Most Electronic Signatures Are Not Legally Binding

In one of our earlier blogs, we explained the three (3) required criteria: authenticity, integrity, and non-repudiation which are required for any legally binding electronic signatures.  Unfortunately to no fault of a document originator or the signer of a document, most of the electronic signature services provided by some of the biggest electronic signature providers to the smallest, and most of the free electronic signature providers are not legally binding.

Why you ask?

The reason is simple.  Because we’re simply asking the wrong question.

Let’s start with authenticity. Most of the time, the number one question asked is… “How do you know the person who’s signing is the person who should be signing?”   Before we answer that question, let’s simply look at the way business is done today, and let me ask you a question first.  How are you sending documents to be signed today?  Are you faxing them?  Are you emailing them? Are you using a courier, USPS, or FedEx?  And if you are, when you receive a signed document today from any of the methods I just mentioned, how do you know the person who signed it is in fact that person.  Couldn’t anyone have signed that document?

In the case with DocVerify, we go above and beyond the traditional way, because in the electronic world we can collect lots of data that can prove that he or she is the person in question.   We have quite a few countermeasures in place, and they range anywhere from an email address to an actual voice print.  It’s pretty hard to try to say that’s not your voice.

So, now that we’ve answered that question, let’s ask the question we should be asking every provider.  How do I know that the document I signed is in fact the same document?  Anyone could’ve easily taken your electronic signature, placed it in or on the document, or even worse, changed or altered the electronically signed document.  Again, there’s no disputing that that’s your signature, but is that really the document you electronically signed?  In fact, Adobe Acrobat has many tools built right into it that would allow even the most novice person to quickly and easily change any PDF document.  Please check out our DocVerify YouTube channel where we demonstrate how easy it is to change a PDF document.

In the world of electronic signatures, you must do your due diligence when looking for the right provider.  If you go with a provider simply because they’re the biggest or the cheapest without validating what we just talked about, your electronically signed documents may be invalid according to the law because if it can be changed or altered then it fails the integrity criteria.

DocVerify started out as an electronic document security company, and in fact our expertise is in the area of document integrity.  DocVerify can prove when a document was created, where it was created from, who created it, and that the document is in fact the document in question.  Our patent pending 7 layers of protection not only protects the electronic copy, but also the hard copies too.  DocVerify even has watermarking technologies built right into each and every DocVerify-ed document, that in the event the document is tampered with, you will know instantly.  How many electronic signature providers can say that?  We not only utilize digital signatures, but we also utilize several different types of hashing and encryption technologies that helps protect every single document.  Even if we no longer have a copy of the document in our electronic vault, we can still prove its integrity.  Why settle for anything less?  Just make sure you ask the right questions…  Can you prove that’s the document I signed and that it has never changed or been altered?  And if so… Demand them to Prove It!

Please also take a look at Bruno Lowagie’s blog about how easily electronic signatures can be altered or changed, and how watch him demonstrate it too.

http://lowagie.com/fakesig

http://lowagie.com/esignatures4dummies

For more information please go to www.docverify.com

Advertisements

DocVerify Debuts New WebHook Feature for Instant Status of Electronic Signatures

DocVerify has released the new WebHook feature that allows users to instantly update the status of their electronic signatures on documents to any remote website. This innovative, powerful feature operates by doing a simple GET or a POST directly to any URL using WebHooks the moment a signer creates a new signature document, views a signature document or signs a document, once the document has completed the signature process.

A WebHook is a contract management tool that provides users with valuable information as soon as it happens, which means no more waiting to find out the status of e-signatures or having to pull the data. Users are able to register their own URL and then extend, customize and integrate that application with their own custom extensions or other applications on the World Wide Web.

According to DocVerify, “It’s very simple. After the system has been activated, you simply enter the URL of the page where you have set it up to receive DocVerify’s GETs or POSTSs, and the instant a signer performs an action, such as viewing an e-sign document or completing an e-signature document, your page is instantly notified of  the update. This allows you to quickly update the information on your own site without the need of constantly having to pull the data from DocVerify for status updates.

In addition, DocVerify’s new webhook feature is also designed to work in coordination with DocVerify’s voice signature system, not only the e-sign system. Once the user has set up the URL, each time a new voice signature document is created, a voice signature is requested, a call is answered, verified or recorded, the URL is immediately updated.

DocVerify’s new WebHook feature offers vital help for any contract management or document management needs, ensuring instant notification of electronic signatures and more.

DocVerify And Ingram Micro Announce Partnership For Electronic Signatures

DocVerify a leader in secure online electronic signature technologies has partnered with Ingram Micro, the largest technology distributor in the world to deliver DocVerify’s services in the cloud.

The partnership with Ingram Micro will enable VAR’s and resellers to utilize and resell one of the most secure electronic signature systems on the market with one of the most user friendly systems from a signers point of view.

DocVerify Releases New Phone Verification and Voice Recording Tools for Electronic Signature and Digital Signature Signers

DocVerify, the provider of industry-leading digital signature and electronic signature solutions, has released new phone-based verification and voice recording tools that offer better security and identity validation.

DocVerify has released the first of its kind for any electronic signature and digital signature provider, powerful new tools designed to enhance security and provide advanced authenticity via phone verification and voice recording. These work hand-in-hand with the company’s electronic signature and digital signature process and result in legally binding contracts and documents for non-repudiation.

Signature requestors are able to enjoy significant benefits here, and individuals can also enjoy enhanced security from the chance of identity theft. The phone verification product works very simply, and provides the benefits only an electronic signature can offer.

Signature requestors are able to request verification of phone numbers through either SMS or through an automated phone system before the user is allowed to continue with the signing process. With an SMS notification, the user simply inputs their phone number, and. they will then receive a secret code via SMS.

This code must be input into a text field on the website, so that the user and the phone can be connected for better authenticity and security. With the phone-based verification system, users simply input either their mobile number or a direct landline number. DocVerify’s automated system calls the number supplied, and asks for the secret code that appears on their screen. Once the code has been accepted, the user must repeat a phrase or state their name, which is recorded.

The voice is recorded and attached to the legally binding document as an electronic signature. In addition to the digital signature and electronic signature this ensures that the document is legal, and it also ensures that the person using the phone is the person in question, thereby reducing the potential for fraud and identity theft.

With the power of DocVerify’s electronic signature products like the new advanced phone verification and voice recording system, the problem of fraud, identity, and authenticity can be reduced.

Understanding E-Sign concepts and requirements

This is for informational purposes only.

Within the E-Sign Act there are three consistent concepts that are either acknowledged in almost every law, guideline or opinion as it relates to electronic signatures.  The concepts are the Authentication of the signer, the Integrity of the signed document, and Non-repudiation of the signature and the intentions of the signers.  The following sections will explain these concepts in detail, as well as assist in the understanding and compliance of these concepts.

Authentication

Authentication is defined as the act of establishing or confirming someone as authentic or in the world of electronic signatures, they are who they say they are.  There are many ways to accomplish this.  Traditionally, this may have been done by providing a passport, driver’s license or other forms of identification, but in the World Wide Web this is not always going to be a viable option, so other methods may be used.

The most common and perhaps popular way on the Internet today is to use an email based identifier.  Most people who have an email address have probably experienced this at some point.  You may have encountered a web site where you were required to put in your email address.  That site then emails you a verification code or a link that you had to click on. After you enter the verification code provided, you were then a verified member.  This method is typically known as an email based ID system.

There are also other ways to prove identity or validation using third party solutions.  In other words, use a method where the person or entity has presumably already been verified through.  Again, you may have already experienced this.  Some sites may require a credit card number, address or zip code, or maybe even an account number.  The presumption is that the person told the truth to those entities, and it should match the information provided on the website.

The point being there are countless methods for authenticating and identifying individuals. 

Integrity

Integrity in the electronic world simply means that there is a reasonable belief that the file or document in question has not been tampered with or altered by anyone or anything since its creation or since it was signed.  The concept of integrity is straightforward and easy to understand, and its requirement is completely justified.  Say for example you’re dealing with a paper document, some discrepancies are easy to find, but with electronic documents it can be very difficult if not impossible to manually or even visually tell if a document has been altered.  In order to demonstrate or prove document integrity a service may use an encryption algorithm or fingerprint to lock a file once it has been completely signed.  Going even beyond that, some of the better services such as DocVerify will continually capture a documents fingerprint, and then create a final version of the document once it has been completely signed by also embedding fingerprints and certificates directly into the document.  Most fingerprinting technology which is in use today for the purposes of identification can be more accurate that even DNA.

 Non-repudiation

Non-repudiation is a concept of ensuring that a party in a dispute cannot refute the validity of an electronic document.  Someone can always say, “That is not my signature” and claim their signature was forged.  After all, someone could have easily copy pasted an image of the persons signature they found on the Internet, and fax it back to you.  Under most circumstances you can never be 100% certain that the person you are doing business with is in fact who they say they are.  Even if the person is there physically there can still be a risk.  You are probably aware of this fact, but identity theft is the fastest-growing form of crime, and criminals are doing more with your identity than buying things on Amazon.  So what can you do to protect yourself against electronic signature fraud or abuse?

Electronic signature systems such as DocVerify use various verification methods to insure the signer understands the purpose and the intent of the signature process as well as protecting the document itself from tampering.  However, the road to successful electronic signature implementations lies in the careful understanding of all three concepts.  Too many providers out there cut corners, which may hurt you in the long run such as allowing multiple signers to use the same email address.

The bottom line is it’s important to combine good business practices with a solid electronic signature system such as DocVerify which will make non-repudiation less of an issue.

For more information about electronic signatures, please visit www.docverify.com

references: www.isaacbowman.com

Companies Use DocVerify to Maintain the Integrity of Documents as Risk Mitigation and Cyber Security Concerns Rise

IRVINE, Calif. – The digital age has ushered in a vast number of solutions designed to facilitate the ease and speed of the transfer and sharing of corporate, legal and personal documents. Unfortunately for companies and individuals, the development of these solutions has outpaced innovations in electronic document security, leaving documents vulnerable to internal, external and online threats, including theft and fraud. In response to alarming statistics and increased concerns over cyber security, DocVerify now delivers an unparalleled solution for companies and individuals committed to making document management, contract management and risk mitigation top priorities. Providing seven layers of protection developed using sophisticated encryption standards, and full document audit trails, DocVerify is the first top-tier document verification system that lets users guarantee the authenticity and integrity of any document from their Internet browser.

According to recent data, more than 35 million data records were illegally accessed in 2008, and more than 83 million records were compromised. The rise in illegal altering and theft of proprietary documents can be attributed in part to still-evolving electronic security infrastructures and standards, and widely held myths about electronic document security. An overwhelming number of Internet users believe that a PDF file cannot be altered and that it is secure. This is one of many common misperceptions that the developers of DocVerify hope will cease to exist as more companies and consumers become better informed, and seek ways to protect themselves and their documents from fraud and tampering.

“There are a number of myths surrounding which areas of the web are secure electronic environments, and which types of documents and protocols are tamper-proof,” said Darcy Mayer, DocVerify’s Chief Technology Officer. “To mitigate risk, our software provides conclusive proof of when, where, what, and by whom any electronic document was created once it is processed through our system. Our goal is to offer a system that provides users with unparalleled protection and the assurance that regardless of the format the document was created in and who they shared it with, the authenticity and integrity of the document won’t be compromised.”

DocVerify is a revolutionary Software as a Service (SaaS) designed to help companies and individuals protect the authenticity and integrity of corporate, legal and personal documents and mitigate the risks associated with online file transferring, sharing and storing. With DocVerify, users can prove that a document existed at a given point and time. The software’s two-factor authentication, document encryption standards, sequential document system and PKI hashing features make it one of the industry’s most secure methods of protecting critical data and files. In fact, the software is so secure that not even the company’s IT personnel can view protected files. DocVerify data centers are all SAS 70 type II certified facilities, and all actions are recorded in a tamper-proof audit trail. Additionally, each document is watermarked and time stamped.

DocVerify ensures the long term preservation, accessibility, and authenticity of electronic documents while maintaining legal compliance and eliminating the risk of lost documents. It also facilitates the independent verification of electronic documents that have been DocVerify-ed in the event of a dispute, saving valuable time and money associated with electronic discoveries, lawsuits or legal proceedings.

“Our software has been used by attorneys, mortgage brokers, government agencies and online retailers, among other groups and organizations,” said Mayer. “The added assurance of a document’s authenticity and integrity creates trust between parties, and is critical to protecting individuals and businesses from unforeseen risks and disputes.”While an increasing number of companies are taking steps to utilize advanced software and implement policies to help protect valuable documents and manage risks, most individuals still fail to make personal document security a priority, despite increasing reports of identity theft and fraud. According to recent studies, over 80 percent of people use inadequate measures to protect data.

“One of the most common ways data breaches occur is through the theft and access of laptops,” said Mayer. “Most individuals don’t realize how valuable the information on their personal laptops is until it’s been stolen, and unfortunately 97 percent of them are never recovered. We want to help individuals protect themselves in the event of an unfortunate circumstance. Individuals can use our software to securely protect their documents, e-sign documents, and track and validate their documents. It’s fast and easy to use, and with reports of identity theft and other accounts of fraud at an all time high, there’s no better way to ensure their peace of mind.”

To learn more about how to protect corporate, legal and personal documents from theft and fraud, visit www.docverify.com. DocVerify provides several digital security solutions, including E-Signatures, Quick Notes, API Web Services, E-notary and Encrypted Storage and Vaulting.

About DocVerify

DocVerify, a Southern California company, is the world’s first electronic and document time stamping and verification service. The company’s revolutionary software and encryption technology is used by state and local governments, businesses and consumers to electronically protect the authenticity and integrity of legal and other documents. For more information, visit www.docverify.com.