AZ Big Media 3 Risks of Electronic Signatures
Much has changed in our professional and personal lives over the past two years and many of the new protocols and behaviors are here to stay. With the popularity of remote working, processes that could have been done in person or required an actual handwritten signature are now turning to electronic solutions. What was once a distinctive way of identifying oneself or making a personal statement, an actual handwritten ink signature, is quickly becoming obsolete.
The use of electronic signatures is growing rapidly. According to MSB Docs, global e-signature transactions have grown from 89 million to 754 million in just five years, and are expected to reach $9.1 million by next year. While e-signatures are certainly convenient, can be more cost effective, and increase workflow and data security, there are legal risks to consider when using e-signatures.
Electronic signatures are regulated by the Electronic Signatures in Global and National Commerce (ESIGN) Act, the Uniform Electronic Transactions Act (UETA), and the 21st Century Integrated Digital Experience Act. Electronic signatures are permitted in place of pen and ink on paper documents and no specific technology is required for an electronic signature to be legally binding, but electronic signatures must have the following: an intent to sign, a consent to do business electronically and the authenticity must be verifiable.
More businesses are taking advantage of the convenience of electronic signatures, but you should always confirm that your particular industry has no regulations or restrictions on the use of electronic signatures.
Verifying an individual’s identity is actually easier with an electronic signature as opposed to a handwritten signature which can easily be forged or forged. Unlike wet signatures, electronic signatures have more layers of security to ensure authenticity. Document management systems can verify a person’s identity and ensure that the signature has not been tampered with through public key infrastructure (PKI). A PKI uses technology that generates a code called “keys” – a private key and a public key. By using this two-key encryption system, PKI secures electronic signatures when transmitted between two parties.
In addition, information that can prove your identity is embedded in the electronic signature itself. Using these keys, your name, email address, IP address, and a timestamp of the transaction can all be confirmed.
Although digital signatures are much more common, they are not without security vulnerabilities. For example, cybercriminals can steal trusted private keys and execute your signature on documents you did not intend to sign or even use the keys and your signature for identity theft. Additionally, malware can also be hidden or invisible on a document you e-sign. In the case of phishing scams, an attacker may send you a document to sign that asks you to enter personal information or may be linked to a malicious document that could install malware on your computer. This malware can then be used to gain access to your personal information.
It’s important to make sure that everything you sign goes through a trusted document management source that uses Public Key Infrastructure (PKI), an industry-standard technology, and that you know who sent you the document to be signed electronically.
Electronic signatures have changed the way we do business. Virtually any business agreement that can be signed with pen and paper can be signed electronically. As this technology becomes the new normal, it is important to not only understand how it works, but also to understand the risks associated with the convenience of electronic signatures.
Author: Victoria (Tori) Kelly is a litigation partner at The Cavanagh Law Firm focusing on insurance defense, insurance coverage and bad faith, first party insurance disputes, product liability, premises liability and special insurance investigations.