Europe is set to follow America and adopt e-signatures as the ‘de facto approach’. Those are the findings from a recent paper from Forrester Research analyst Craig Le Clair.
The report, ‘Four Predictions for European E-Signature Adoption’, forecasts strong growth over the next two years for vendors in Europe as advances in technology improve the customer experience and the new EU regulations referred to as “eIDAS” make the legal framework more consistent and reduces risks for adopters.
From the user and enterprise architect’s point of view, e-signatures are a powerful alternative to traditional paper and ink signatures. Digitising the signing process can save money and time; make transactional contracts less taxing; free staff from routine paperwork with bulk signing options; make paper trails clearer with tracking and auditing functions; remind people when it’s their turn to sign with automatic email prompts; cut archiving costs and retrieval times with online libraries; and allow users to sign anywhere, any time and from any device with cloud-based solutions.
Importantly, e-signatures also prevent fraud and reduce compliance failures. Multiple authentication factors — PINs, one-time passwords and hardware tokens can provide proof of identity. Cryptographic codes embedded into the document ensure data integrity, proving a document hasn’t been tampered with after it has been signed and that the signer’s e-ID and associated credentials are still valid.
Therefore, signing electronically can be more efficient, cost effective and greener, so surely every solution is the same? Sadly not. Not all e-signatures are secure enough for business processes so it is important for the IT department and business to understand the differences.
- Basic e-signatures - includes any e-marks e.g. names typed at the ends of emails. These are very easy to copy and unlike ‘wet’ signatures will not stand up in court.
- Biometric e-signatures - gathers information unique to the user, for example, the speed and pressure of their signature before attaching it to a document. Unlike hand-written signatures, these can only be applied and verified using expensive hardware and proprietary software, and like basic e-signatures, are susceptible to spoofing and hacking.
- E-signatures with witness digital signatures – a combination of a basic e-signature mark applied by the user and a long-term digital signature applied by the service provider. These can only be verified using the service provider’s logs, so they might not be secure in the long term — what happens if the service provider goes bust?
- Advanced Electronic Signatures (AES) – as detailed below, a type of e-signature which uses a unique signing key to verify parties.
Advanced Electronic Signatures
To deliver the desired business benefits, organisations need an optimal solution which balances ease of use, costs, security and legal-acceptability. Ultimately this means advanced electronic signing technology.
Advanced Electronic Signatures (AES) are a special subset of e-signatures which require each user to have their own unique cryptographic signing key, based on Public Key Infrastructure (PKI) technology. ETSI, the European standards body, has defined a set of AES standards, with the PDF document signing standard referred to as PAdES the most popular.
Any organisation within Europe which is considering deploying a signing service needs to keep a close eye on the EU eIDAS regulations and how these can be implemented for PDF documents using the ETSI PAdES specifications. These regulations and technical specifications ensure trust, security and compliance as well as legal-recognition across Europe.
These signatures can be easily integrated into existing software by a service provider using simple APIs and verified in universally available PDF readers. Flexible service agreements mean solutions can be hosted on the cloud, with the option of migrating to on-premise hosting for additional speed, security and control at a later date.
Advanced Electronic Signatures are the middle ground between basic and top-end EU qualified signatures, which require face-to-face registration with a digital Certificate Authority (CA) and investment in special tamper-resistant hardware. Advanced Electronic Signatures are extremely hard to repudiate in court, easy to use and more cost-effective than other methods.
Digital signatures are becoming increasingly common, as EU legislation recognises the growing importance of a universal regulation for global business and government transactions. Businesses should consider a secure signature solution that complies with long-term validation standards to ensure they aren’t left behind.
Liaquat Khan, Technical Director, SigningHub by Ascertia