How to Choose a Digital Signature

Folk in the finance industry will have heard how a rogue trader, Nick Leeson, accumulated incredible unauthorized trading losses of around one billion dollars, single-handedly bringing down one of the oldest banking institutions in England.

The truth is, the forgeries he committed could have been perpetrated by staff at any financial institution; provided that it operates in a business process environment that still advocates the printing of electronic documents for signing purposes. In today’s business and legal environments, signatures are the most common legal way to ensure the accountability of the signer. Despite the very real threat posed by forgeries these are still the most popular (and legal) methods used by businesses.

Fortunately there are ways to overcome this. One of the simplest is to implement an electronic approval system secured by a digital signature solution. These technologies can guarantee electronic documents are sealed from changes, be they incidental or even the result of a forgery committed by a rogue trader.

In addition to the security aspect, digital signatures offer a myriad of other benefits, such as the drive to adopt paperless business processes (doing away with the associated high costs of printing, archiving and mailing); and compliance with legal and industry regulations.

As finance managers are more concerned with dollars and cents, and rightly so, this article will focus on the main criteria around choosing a standard digital signature solution. While not all are obvious, these criteria are critical make-or-break factors for the smooth implementation, management and use of such a system.

Sign & Seal

A digital signature system that purports to be worth its weight in gold has to ensure it can seal any electronic document. It guarantees that if the seal is broken, the changes are evident, be they incidental, the result of a late night hacking or the attempted forgery of your signature.

To ensure digital signatures seal and legally bind your documents, choose a solution that is based on a standard digital signature technology - PKI (Public Key Infrastructure).

Make sure that the digital certificates underpinning your digital signature solution are not self-signed, which if they were, would create a highly dangerous repudiation scenario.

Rules & Regulations

The finance industry like many others is subject to regulations, and as such, compliance is of paramount importance. Each regulation has its own specific requirements. For example, SOX, the Electronic Signatures in Global and National Commerce (ESIGN) regulation, and the Uniform Electronic Transactions Act (UETA), have numerous requirements that are not met by most digital signature solutions. At the end of the day it’s advisable to review the regulations for your industry and make sure the solution covers all those requirements.

Transportability

As banking is a global business, chances are good you will need your signed documents to be Worldwide Verifiable. This means that your customers or partners can validate your signed electronic documents without having to install any third party software. The truth is, not every digital signature may be transportable outside of your organization. In fact, they are not always embedded in your document. Make sure to use a standard signature solution that is also valuable outside of your organization and the system within it was created.

May we see your signature please?

Digital signatures are the equivalent of wet-ink signatures in the digital realm, enabling organizations to sign documents electronically, guarantee signer authenticity, accountability, data integrity and the non-repudiation of documents and transactions.

However, of the standard applications that have digital signature support, almost all lack graphical signature support. This is a major shortcoming. Graphical signatures, while obviously ensuring the signature is visually noticeable, also have a psychological impact: the signer is reassured they have actually signed the document and that it is now legally compliant.

Support for Commonly Used Applications

Of course any digital signature solution has to provide multiple application support so you can sign a Word, Excel, or PDF files with ease. For example, in Excel you would need to ask if the digital signature solution you are evaluating signs a single sheet, a range of cells or only the entire document. If it’s two out of three, you need to keep on looking.

Sign here. And here, and here…

OK. You now know your applications support Digital Signatures and you can sign documents, but how many people can actually sign the same document? Unless your solution has support for multiple signatures you can forget about your CEO signing the leave form you were just about to submit. Electronically, that is

User Friendly

The implementation of your digital signature solution must be as transparent as possible. You want to make sure staff can sign straight away without using a “wizard” to enroll or call on the IT department to correct the spelling of their name. It should take a single click to ensure your document is signed, sealed and legally compliant.

Zero IT Management

Be aware that the time to deploy a system is typically lengthy and resource-intensive. Your IT department could find itself hiring a specialist who could spend weeks every year just managing the average digital signature solution. And it may not end there. Some organizations have been known to even implement a helpdesk just to assist staff who can’t figure out how to digitally sign their documents. Phew. At the end of the day, if you want to avoid this kind of scenario you need to ensure your solution is operational the moment it is hooked up to your network and that the “Zero-Management” requirement on your checklist is met.

Total Cost of Ownership

Having cut paper expenditure to a minimum by eliminating the need to sign-off on electronic documents, purchasers of digital signature solutions are understandably happy. But not everyone considers the hidden costs that lurk behind any technology implementation. To ensure you don’t get caught out you need to take the following factors into account: initial cost, deployment, help desk, digital certificates (which may be a recurring annual cost) and development of support for the application you’re going to sign with.

Now that you’ve read this brief guide on choosing a digital signature solution I hope you are in a stronger position to choose a system that will best suit your needs. Whichever option you choose, make sure it adheres to all the points raised in this article.