Month: March 2021

Best Practices of Electronic Signature Security

Electronic signature security is one of the top concerns of digital transactions as more and more businesses empower customers to make secure and faster transactions on the web. When you collaborate with an eSignature vendor, don’t look for an eSignature service that is ESIGN compliant or has a particular security specification. We recommend you to take a broader view of the e-signature security that also addresses:

  • Selecting appropriate authentication levels
  • Making esigned documents tamper-proof
  • Easier verification of esigned documents
  • Reliability of records independent of the vendor
  • Verifying vendor’s track record of protecting customer’s data
  • Creating trusted experience through white labeling

Such a focused multi-directional strategy protects the organization’s reputation, reinstates customer confidence, and reduces the risk of non-compliance fines in electronic signature security.

To identify the esignature security requirements against which you should evaluate solutions, you should proactively check these security best practices before finalizing and working with an esignature vendor.

Best practices for implementing Electronic Signature Security

Identification, Authentication, and Attribution

Identification: The identification process identifies first-time applicants using two types of information:

  • Personally Identifiable Information(PII) like Driving license, Aadhaar Card, Passport number
  • Nonpublic Personal Information(NPI) like credit score, income, social security number

You get Verified PII or NPI information through third-party identification services. In this case, look for an e-signature solution provider that smoothly integrates with third-party identity verification services to establish genuine esignature users’ identities.

Authentication: Once a signer’s identity is verified, organizations issue electronic credentials to the users to facilitate secure digital transactions. The organization dealing with high-value, high-risk business transactions use robust multi-factor authentication services to ensure a safe environment and protect identities, data, and digital lives.

In this case, look for an e-signature solution that easily integrates with authentication services and offers a wide range of authentication options for a smoother user experience like:

  • User authentication through user id and password
  • User authentication using secret Questions & Answer (Q&A)
  • Using e-Sign sessions for verification of email address
  • Uploading identification images for e-sign transaction

Attribution: Use the attribution process to prove the identity of the person who clicked to apply an esignature.

One of the quickest and cost-effective ways to establish attribution is to use affidavits.

Take a case where the signer has to click a button to e-sign a document on the agent’s device. Just before handing over the device’s control to the signer, the device handling agent or representative gets an affidavit text confirming that the signer has received the esignature device. The affidavit text successfully captures the transfer of control as a part of the audit trail.

Another easier way is to send a one-time passcode (OTP) via SMS text to the signer’s Smartphone for gaining access to the e-sign session.

Document and electronic signature security

The security of electronic signature and the esigned documents are equally crucial for a signed contract.

There are several points for consideration:

  • Electronic signature and the esigned documents must be secured using the digital signature security technology that creates a digital fingerprint of the signed document ( called a hash) used for verifying the integrity of the signed records. If there is an attempt to tamper with the documents, the electronic signature is visibly invalidated.
  • If signers esign a document on different days, then a comprehensive audit trail should include each signature’s date and time.
  • All electronic signatures, timestamps, and audit trails should be embedded directly within the document rather than stored separately in the cloud.
  • It must be easy to verify that there are no changes in the signed record, independent of the vendor.
  • One should avoid e signature solutions that require you to access servers to verify the signature or documents. It can pose significant problems for you if the subscription services stop or the e signature vendor goes out of business.

LunarPen uses audit trails to store and track every change in the document starting from tracking the date of signing a document to change signs in the document and retrieve data anytime for legal purposes.

Cloud Security

eSignature solutions are available both on-premises and in the cloud.

The on-premises esignature solution runs entirely within the company’s network without the need for any external connection to keep the data on-site. On the other hand, a growing number of companies are adopting cloud storage to access documents for esignature transactions as it is speedy and cost-effective. However, it comes with several security risks like data privacy, shared servers, data leakage, and lack of data backups.

It would be best to look after esignature vendors that provide tailor-made secure storage solutions as per the organization’s need.

LunarPen understands these security risks very well and has partnered with leading cloud infrastructure service providers like Onedrive, Google Drive, and Dropbox to access documents securely and send them for e signature to respective signers and signees in a few seconds.

These cloud solutions follow world-class SSL and Perfect Forward Secrecy (PFS) encryption systems. With PFS, a user can’t reuse a private SSL key for sessions that have occurred in the past. Even if an unauthorized person gets access to the SSL key, it isn’t easy to decrypt older traffic, making cloud solutions highly safe for day-to-day business transactions.

Use white labeling to safeguard signing service & customers against phishing attacks

Enhancing customer experience is the prime focus area of digital transformation. Organizations often depend on third-party solutions to support their day-to-day business process. A slight mistake ruins customer experience, leaks confidential information, and endangers the company’s finances that can tarnish its image.

So, a company must safeguard itself, its clients, and the brand name by ensuring a safe and transparent online transaction process.

The best practice is to white label the entire e-signing experience so that only your brand is visible across the transaction and not the vendor’s brand. White labeling prevents fraudsters from attacking your valuable customers through phishing emails.

Organizations should look for esignature service providers that enable the use of white labeling in esign process.

As a responsible esignature company, LunarPen recommends white labeling in every aspect of the esign process.

The best esignature solution service provider should allow you to

  • Use the company’s email servers to send direct emails and not through third-party service providers.
  • Customize the brand’s logo, theme color & visibility of header, footer, navigation bar,
  • Personalize the content, look & sound of email notifications
  • Customize dialog boxes and error messages

Case Study: How Hackers used fake DocuSign email for phishing

Hackers used DocuSign documents to steal user credentials from all the major email providers.

The attack began when a user received an unknown email that appeared to be from DocuSign as it included its original company logo and the email content seemed like real emails sent from the company.

The email’s first line didn’t have any recipient’s name and only mentioned “Good day.”

Cofence, phishing detection, and response platform analyzed the email header. They realized that the threat source originated from an unknown domain narndeo-tech.com owned by Hetzner, a well-known web hosting service provider and data center operator in Germany.

Its researchers found an embedded hyperlink pointing towards six different options for users to enter their credentials and access DocuSign documents. Fake login pages were recreated for Ms. Outlook, Office 365, Gmail, and Apple iCloud so that users enter and reveal their original login credentials.

It is the best example of a phishing case where cybercriminals used a well-known company’s brand name to steal customer information using emails.

LunarPen strongly advises its users to be extremely cautious when using an external link on an email that asks them to share their user credentials.

If you are keen on learning more about the electronic signature security checklist, click here.

Conclusion

When businesses implement an e-signature solution, It is always advisable to take a broad view of the electronic signature security, starting from identification, authentication and ending with the solution provider’s ability to build trust and a smooth user experience.

Trusted service means stringent security measures. But at the same time, the security level of an esignature solution should not conflict with the customer experience. It is important to balance security concerns with the solution usability as over-engineering can negatively affect solution adoption and usability.

Frequently Asked Questions

What is an eSign document?

eSign document means an electronically signed document in PDF, Doc, Xls formats. Such documents are signed using an ePen, mouse, or finger movement on any smartphone, laptop & Tablet securely using an e signature app protected by 256-bit HTTPS advanced encryption.

What is the purpose of esigning a document?

Its purpose is to authenticate and quickly identify the person who has initiated the written communication and ensure a secure exchange of information between different parties. The esignature made by an individual on the document signifies knowledge, approval, acceptance, or obligation.

What are the benefits of an electronic signature?

These are the significant benefits of using electronic signature:

1) Save Costs: Save time in doing paperwork, printing, scanning, mailing, delivering, and storing the document
2) Save Time: Saves you from age-old rituals of paperwork. Going digital saves a lot of time, allowing you to focus on other essential tasks.
3) Legal Compliance: Electronic signatures are legally binded and acceptable all over the world.
4) Mobility: A significant advantage of eSignatures is helping businesses function irrespective of location & time.

How can I eSign documents for free?

Follow these simple steps to eSign a document for free:

Step 1: Click LunarPen to open a free account
Step 2: Create or upload a document using templates, Google Drive & Dropbox
Step 3: Use the signed document sharing feature
Step 5: Send the document for signature
Step 6: Use the LunarPen interface to esign your documents for free
Step 7: Receive signed documents by email

Posted by Lunar Pen in eSignaure Law, 0 comments

How to eSign a Document

If you are wondering how to eSign a document, it is definitely easier than the lengthier alternative of printing, signing, scanning and finally emailing the document to the intended recipients. There has been a sharp increase in the use of e-signatures due to its contribution in ease of doing business while ensuring the safety, security and cost effectiveness of signed documents.

That’s the reason behind the global popularity of the trending search term “How to eSign a Document” as more startups, entrepreneurs & businesses from US, UK and India are curious to learn about it.

Data Source: Google Trends

We have to understand the concept of eSign first before knowing the in-depth process of eSigning a document.

What is eSign?

eSign or eSignature refers to data in electronic form which is a legal way to get approval or consent on electronic documents (Sources : laptops, Tablets, Smartphone) and is used by the signatory to replace handwritten signatures in virtually every personal or business process.

eSign provides the same legal standing like a handwritten signature and is legal, enforceable and trusted by countries all over the world, as it adheres to the specific regulation requirements under which it was created. These reasons make eSign extremely safe & secure for business transactions anytime from anywhere.

Why eSign a document?

Secure online services: eSign service can only be accessed by users that have been authenticated using e-KYC services. To prevent misuse and fraud of eSign, the private keys of esign users are destroyed immediately after one time use.

Easy to implement: eSign records the e-KYC ID to verify the identity of the signer and provides configurable authentication options for eKYC that includes the OTP or biometric details of the e-KYC service provider enabling the eSign users to get easy access to legally valid Digital Signature service.

Easier access to legally valid signatures: eSign process includes the signer consent, digital Signature Certificate issuance request and digital Signature creation ensuring assured access to legally valid signatures only.

Respects Privacy: eSign ensures privacy of the signer by requiring that only the thumbprint of the document be submitted for signature function instead of the whole document.

How to eSign a Document online?

LunarPen is the best eSignature app trusted by top companies that lets you electronically sign all the documents, safely, securely and absolutely free of cost to manage your contracts and drive business seamlessly.

Take a look at the simple step by step process to eSign documents:

  • Create or upload a document:

You can upload the documents by using different options like:

Upload File button – Go to My computer, select the drive and trace the file location to upload the file in pdf, text, doc, docx, csv, xlx, png & jpg formats.

Select Templates – Use in-built templates for invoice, sales letter and reuse them. Share templates to your team members to save time and upload custom documents quickly.

Google Drive & Dropbox – LunarPen gives you industry first features to upload documents directly from the cloud either by using Google drive or Dropbox authentication.

After the documents are uploaded, a preview of the document will appear as a thumbnail.

  • Use the Signed document sharing feature:

LunarPen makes your day to day task easier by sharing two different options to share the signed document.

My Sign: This option gives you the flexibility to share the signed document created by you with a closed group of people to receive the documents in private.

MySelf & Others: If you have a document that needs your sign as well as the signature of other professionals then this option is useful.

  • Send for Signature:

Once you have selected any of the two options, you have to fill out details like subject & message to explain the agenda of the signed documents to the recipients. Finally, Click “Prepare doc for signing” once done.

  • Use the LunarPen interface to sign your document:

LunarPen gives you advanced options to insert different fields needed for signing a document like Name, initials, Signature, Signature date and the checkbox.

LunarPen gives you customized options to draw, write and upload your signature using LunarPen Signature field. It’s one click options enable you to use customized signature for all kinds of documents.

After you have inserted the signature in the document using the signature field and clicked Send, the signed document is sent on the specified emails and you get to see the summary of the shared document like the one shown below.

  • Receive signed document on emails:

The signed document is received by both the signee and the recipients on email in below format ensuring that only the added email ids get the opportunity to view & access the esign document on the LunarPen app safely and securely.

Is eSigning a document safe?

LunarPen uses advanced audit trail features to preserve the information related to editing, sending and signing documents in seconds. This makes it possible to track and audit the digital signatures transparently, so that each transaction can be traced.

To ensure security throughout the signing and verification process:

  • Each party is authenticated via a private code sent via SMS to offer vital security & protection to online users
  • Data is encrypted and stored using industry- standard 256-bit HTTPS advanced encryption making it difficult for hackers to breach it
  • Signed document can be accessed and viewed only by authenticated personnel on LunarPen platform
  • Our e-signature application complies with eSign acts to prevent data leaks & make it threat proof
  • Qualified advanced electronic signature (AES) ensures protection against forgery as signature creation data is used only once

Are you ready to eSign a document?

Now you know the concepts of electronically signing a document which is the safest way to sign crucial documents without the fear of signee data getting leaked to the third person. eSigning a document not only saves cost & time but improves user convenience and addresses privacy concerns as well.

It is important for professionals to align towards the best solution to remain consistent and competitive in the market. LunarPen is a smart business-friendly document management solution that
empower organizations to accelerate their business processes, minimize cost, and maximize productivity.

Click Now to securely create delivers eSign and manage your documents with LunarPen.

Frequently Asked Questions

  What is an eSign document?

eSign document means an electronically signed document in PDF, Doc, Xls formats. Such documents are signed using an ePen, mouse, or finger movement on any smartphone, laptop & Tablet securely using an e signature app protected by 256-bit HTTPS advanced encryption.

  What is the purpose of esigning a document?

Its purpose is to authenticate and quickly identify the person who has initiated the written communication and ensure a secure exchange of information between different parties. The esignature made by an individual on the document signifies knowledge, approval, acceptance, or obligation.

  What are the benefits of an electronic signature?

These are the significant benefits of using electronic signature:

1) Save Costs: Save time in doing paperwork, printing, scanning, mailing, delivering, and storing the document
2) Save Time: Saves you from age-old rituals of paperwork. Going digital saves a lot of time, allowing you to focus on other essential tasks.
3) Legal Compliance: Electronic signatures are legally binded and acceptable all over the world.
4) Mobility: A significant advantage of eSignatures is helping businesses function irrespective of location & time.

  How can I eSign documents for free?

Follow these simple steps to eSign a document for free:

Step 1: Click LunarPen to open a free account
Step 2: Create or upload a document using templates, Google Drive & Dropbox
Step 3: Use the signed document sharing feature
Step 5: Send the document for signature
Step 6: Use the LunarPen interface to esign your documents for free
Step 7: Receive signed documents by email

Posted by Lunar Pen in eSignaure Law, 0 comments