Guide to Advanced Electronic Signatures (AES)
Everything you need to know about advanced e-signatures
Every day, companies are switching to electronic signatures to speed up their approval and validation processes. A question that comes up regularly: what is an advanced signature? And what additional security does it provide compared to a simple signature? This article explains everything you need to know about advanced electronic signatures (AES).
What is an advanced electronic signature?
There are three types of electronic signatures: simple, advanced and qualified. The technical difference between these three levels of signature lies in the level of security requirements for the authentication of signatories. Find out more about the difference between AES, QES and SES.
Article 26 of the eIDAS regulation, also adopted in the UK, provides that an advanced electronic signature must meet the following requirements:
- Be uniquely linked to the signatory;
- Allow the signatory to be identified;
- Have been created using electronic signature creation data that the signatory can, with a high level of confidence, use under his exclusive control;
- Be linked to the data associated with this signature in such a way that any subsequent modification of the data is detectable.
Why and when to use an advanced electronic signature?
An advanced e-signature adds additional security steps to a simple e-signature, so it provides a higher level of signer identity verification, security, and anti-fraud sealing. An advanced electronic signature unequivocally links an electronic signature to the identity of the signatory. This type of electronic signature is used for more risky contracts such as consumer credit, secure documents and high-value transactions. It’s often the case that an organisation opts to collect an advanced electronic signature for contracts with higher risk - although sometimes advanced electronic signatures are used to conform to legal or regulatory requirements.
Advanced electronic signature: how does it work?
The main requirement of advanced electronic signatures lies in the increased identification from the signatories. There are two options for this within DocuSign:
- Signatory identification supported by DocuSign
In this case, the organisation asks DocuSign to provide identity verification and advanced certificates. DocuSign will verify the identity documents sent by your signatories. This option offers maximum security and compliance and includes a digital certificate that links the signature to a verified ID. DocuSign is a QTSP in Europe.
- The identification of signatories is delegated to the issuing company
In this case, identity verification is carried out by the issuing company by the means it deems necessary. This means that the issuing company will have to ensure that they have good practices in terms of KYC, or Know Your Customer. DocuSign will then confirm the signer's identity by sending a one-time password via SMS.
How does DocuSign verify the identity of a signer?
DocuSign ID Verification is a digital solution compatible with all types of media, including mobile devices, which allows you to verify the official identity document of a signer. It is sometimes impractical or even impossible to manually verify the identity of the person face-to-face. Digitising this critical part of the agreement process not only makes sense because the rest of the journey is digital, but also allows organisations to speed up their contract process.
ID Verification ensures that only valid IDs are recognised. This solution analyses alphanumeric data and other unique information contained in identity documents, such as
- The date of validity of the identity document
- The name, which must exactly match the one specified by the sender on the envelope
- Machine Readable Zones (MRZ), such as barcodes, decode information that is consistent with the rest of the ID
- Visual features and holograms match what this type of ID should look like
- There are no signs of tampering with typefaces, letter spacing, perforation or other defects in the ID
Only authorised personnel can access the contract - with ID Verification, you protect not only your company, but also the people identified.
To find out more, read our eBook on Customer Identity to discover how automating ID verification can provide a smoother and more consistent experience for customers and staff or view our webinar on digitally authenticating signers' IDs.