GlobalSign Blog

24 Jan 2017

What Are eSignatures and How Do I Choose the Right One for My Business?

The majority of people reading this will have probably already heard about ‘going paperless’ and might already be in the process of doing so in their organization. You could be doing it (or thinking of doing it) for a number of reasons including:

  • To reduce cost on paper documents
  • To increase ROI through better collaboration
  • To save time on processes
  • To increase document interaction mobility

As eager as organizations are to go paperless, for those reasons and more, they often face a roadblock when it comes to signatures. Printing and physically signing every time you need a signature is impractical and inefficient, and interrupts what should be an efficient electronic workflow.

This is where eSignatures come in. By replacing wet ink signatures with eSignatures, organizations can keep their document workflows electronic and paperless to gain the benefits discussed above.

What is an Electronic Signature (eSignature)?

Put simply, an electronic signature is the electronic version of a handwritten signature. More officially, the US Federal ESIGN act defines it as, “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”

Now, you may be thinking that this definition sounds a little vague and you’re not wrong. Electronic signatures are not very specifically defined and the term can apply to a variety of signing actions (meaning the action you take to indicate your intent to sign), ranging from simply checking a box, entering your initials, typing your name, inserting an image of your handwritten signature, to using a cryptographic-based digital signature.

All eSignatures Are Not Created Equal

As you may imagine, the assurance level and legality of these various types of eSignatures varies greatly. Legal acceptance generally comes down to adherence with various regulations. For example, the US ESIGN act mentioned above, eIDAS in the EU and other industry-specific regulations clearly define the criteria an eSignature must meet in order to be accepted as a viable alternative to physical signatures.

Much of the legal acceptance of eSignatures and acceptance by the companies themselves, comes back to trust. Can you trust that the person who signed is who they say they are? Can you trust that what they signed hasn’t been altered? Can you trust when the signature was applied? Not all eSignatures can positively answer those questions.

Imagine that your company’s finance department is sending an invoice to a customer and they add an image of the CFO’s signature to show that the invoice is authorized and approved by the company. A hacker intercepts this invoice and alters it before it’s sent to the recipient. The recipient pays their invoice, but your company never received the payment. When you chase payment, your customer is horrified to find out they have paid the invoice to the wrong bank account. In this scenario, although an electronic signature was applied, it doesn’t offer any trust in regards to the document contents. Your company cannot trust that your customer will actually receive the correct invoice.

Digital Signatures offer more trust than other types of electronic signature and are a tried and tested way to ensure that documents sent and signed electronically have not been tampered with in any way, that the sender can be easily recognized and that the sender is who they say they are.

Without a Digital Signature, you cannot be sure that a hacker hasn’t intercepted and altered your documents. If you operate without a Digital Signature, can you be sure that your customer is paying an invoice to your company, or Vladimir in Moscow, or Craig in London for that matter!

By adding a Digital Signature, your finance department can add their eSignature to the invoice and your customer can be sure that they are sending their money to the REAL you.

For more information about how Digital Signatures differ from other electronic signatures, check out our related post.

Importance of Publicly Trusted Signatures

In the example above of an invoice paid to the wrong person, you will find it is happening daily. However, trust in the document integrity is not the only type of trust you need to consider in your eSignature.

Public Trust is essential if you are sending documents to external parties or using certain types of document software. Without public trust, recipients will see scary messages warning them not to trust your signature when they open the document in common software like Microsoft or Adobe. These companies have technical requirements for the use of their products that mean you have to have a Digital Signature to get full use of the service.

Public Trust is also important for many regulatory requirements such as eIDAS. We will look into the regulations around eSignature regulation, law and some of the industries that will be most concerned with public trust in eSignatures in future blog posts.

Which Type of eSignature Do I Need?

Electronic signatures are only as assured as the business processes and technology used to create them. High value transactions need better quality electronic signatures that also have public trust. Signatures used for these transactions need to be linked to the owner in order to provide the level of assurance needed and to ensure trust in the underlying system.

In this light, most companies will be required to, or will benefit more from using eSignatures with an added level of public trust.

Better quality electronic signatures can offer:

  • Authentication – linking the signatory to the information.
  • Integrity – allowing any changes to the information provided to be detected more easily, decreasing the likelihood of an intercepted hacking like the one I mentioned at the beginning of this post.
  • Non-repudiation – ensuring satisfaction (in a legal sense) about where the electronic signature has come from and therefore, a way for the signature to be publically trusted, like in a legal setting.

Knowing which signature is right for you will depend on what reason you have for going paperless in the first place.

You might just be trying to get work done faster, in which case, compliance and trust are not going to be an issue. You might need to send documents outside of your internal network, in which case public trust is important so your signature is automatically accepted in different document software. No organization will have the same workflow and that’s why each solution should be customized and tailored to your individual needs.

In the next post we will look at how to choose the right solution. If you want to stay informed about eSignatures, subscribe to our blog and get all the latest articles in your inbox.

To talk to us about your eSignature requirements and see if we have a solution that is right for you, contact us today.

Share this Post

Write for Us

Apply Now

Subscribe to our Blog