Know your buzzwords: electronic and digital signatures
Signatures have been a part of society for almost as long as civilization itself. Whether it’s an artist proclaiming their work, a binding document that requires authority, or simply receiving a package, signatures are an accepted method of confirmation.
The evolution of cryptography and technology in recent years, means electronic signatures or e-signatures have become ever more common. Their security and convenience mean that they are replacing “wet” signatures in many contexts.
What are e-signatures?
E-signatures allow people and entities to identify and authenticate themselves, and even digitally sign electronic documents, data, and records. Much of the world – especially the business world – has moved online and this, coupled with the need to reduce paper waste has resulted in the wider use of electronic signatures.
Operating almost exclusively electronically and online is the new norm, and this has made e-signatures a crucial component of business in a post-COVID world.
Types of e-signatures
There are many different types of e-signatures, each of which varies in terms of how they are applied, how they are captured, and what they can be used for.
A Click-to-Sign signature is the most commonly used form of electronic signature. Click-to-sign allows the user to enter a simple signature (typically a typed name or ID number, or template image signature) to acknowledge what they’ve signed and identify themselves as the signatory. These signatures are mainly for simple things like deliveries – they offer no real certification of the signee and offer very little legality or protection as it is difficult to confirm who actually signed the document.
Basic or standard electronic signatures offer a little more protection and help ensure the reliability of the signer, as they are protected with a cryptographic digital certificate, user confirmation and action (such as an OTP sent to their cell phone), and a trusted timestamp. The cryptographic digital certification ensures that the document has not been tampered with after signing, the user and action help in identity validation, and the trusted timestamp helps with the longevity of the signature.
Lastly, there are digital signatures, of which there are two types: advanced and qualified e-signatures. The terms electronic signature” and “digital signature” are often used interchangeably, however, a digital signature is a highly secure type of digital signature, and currently has the highest trust and authority for e-signatures.
An advanced electronic signature (AES) uses similar technology to standard electronic signatures but adds an extra layer of security and reliability by assigning a unique “signing key” to every signatory. This signing key links a user’s registered and verified identity to each of their signatures, allowing for proven identity.
A qualified electronic signature (QES) is slightly better than an AES, as the signer’s identity is verified by a qualified Certificate Authority when registering for the digital certificate.
Current issues with e-signatures
E-signatures have gained a lot of traction recently and some forms of e-signaturesmay even do a better job of identifying and confirming the signature of a signatory.
Some industries and authorities still do not fully accept the validity of documents signed electronically or digitally, however. This is because it can be difficult to confirm whether the correct signatory signed the document, knows that they signed it and that there was no tampering. This means that certain circumstances require the signatory to be physically present and witnessed signing the document at the time of signing.
Although AES and QES were developed to overcome these shortcomings and do it well, they are comparatively new technologies. It will still take some time to normalise their use and get them approved across the board.
That said, advances in technology, digital transformation, and the growing need to conduct business remotely and online mean that it’s only a matter of time before electronic signatures become the norm.