2014. A few weeks ago, the FHA announced acceptance of electronic signatures on a much-broader set of mortgage and closing documents than ever before. This move also set a substantially higher bar than ESIGN for those electronic signatures.
Digital signatures offer tamper evidence, independent verification and a strict adherence to standards, meaning customers are not left having to rely on us being around simply to prove that signatures took place. And that should be backed up with a highly detailed audit trail that goes far above and beyond what a majority of the market feels is sufficient.