A lot has changed in both our work and personal lives over the last couple years and many of the new protocols and behaviors are here to stay. With the popularity of remote work, processes that may have been done in person or required an actual handwritten signature are now turning to electronic solutions. What was once a distinctive way to identify ourselves or make a personal statement, an actual handwritten signature in ink, is quickly becoming obsolete.
The use of electronic signatures is growing rapidly. According to MSB Docs, Global eSignature transactions increased from 89 million to 754 million in just five years, and it’s expected to hit $9.1 million by next year. While eSignatures are certainly convenient, can be more cost effective and increase workflow and data security, there are legal risks to consider when using eSignatures.
Electronic signatures are regulated by the Electronic Signatures in Global and National Commerce Act (ESIGN), the Uniform Electronic Transactions Act (UETA) and the 21st Century Integrated digital Experience Act. Electronic signatures are allowed in place of pen and ink on paper documents and no specific technology is required for an e-signature to be legally binding, but eSignatures must have the following: an intent to sign, a consent to do business electronically and the signer’s authenticity must be able to be verified.
More and more companies are taking advantage of the convenience of eSignatures but, you should always confirm that your particular line of business does not have any regulations or restrictions on the use of eSignatures.
Verifying an individual’s identity is actually easier with an eSignature as opposed to a wet signature which can easily be forged or tampered with. Unlike wet signatures, eSignatures have more layers of security to ensure authenticity. Document management systems can verify someone’s identity and ensure the signature hasn’t been altered through Public Key Infrastructure (PKI). A PKI uses a technology that generates code known as “keys” – a private key and a public key. By using this two-key encryption system, PKI secures electronic signatures as they are passed back and forth between two parties.
Additionally, the information that can prove your identity is embedded in the eSignature itself. Through these keys your name, email address, IP address and a time stamp of the transaction can all be confirmed.
While digital signatures are much more commonplace, they don’t come without some security vulnerabilities. For example, cybercriminals can steal the private trusted keys and execute your signature on documents you didn’t intend to sign or even use the keys and your signature for identity theft. Additionally, malware can also be hidden or invisible on a document you are signing electronically. In the case of phishing scams, an attacker can send you a document to sign that requires you to enter personal information or which can link to a malicious document which may install malware on your computer. This malware can then be used to access your personal information.
It’s important to make sure whatever you are signing is through a trusted document management source that uses Public Key Infrastructure (PKI), an industry standard technology, and that you are confident in who sent you the document to be eSigned.
Electronic signatures have changed the way we do business. Virtually any business agreement that can be signed with a pen and paper can be signed electronically. As this technology becomes the new norm, it’s important to not only understand how it works, but to also understand the risks associated with the convenience of electronic signatures.
Author: Victoria (Tori) Kelly is a litigation associate at The Cavanagh Law Firm focusing on insurance defense, insurance coverage and bad faith, first party insurance disputes, products liability, premises liability, and insurance special investigations.