Most Electronic Signatures Are Not Legally Binding

In one of our earlier blogs, we explained the three (3) required criteria: authenticity, integrity, and non-repudiation which are required for any legally binding electronic signatures.  Unfortunately to no fault of a document originator or the signer of a document, most of the electronic signature services provided by some of the biggest electronic signature providers to the smallest, and most of the free electronic signature providers are not legally binding.

Why you ask?

The reason is simple.  Because we’re simply asking the wrong question.

Let’s start with authenticity. Most of the time, the number one question asked is… “How do you know the person who’s signing is the person who should be signing?”   Before we answer that question, let’s simply look at the way business is done today, and let me ask you a question first.  How are you sending documents to be signed today?  Are you faxing them?  Are you emailing them? Are you using a courier, USPS, or FedEx?  And if you are, when you receive a signed document today from any of the methods I just mentioned, how do you know the person who signed it is in fact that person.  Couldn’t anyone have signed that document?

In the case with DocVerify, we go above and beyond the traditional way, because in the electronic world we can collect lots of data that can prove that he or she is the person in question.   We have quite a few countermeasures in place, and they range anywhere from an email address to an actual voice print.  It’s pretty hard to try to say that’s not your voice.

So, now that we’ve answered that question, let’s ask the question we should be asking every provider.  How do I know that the document I signed is in fact the same document?  Anyone could’ve easily taken your electronic signature, placed it in or on the document, or even worse, changed or altered the electronically signed document.  Again, there’s no disputing that that’s your signature, but is that really the document you electronically signed?  In fact, Adobe Acrobat has many tools built right into it that would allow even the most novice person to quickly and easily change any PDF document.  Please check out our DocVerify YouTube channel where we demonstrate how easy it is to change a PDF document.

In the world of electronic signatures, you must do your due diligence when looking for the right provider.  If you go with a provider simply because they’re the biggest or the cheapest without validating what we just talked about, your electronically signed documents may be invalid according to the law because if it can be changed or altered then it fails the integrity criteria.

DocVerify started out as an electronic document security company, and in fact our expertise is in the area of document integrity.  DocVerify can prove when a document was created, where it was created from, who created it, and that the document is in fact the document in question.  Our patent pending 7 layers of protection not only protects the electronic copy, but also the hard copies too.  DocVerify even has watermarking technologies built right into each and every DocVerify-ed document, that in the event the document is tampered with, you will know instantly.  How many electronic signature providers can say that?  We not only utilize digital signatures, but we also utilize several different types of hashing and encryption technologies that helps protect every single document.  Even if we no longer have a copy of the document in our electronic vault, we can still prove its integrity.  Why settle for anything less?  Just make sure you ask the right questions…  Can you prove that’s the document I signed and that it has never changed or been altered?  And if so… Demand them to Prove It!

Please also take a look at Bruno Lowagie’s blog about how easily electronic signatures can be altered or changed, and how watch him demonstrate it too.

http://lowagie.com/fakesig

http://lowagie.com/esignatures4dummies

For more information please go to www.docverify.com

Advertisements

Understanding E-Sign concepts and requirements

This is for informational purposes only.

Within the E-Sign Act there are three consistent concepts that are either acknowledged in almost every law, guideline or opinion as it relates to electronic signatures.  The concepts are the Authentication of the signer, the Integrity of the signed document, and Non-repudiation of the signature and the intentions of the signers.  The following sections will explain these concepts in detail, as well as assist in the understanding and compliance of these concepts.

Authentication

Authentication is defined as the act of establishing or confirming someone as authentic or in the world of electronic signatures, they are who they say they are.  There are many ways to accomplish this.  Traditionally, this may have been done by providing a passport, driver’s license or other forms of identification, but in the World Wide Web this is not always going to be a viable option, so other methods may be used.

The most common and perhaps popular way on the Internet today is to use an email based identifier.  Most people who have an email address have probably experienced this at some point.  You may have encountered a web site where you were required to put in your email address.  That site then emails you a verification code or a link that you had to click on. After you enter the verification code provided, you were then a verified member.  This method is typically known as an email based ID system.

There are also other ways to prove identity or validation using third party solutions.  In other words, use a method where the person or entity has presumably already been verified through.  Again, you may have already experienced this.  Some sites may require a credit card number, address or zip code, or maybe even an account number.  The presumption is that the person told the truth to those entities, and it should match the information provided on the website.

The point being there are countless methods for authenticating and identifying individuals. 

Integrity

Integrity in the electronic world simply means that there is a reasonable belief that the file or document in question has not been tampered with or altered by anyone or anything since its creation or since it was signed.  The concept of integrity is straightforward and easy to understand, and its requirement is completely justified.  Say for example you’re dealing with a paper document, some discrepancies are easy to find, but with electronic documents it can be very difficult if not impossible to manually or even visually tell if a document has been altered.  In order to demonstrate or prove document integrity a service may use an encryption algorithm or fingerprint to lock a file once it has been completely signed.  Going even beyond that, some of the better services such as DocVerify will continually capture a documents fingerprint, and then create a final version of the document once it has been completely signed by also embedding fingerprints and certificates directly into the document.  Most fingerprinting technology which is in use today for the purposes of identification can be more accurate that even DNA.

 Non-repudiation

Non-repudiation is a concept of ensuring that a party in a dispute cannot refute the validity of an electronic document.  Someone can always say, “That is not my signature” and claim their signature was forged.  After all, someone could have easily copy pasted an image of the persons signature they found on the Internet, and fax it back to you.  Under most circumstances you can never be 100% certain that the person you are doing business with is in fact who they say they are.  Even if the person is there physically there can still be a risk.  You are probably aware of this fact, but identity theft is the fastest-growing form of crime, and criminals are doing more with your identity than buying things on Amazon.  So what can you do to protect yourself against electronic signature fraud or abuse?

Electronic signature systems such as DocVerify use various verification methods to insure the signer understands the purpose and the intent of the signature process as well as protecting the document itself from tampering.  However, the road to successful electronic signature implementations lies in the careful understanding of all three concepts.  Too many providers out there cut corners, which may hurt you in the long run such as allowing multiple signers to use the same email address.

The bottom line is it’s important to combine good business practices with a solid electronic signature system such as DocVerify which will make non-repudiation less of an issue.

For more information about electronic signatures, please visit www.docverify.com

references: www.isaacbowman.com

DocVerify Electronic Signature Now Available on AppExchange from Salesforce.com

DocVerify, a leading pioneer in advanced digital security solutions and encryption technology, today announced the availability of Electronic Signatures for salesforce.com’s Force.com AppExchange. The application transforms workflows by facilitating one-click processing of contracts and other documents requiring electronic signatures, while digitally maintaining the documents’ integrity with seven layers of protection. Additionally, the application eliminates mountains of paperwork, mitigates common risks associated with paper-based signatures, and saves businesses money on postage, printing and storage. E-Signature is immediately available for test drive and deployment on the Force.com AppExchange at http://www.salesforce.com/appexchange/.

DocVerify Electronic Signatures systematically changes the way companies do business by providing a seamless and efficient electronic signature and file storage solution that can be easily adopted without training. To request legally binding electronic signatures from business partners, clients, employees and other individuals, Salesforce CRM users simply upload their document, specify the recipients and send the notification. The signers then receive an email with a link for document viewing, and upon clicking, the document is signed, secure and fully admissible in a court of law.

 “When companies use DocVerify’s electronic signature solutions, they are able to assure their clients, customers, colleagues and business partners that documents will be processed quickly, efficiently and in a way that maintains their trust,” said Darcy Mayer, chief technology officer. “DocVerify ElectronicSignatures makes the document signing process more efficient for all parties involved, and helps maintain more organized, streamlined business operations.”

DocVerify Electronic Signature is widely used by sales professionals, real estate agents, human resources managers and notaries throughout the United States who rely on electronic signature solutions to ensure seamless business transactions. The system supports multiple file types, including PDF’s. All documents signed with DocVerify E-Signature are stored securely in an electronic vault and can be easily accessed at any time by all parties authorized to view the documents. Additionally, all documents are easily searchable by client or project name, sign date, signer name and other criteria.

 “The pace that defines today’s business environment demands electronic signature solutions and other business applications that are well-suited for companies that highly value efficiency,” said Lauren, Business Development. “Salesforce.com and partners like DocVerify on the AppExchange help companies leverage advanced electronic signature solutions to meet the demands of their industries, and give them easy access to innovative tools that will support their growth, help them maintain high standards and help take them to the next level.”

 About the Force.com Platform and AppExchange

Force.com is the only proven enterprise platform for building and running business applications in the cloud.  The Force.com platform powers the Salesforce CRM applications, more than 800 ISV partner applications like those from CODA and Fujitsu, and more than 85,000 custom applications used by salesforce.com’s 51,800 customers such as Japan Post, Kaiser Permanente, KONE and Sprint Nextel.

 Force.com is the fastest platform for building and deploying complex business applications.  Unlike a stack of disparate client/server hardware and software products, Force.com unifies the development and deployment model from the database to the device, allowing developers to easily assemble applications with clicks, components and code, and then instantly deploy them on salesforce.com’s trusted global infrastructure.  Customers and partners are using Force.com to build all kinds of business applications from supply chain management to compliance tracking, brand management, accounts receivable, claims processing applications and much more.

 Applications built on the Force.com platform can be easily distributed to the entire cloud computing community through the Force.com AppExchange marketplace at http://www.salesforce.com/appexchange/.