Signed, secured, delivered: Authenticating digital agreements in the time of Web3

Sameer Hajarnis,

With the digital economy flourishing, both organizations and consumers are becoming more comfortable making high-value transactions online. To keep up with Web3, organizations have had to offer flexible, digital alternatives to their business processes. Among these processes is the electronic signature, or rather “e-signature,”– the digital alternative to signing documents in person. Although e-signatures ease the consumer process, many organizations neglect security practices throughout the transaction lifecycle. In parallel, remote online notarization is also becoming more commonplace, with high-value transactions including contractual agreements, mortgages, and powers of attorney, becoming digitized. As the threat landscape continues to progress, there is a growing concern that hackers will increasingly manipulate the integrity of digital agreements, especially as more transactions of higher and higher value are taking place online.

According to MSB Docs, 65% of companies using pen and paper report that collecting physical signatures add an entire day to their work process. In addition to accelerating workflow, E-signature improves customer experience, eliminates errors, tracks processes, etc. The commoditization of e-signatures happened so quickly, but it was so convenient that many organizations neglected security measures when implementing these digitized processes.

Along with this, cyberattacks are becoming increasingly sophisticated; recently, The Neustar International Security Council found that only about half of companies have the necessary budgets to meet their current cybersecurity requirements. This is especially alarming for industries that conduct high-value transactions online, such as banking, healthcare, government, etc., because a person’s most critical information could potentially be exposed. According to the Insurance Information Institute, there was a 45-percent increase in identity theft in 2020, and the rapid digital transformation that took place during 2020 would not have helped improve this figure.

The main reason why companies continue to abandon cybersecurity is because they believe it will disrupt the customer journey. Abandonment and customer drop-off are through the roof and today, the slightest inconvenience will turn consumers away. While customers are looking for digital trust, many organizations believe security processes can disrupt the customer experience, but Digicert’s 2022 State of Digital Trust Survey found that 47% percent of consumers have stopped doing business with a company after losing trust in that company’s digital security. Another 84% of customers would consider switching providers.

With those consequences in mind, organizations should consider the following cyber initiatives to secure digital interactions.

Compliance

Organizations must comply with e-signature security requirements. Electronic signature solutions are regulated by the ESIGN and UETA. These acts were passed to (1) solidify the legitimacy of e-signatures in the business world, (2) ensure all parties have consented to conduct business electronically, and (3) authenticate the signer’s identity. Depending on a company’s location and/or industry, these regulations may differ.

In the past year, nine in ten Americans encountered a fraud attempt. To safeguard users’ identities and critical information, the government stepped in to enforce strict security measures. It is of the utmost importance that e-signature solutions act in accordance with these laws, as they ensure the highest level of security and reduce the probability of identity fraud.

When it comes to remote online notarization, the compliance requirements become even more complex. Where a traditional notarization calls for an in-person screening to help protect the personal rights and property from threat actors, a remote online notarization requires organizations to authenticate the applicants’ identities virtually. Applicants must virtually verify their identity through ID Verification and Knowledge-based Authentication (KBA) and then execute the e-signature before being affixed by the notary. Failure to meet these compliance requirements may result in notaries facing civil liability or the loss of their license.

Certificates of Completion

Vendors must provide immediate proof of completion upon the execution of an electronic agreement. That certification of completion must include the associate IP address, email address, date, timestamp, names, and all other aspects of a transaction. The certificate will act as a legal record of the transaction and should be stored on a secure site to avoid any tampering. By doing so, organizations can be confident that all e-signatures are lawful and will hold up in court. When notarizing a document online, consumers must obtain a digital certificate that provides evidence of the notarization.

Authentication

To ensure the highest level of security, e-signature providers must also provide a two-key encryption system, such as public key infrastructure (PKI), and/or two-step verification. This helps avoid attacks such as man in the middle (MITM), a common attack where an attacker positions themselves between two parties and attempts to intercept the information passed between them. Authentication also reduces the overall likelihood of compromising information.

For online notarizations, organizations can mitigate security risks with identity verification, KBA, and built-in security controls preventing participants from signing on behalf of others.

Digital processes and customer interactions must be secured at every touchpoint throughout a transaction. Most providers will require one-time verification, which may seem secure for consumers when carrying out a transaction. But, in order to secure e-signatures and notarizations, continuous authentication is essential– organizations must secure every interaction throughout the customer journey.

The digitization of high-value transactions lends many benefits to an organization, but it also poses quite a few risks if its associated cyber threats remain ignored. In the world of Web3, organizations must be made completely aware of such cyber attacks, insider threats, and compliance failures, threatening the validity of online transactions. When focusing on online notarizations, it is  important that they occur in a secure environment, as they operate across industries where valuable information is transferred (automotive, banking, real estate, legal, and insurance).

Following such awareness, security needs to be interwoven into all choices application providers are making. Solution providers must adopt an increased level of security to be integrated into the fabric of all transactions and agreements. Organizations, especially those that handle high-value transactions, should invest in alternative e-signature and notarization solutions that utilize multi-factor authentication, identity verification, encryption, and other secure processes. These processes safeguard important information and ensure those completing the transaction are who they say they are.

This blog, written by Sameer Hajarnis, CPO at OneSpan, was first published in Cybersecurity Insiders in May 2023.

Missing media item.

Sameer Hajarnis is OneSpan's Senior Vice President & GM of Digital Agreements. Sameer has more than two decades of experience in enterprise software and SaaS companies leading cross-functional teams, including managing business development, sales, strategic alliances, and customer success to improve the customer product and service experience.