Most Electronic Signatures Are Not Legally Binding

In one of our earlier blogs, we explained the three (3) required criteria: authenticity, integrity, and non-repudiation which are required for any legally binding electronic signatures.  Unfortunately to no fault of a document originator or the signer of a document, most of the electronic signature services provided by some of the biggest electronic signature providers to the smallest, and most of the free electronic signature providers are not legally binding.

Why you ask?

The reason is simple.  Because we’re simply asking the wrong question.

Let’s start with authenticity. Most of the time, the number one question asked is… “How do you know the person who’s signing is the person who should be signing?”   Before we answer that question, let’s simply look at the way business is done today, and let me ask you a question first.  How are you sending documents to be signed today?  Are you faxing them?  Are you emailing them? Are you using a courier, USPS, or FedEx?  And if you are, when you receive a signed document today from any of the methods I just mentioned, how do you know the person who signed it is in fact that person.  Couldn’t anyone have signed that document?

In the case with DocVerify, we go above and beyond the traditional way, because in the electronic world we can collect lots of data that can prove that he or she is the person in question.   We have quite a few countermeasures in place, and they range anywhere from an email address to an actual voice print.  It’s pretty hard to try to say that’s not your voice.

So, now that we’ve answered that question, let’s ask the question we should be asking every provider.  How do I know that the document I signed is in fact the same document?  Anyone could’ve easily taken your electronic signature, placed it in or on the document, or even worse, changed or altered the electronically signed document.  Again, there’s no disputing that that’s your signature, but is that really the document you electronically signed?  In fact, Adobe Acrobat has many tools built right into it that would allow even the most novice person to quickly and easily change any PDF document.  Please check out our DocVerify YouTube channel where we demonstrate how easy it is to change a PDF document.

In the world of electronic signatures, you must do your due diligence when looking for the right provider.  If you go with a provider simply because they’re the biggest or the cheapest without validating what we just talked about, your electronically signed documents may be invalid according to the law because if it can be changed or altered then it fails the integrity criteria.

DocVerify started out as an electronic document security company, and in fact our expertise is in the area of document integrity.  DocVerify can prove when a document was created, where it was created from, who created it, and that the document is in fact the document in question.  Our patent pending 7 layers of protection not only protects the electronic copy, but also the hard copies too.  DocVerify even has watermarking technologies built right into each and every DocVerify-ed document, that in the event the document is tampered with, you will know instantly.  How many electronic signature providers can say that?  We not only utilize digital signatures, but we also utilize several different types of hashing and encryption technologies that helps protect every single document.  Even if we no longer have a copy of the document in our electronic vault, we can still prove its integrity.  Why settle for anything less?  Just make sure you ask the right questions…  Can you prove that’s the document I signed and that it has never changed or been altered?  And if so… Demand them to Prove It!

Please also take a look at Bruno Lowagie’s blog about how easily electronic signatures can be altered or changed, and how watch him demonstrate it too.

http://lowagie.com/fakesig

http://lowagie.com/esignatures4dummies

For more information please go to www.docverify.com

Uploading your actual signature is a horrible idea

At some point you may be requested to sign a document online or you may have to decide on an electronic signature and digital signature provider.

Most providers these days try to mimic real world signatures by allowing a signer to upload their actual signatures, but this can come at a great cost to you.

Why?

Before we get to the why, let me start by asking you this.  Do you really want your actual signature floating around on the Internet?  I hope you answered with a big “NO”.

Now to answer the why, and you’ve already answered a part of the question above. By signing an electronic document using your actual signature will allow someone with bad intentions to quickly and easily copy your signature, and easily place that signature on any document they choose.

For example, we’ve all heard of incidences where people had car loans, home loans, credit cards, etc., things that they were completely unaware of where people had copied their signatures. When this happens, you are still responsible for those loans, credits cards, etc., and it may take years to clean up the mess.  Why would anyone want to intentionally put themselves into that position, and the answer to that is we usually don’t think that far ahead.  Don’t fall for the cool factor because it comes at a very high cost to you.

DocVerify does not allow signers to upload their signatures because security and protection are the number one priorities, and most importantly DocVerify started as a document security and document integrity company.  Electronic signature providers that allow signers to upload their actual signatures have indirectly provided you a window into their substandard security practices. Most providers’ security standards are nothing more than smoke and mirrors as demonstrated by allowing actual uploaded signatures.  When choosing a provider you should be very concerned with the methods they use, securing documents, integrity protection because you may ultimately be liable if one of your signer’s signatures is stolen and used.

Don’t risk it.  DocVerify It.

DocVerify is both an electronic signature and digital signature provider.

DocVerify Debuts New WebHook Feature for Instant Status of Electronic Signatures

DocVerify has released the new WebHook feature that allows users to instantly update the status of their electronic signatures on documents to any remote website. This innovative, powerful feature operates by doing a simple GET or a POST directly to any URL using WebHooks the moment a signer creates a new signature document, views a signature document or signs a document, once the document has completed the signature process.

A WebHook is a contract management tool that provides users with valuable information as soon as it happens, which means no more waiting to find out the status of e-signatures or having to pull the data. Users are able to register their own URL and then extend, customize and integrate that application with their own custom extensions or other applications on the World Wide Web.

According to DocVerify, “It’s very simple. After the system has been activated, you simply enter the URL of the page where you have set it up to receive DocVerify’s GETs or POSTSs, and the instant a signer performs an action, such as viewing an e-sign document or completing an e-signature document, your page is instantly notified of  the update. This allows you to quickly update the information on your own site without the need of constantly having to pull the data from DocVerify for status updates.

In addition, DocVerify’s new webhook feature is also designed to work in coordination with DocVerify’s voice signature system, not only the e-sign system. Once the user has set up the URL, each time a new voice signature document is created, a voice signature is requested, a call is answered, verified or recorded, the URL is immediately updated.

DocVerify’s new WebHook feature offers vital help for any contract management or document management needs, ensuring instant notification of electronic signatures and more.

DocVerify And Ingram Micro Announce Partnership For Electronic Signatures

DocVerify a leader in secure online electronic signature technologies has partnered with Ingram Micro, the largest technology distributor in the world to deliver DocVerify’s services in the cloud.

The partnership with Ingram Micro will enable VAR’s and resellers to utilize and resell one of the most secure electronic signature systems on the market with one of the most user friendly systems from a signers point of view.

DocVerify Releases New Easy Sign System for Instant Electronic Signatures on Any Website

DocVerify has announced the release of their powerful new Easy Sign System, designed to allow website owners the ability to integrate electronic signatures into their sites with no programming or HTML knowledge required. This offers website owners searching for a complete answer to their contract management or document management needs a simple, powerful, effective solution.

The new Easy Sign System is designed to work with any website, and requires no HTML or coding knowledge from the website owner. According to DocVerify, “Easy Sign has been designed to work inside of any IFrame, giving the electronic signature requestor full control of embedding it anywhere within their own websites. You can even control the IFrame’s look and feel.”

Thanks to the simple, easy customization offered by this electronic signature solution, website owners can offer an enhanced experience to their users as well as adding more aesthetic appeal.

DocVerify states, “If there is a page on any remote website that requires users to sign NDAs, the website can have the DocVerify Easy Sign system as part of the process in an IFrame directly in their site. When the IFrame is loaded, DocVerify instantly creates a new document and the signer electronically signs the document directly from within the website, which not only enhances the user’s ultimate experience without add any additional steps, but will also add a major “wow” factor to any site.”

This e-sign solution is the ideal answer to contract management and document management needs. It’s also simple and easy to integrate. Website owners only need to sign up for DocVerify, request to have the Easy Sign System activated and then enter the URL from the IFrame – DocVerify does the rest.

DocVerify Releases New Phone Verification and Voice Recording Tools for Electronic Signature and Digital Signature Signers

DocVerify, the provider of industry-leading digital signature and electronic signature solutions, has released new phone-based verification and voice recording tools that offer better security and identity validation.

DocVerify has released the first of its kind for any electronic signature and digital signature provider, powerful new tools designed to enhance security and provide advanced authenticity via phone verification and voice recording. These work hand-in-hand with the company’s electronic signature and digital signature process and result in legally binding contracts and documents for non-repudiation.

Signature requestors are able to enjoy significant benefits here, and individuals can also enjoy enhanced security from the chance of identity theft. The phone verification product works very simply, and provides the benefits only an electronic signature can offer.

Signature requestors are able to request verification of phone numbers through either SMS or through an automated phone system before the user is allowed to continue with the signing process. With an SMS notification, the user simply inputs their phone number, and. they will then receive a secret code via SMS.

This code must be input into a text field on the website, so that the user and the phone can be connected for better authenticity and security. With the phone-based verification system, users simply input either their mobile number or a direct landline number. DocVerify’s automated system calls the number supplied, and asks for the secret code that appears on their screen. Once the code has been accepted, the user must repeat a phrase or state their name, which is recorded.

The voice is recorded and attached to the legally binding document as an electronic signature. In addition to the digital signature and electronic signature this ensures that the document is legal, and it also ensures that the person using the phone is the person in question, thereby reducing the potential for fraud and identity theft.

With the power of DocVerify’s electronic signature products like the new advanced phone verification and voice recording system, the problem of fraud, identity, and authenticity can be reduced.

Understanding E-Sign concepts and requirements

This is for informational purposes only.

Within the E-Sign Act there are three consistent concepts that are either acknowledged in almost every law, guideline or opinion as it relates to electronic signatures.  The concepts are the Authentication of the signer, the Integrity of the signed document, and Non-repudiation of the signature and the intentions of the signers.  The following sections will explain these concepts in detail, as well as assist in the understanding and compliance of these concepts.

Authentication

Authentication is defined as the act of establishing or confirming someone as authentic or in the world of electronic signatures, they are who they say they are.  There are many ways to accomplish this.  Traditionally, this may have been done by providing a passport, driver’s license or other forms of identification, but in the World Wide Web this is not always going to be a viable option, so other methods may be used.

The most common and perhaps popular way on the Internet today is to use an email based identifier.  Most people who have an email address have probably experienced this at some point.  You may have encountered a web site where you were required to put in your email address.  That site then emails you a verification code or a link that you had to click on. After you enter the verification code provided, you were then a verified member.  This method is typically known as an email based ID system.

There are also other ways to prove identity or validation using third party solutions.  In other words, use a method where the person or entity has presumably already been verified through.  Again, you may have already experienced this.  Some sites may require a credit card number, address or zip code, or maybe even an account number.  The presumption is that the person told the truth to those entities, and it should match the information provided on the website.

The point being there are countless methods for authenticating and identifying individuals. 

Integrity

Integrity in the electronic world simply means that there is a reasonable belief that the file or document in question has not been tampered with or altered by anyone or anything since its creation or since it was signed.  The concept of integrity is straightforward and easy to understand, and its requirement is completely justified.  Say for example you’re dealing with a paper document, some discrepancies are easy to find, but with electronic documents it can be very difficult if not impossible to manually or even visually tell if a document has been altered.  In order to demonstrate or prove document integrity a service may use an encryption algorithm or fingerprint to lock a file once it has been completely signed.  Going even beyond that, some of the better services such as DocVerify will continually capture a documents fingerprint, and then create a final version of the document once it has been completely signed by also embedding fingerprints and certificates directly into the document.  Most fingerprinting technology which is in use today for the purposes of identification can be more accurate that even DNA.

 Non-repudiation

Non-repudiation is a concept of ensuring that a party in a dispute cannot refute the validity of an electronic document.  Someone can always say, “That is not my signature” and claim their signature was forged.  After all, someone could have easily copy pasted an image of the persons signature they found on the Internet, and fax it back to you.  Under most circumstances you can never be 100% certain that the person you are doing business with is in fact who they say they are.  Even if the person is there physically there can still be a risk.  You are probably aware of this fact, but identity theft is the fastest-growing form of crime, and criminals are doing more with your identity than buying things on Amazon.  So what can you do to protect yourself against electronic signature fraud or abuse?

Electronic signature systems such as DocVerify use various verification methods to insure the signer understands the purpose and the intent of the signature process as well as protecting the document itself from tampering.  However, the road to successful electronic signature implementations lies in the careful understanding of all three concepts.  Too many providers out there cut corners, which may hurt you in the long run such as allowing multiple signers to use the same email address.

The bottom line is it’s important to combine good business practices with a solid electronic signature system such as DocVerify which will make non-repudiation less of an issue.

For more information about electronic signatures, please visit www.docverify.com

references: www.isaacbowman.com