Managing Signer Identity for a Secure Signing Process
Over the past few years, digital transactions have surged, with the pandemic serving as a major accelerant. With each successive generation, consumers have grown increasingly comfortable conducting activities like buying goods, opening bank accounts and signing up for services online, driving a growing demand for compelling, convenient digital experiences.
There’s no turning back the clock, as digital transformation has risen to the top of the agenda across many industries. But at the same time, companies must navigate a riskier environment. More transactions now occur online, giving bad actors with advanced technologies more access to personal information. And indeed, fraud is on the rise, with the FTC reporting $8.8B lost in consumer fraud in 2022—a 30% increase over 2021.
In other parts of the world, the trend is unfortunately very similar. For example, in its Annual Fraud Report, U.K. Finance reported that over £1.2 billion was lost in online fraud in the U.K. in 2022, the equivalent of £2.3k every minute.
Cybersecurity threats have also increased, and in response, governments across the globe have started introducing policies to help address this worrying trend. For example, the U.S. Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which requires covered industries—including healthcare, energy, and financial services—to report material cyber incidents to a central body.
A key pillar in their recommendations is better authentication and identity verification practices.
Balancing signer experience with trust and security
Many organizations face the challenge of balancing growing consumer demands for digital transactions with the need for robust security and compliance protocols. A Forrester study showed that 71% of decision-makers say the better their firms make the identity verification customer experience, the worse their security becomes, and vice versa. This is true regardless of industry or geography.
At DocuSign, we consider this challenge in the context of agreements, and we want to make it easier for organizations to collaborate and come to agreement—anytime, anywhere—while maintaining the highest level of trust and security.
All agreements are based on identity and intention, and you need to be able to trust the person you’re doing business with and ensure they’re who they claim to be. Furthermore, the level of identity assurance you require may vary depending on the type of agreement you facilitate, the location of the transaction or the industry you operate in.
That’s why, as a baseline, every DocuSign eSignature transaction includes an audit trail and requires the signer to provide a known email or phone number. In some situations, that’s sufficient to trust the signer. In other cases, you need signers to prove their identity beyond email.
To help achieve this balance, DocuSign ID Verification allows signers to verify their identity from practically any device.
They can do this in a couple of ways: for one, they can answer knowledge-based questions—for example, information on prior addresses or purchases that can be verified against a public database. Another way is by requiring singers to submit a photo of their driver’s license, passport or other government-issued ID for validation.
Both methods can support or ease compliance requirements such as Know Your Customer/Anti-Money Laundering (KYC/AML) in financial services. It’s easy to layer on ID Verification (IDV) within signature transactions via the eSignature administrative and sending interfaces.
With DocuSign’s latest capability, Liveness Detection for ID Verification, users benefit from the equivalent of face-to-face verification, no matter where the signer is located.
Here’s how it works:
Before accessing an agreement for signature, the signer is asked to perform three simple steps on their preferred mobile device:
- Snap or upload a photo of their government-issued identification document
- Take a selfie video while performing simple facial movements
- Sit back as the system uses the power of artificial intelligence (AI) to compare the video and photo ID to make sure the faces match and the ID is genuine and valid
The result? With a few simple biometric checks, you can ensure a signer is physically present—and that there’s no deep fakes or image manipulation.
To help minimize failure rates, the system also provides additional feedback during the identity verification process. For example, as a signer captures an image of their identity document, the quality of the image is automatically assessed before submission. If the image is too blurry or otherwise compromised, the signer is instructed to retake the picture.
With this enhancement, DocuSign has also expanded the list of acceptable ID documents to include National Identity Cards and Resident Permits in certain countries.
And all while driving a positive user experience, especially with the safeguards to mitigate failure rates.
Delivering trusted agreement experiences across multiple scenarios
ID Verification serves as an embedded security layer within a range of agreement transaction types, including simple electronic, remote online notary (RON) and digital signatures.
Simple electronic signatures
In today’s climate, it’s critical for organizations to offer mobile-first experiences that align with the preferences and behaviors of their customers. For this reason, identity verification steps need to be mobile-friendly and seamlessly embedded into the broader transaction.
To achieve these goals, an ideal end-to-end trusted and mobile-friendly signing experience consists of three easy steps:
- A signer is notified by text message, email or, later this year, WhatsApp that they have an important agreement to sign
- They click on the agreement and are first directed to verify their identity—selecting the most convenient method
- Once completed, they can then easily read, complete and sign the agreement with responsive signing capabilities that adapt the agreement to better fit the screen of their mobile device
It’s a tightly integrated, mobile-first process from notification, to identification, to signature.
Notarizations are very common in the U.S., with over a billion documents notarized each year. However, most notarizations are still conducted through traditional in-person, paper-based means. The drawbacks to this approach include a greater risk of manual errors, higher costs and a clunky signer experience—particularly for those unable to travel and meet face-to-face due to factors like military service or health concerns.
In addition, in-person notarization presents a greater risk of identity fraud because the notary public is simply required to use their judgment in validating the presented document without using technology to support that process.
DocuSign Notary is a trusted way to remotely and electronically notarize documents.
Notary offers an encrypted audio-visual session that allows notarizations to occur remotely and securely, eliminating the hassle of meeting a notary public in person and accelerating the overall agreement process.
Notary verifies the signer’s identity using knowledge-based authentication and electronic verification of a government-issued ID. The solution also uses photo ID verification as part of creating a digital certificate for each notary public, which is a RON requirement within certain U.S. states. This DocuSign-issued certificate authorizes notaries to complete remote notarizations on the DocuSign platform and is valid for a year from issuance.
In addition, every notarization comes with a tamper-evident seal and a robust audit trail that includes an electronic notary journal and a recording of the audio-visual session.
With the RON landscape continuing to evolve, today Notary is available to U.S.-based customers who either employ or contract with notaries public in supported states.
This is a category of electronic signatures based on a digital certificate that guarantees the signer’s identity and the document’s integrity. Digital Signatures require more rigorous identity verification and tamper-proofing, and are used more commonly in the EU and the U.K.
Within the Digital Signature family, a Qualified Electronic Signature (QES) is the strictest type and is the only signature equivalent to a ‘wet’ or handwritten signature under EU eIDAS law. A key requirement of QES signatures is face-to-face identification or the equivalent performed by a certified agent, which adds friction to the process.
That’s why DocuSign recently introduced ID Verification for EU Qualified to meet requirements in the EU and the U.K. This solution also uses AI-powered biometric detection to ensure that both the signer and their ID document are present at the time of capture before comparing a video selfie taken by the signer to the photo on their ID and then asynchronously sharing the documents to an offline, approved agent for a final review within minutes.
Using ID Verification for EU Qualified, a signer can complete the QES online in minutes. Previously, they’d be required to schedule an appointment with an agent, either in person or over video.
The solution is ideal for organizations with global operations, who are seeking the attainment of a QES in support of common scenarios like cross-border transactions, temporary labor arrangements and more.
With fraud and cybersecurity breaches continuing to rise, robust authentication and identity verification practices have never been more critical. Learn more about the latest trends in identity verification technology.