Identities and eSignatures

Business Solutions

There are steps you can take to reduce risk by checking the identity of the company and individual you are dealing with. Once you are sure of your partner's identity. You can also sign legally binding contracts via the internet.

There are 4 steps you should take here:

Have you checked that the company is registered with the relevant Official Company Registration Office?
Is the person you are dealing with authorised to negotiate\contract with you i.e. a director?
Is the person you are dealing with actually that person?
Have the documents you exchanged been legally signed by your counterparty?

Whether in the digital or physical world, you should carry out the same level of due diligence regarding the identity both of the signatory and the company they claim to represent.

For a more detailed introduction to Electronic Identification, Authentication and Trust Services (eIDAS), you may like to download the TTS eGuide to Electronic Identification, Authentication and Trust Services.

We have suggested using First Report with regard to credit standing – but you can start with:

In the UK, (free) searches at Companies House provide the details of UK companies
The equivalent of Companies House for companies based in other countries. These are listed under “Company Register” in the relevant Country Commercial Contacts Profile.

Once you have confirmed the details of the company – and possibly also checked their entry in Kompass for further details – you can cross-check the identity of the person with whom you are dealing (are they a director)? (listed on the website?). Can they be reached via the company’s switchboard? Do they have a company email address?

eSignatures are now recognised under English Law. In fact, from a number of points of view, they are preferable to signatures written by hand. This greatly facilitates B2B eCommerce allowing for the electronic exchange of signed commercial documents.

LawBite's Document Management Platform provides not only a legal library, and a system for the management of electronic documents but also the facility to e-sign documents. Print or e-sign - You have the option to download, print or send your documents digitally to use e-signing.

See the video: Checking, e-Signing and filing.

N.B. An eSignature is not simply a scanned image of a handwritten signature pasted into a document.

Electronic signatures provide three quantifiable benefits:

Speed of Signing

Electronic agreements can be signed at a fraction of the time of paper-based agreements, especially when signatories are not in the same physical location.

Sustainability

Signing electronically also results in reduced paper usage and the environmental impact of physically transporting agreements between locations.

Greater Security

With proper identity verification methods and audited IT infrastructure, an electronic signature is much more secure than paper-based signings.

Considerations for Choosing your eSignature Solution

How many electronic signatures do you expect to do?
What are your use cases? B2C, B2B, C2C, B2E (employee)?
How sure do you need to be on the identity of those signing? Under the EU eIDAS regulation, there are three levels of assurance as to the degree of confidence in the claimed identity of a signatory. These levels are: Low, Substantial, and High. The UK equivalent can be found at the ICO site.
Do you have any business system workflow you need to integrate with?
How future-proof do you need your signed agreements to be?
Can you trust your provider?
Can you trust the timing of the signatures? If need, use a Qualified Trust Service Provider, who can guarantee the time, in the same way, it guarantees the identity of the signer. Technically, this is called a time-stamp, which is added to the document in a similar way as a signature, and the QTSP is the entity that guarantees that the time-stamp is correct and can be trusted.
Do you envisage signing multiple documents with one signature?
Do you need multiple people to sign single documents?
Do you want to forward agreements for signing?

How should your eSignatures be delivered?

Email Delivery

Many signing solutions rely on email-based delivery of an agreement without requiring any additional form of identity verification.

Scribble on a Screen

This, in many cases, is the typical replacement for paper-based signatures and is familiar for the users. Unfortunately, this gives no assurance of the signer’s identity.

SMS OTP

SMS OTP is the process of sending a random code to a mobile number, and this code is input to show that it has been received. This proves that the user signing has access to the device, but does not provide verified identification.

Signing with a third-party Electronic ID

Some countries, particularly in the Nordics and Benelux regions, have access to third-party electronic identities (such as BankID), as provided by their governments or banks. These eIDs can be used to sign electronic agreements.

Signing with Identity Documents

Some signing solutions leverage ID document scanning (such as passport or driver’s license) or NFC reading of the document as a way to verify the signer’s identity.

Document Security & Future Proofing Agreements

When generating digital signatures, digital certificates are involved. A digital certificate has an expiry time, after which it is no longer valid. It may also be revoked at any time, and the certificate authority maintains lists of these revoked certificates.

Digital signatures are based on mathematical algorithms, which can be attacked by advances in mathematics, software, and hardware. The algorithms used for digital signatures 10 years ago are no longer secure, and it is simple to forge a document that looks like it was signed 10 years ago.

The above challenges are addressed by adding long-term-validation information into the document. This is done by a Qualified Trust Service Provider, which collects all the evidence and embeds this into the signed document. (See tScheme Members for UK TSPs or The EU Commission site for EU TSPs.)