A new era in identity verification
Every single individual is required to verify their identity in person from time to time. Need a new driver's license? Please visit the licensing office, fill out the forms and have your photo taken. Want to rent an apartment? Come to the real estate agent’s office with your passport and sign the necessary paperwork. The list goes on.
While we don’t usually think twice about such tasks, the process of physically validating your identity is hugely inefficient and cumbersome in an age where digital technology has streamlined almost all other areas of business.
Additionally, complex challenges arise when a business engages with an individual or another business in a different country. How can you close a deal when the customer in question is unable to visit you in person to verify their identity?
Enter the electronic contract. This innovation is a digital record, often in the form of a document such as a PDF, signed electronically by at least two parties to form a binding contract.
According to a study by the European Commission, electronic contracts are set to save EU businesses more than €11 billion per year, simply by removing the need to print documents and manage them manually. This equates to an 80-90% reduction in costs.
Such potential cost savings have driven electronic contracts to become increasingly commonplace, but until recently the technology remained relatively unsophisticated and unstandardised, creating a new set of security and efficiency challenges for businesses and individuals alike.
Thankfully, a combination of forward-thinking technology and updated regulation is finally providing the catalyst for a new revolution in digital identity.
The definition of what constitutes a valid electronic signature has traditionally differed dramatically in different jurisdictions, creating a headache for any business that operates across international borders. Regulation introduced in the U.S. and EU is helping to tackle this challenge.
In the U.S., the Electronic Signatures in Global and National Commerce (ESIGN) act has established a clear definition of an electronic signature, constituting it as “a sound, symbol or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”
Likewise In the EU, a rule introduced in 2018 sought to standardise electronic signatures across all its member states, enabling cross-border collaboration and reducing the time and effort needed for various administrative tasks. The Electronic Identification, Authentication and Trust Services (eIDAS) regulation defines a simple electronic signature as "data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” In simple terms, this means something as straightforward as writing your name under an email can constitute an electronic signature.
Linking signatures to identity
Demonstrating that an electronic signature is possessed by a specific natural person remains one of the biggest technological challenges of our time. Currently, most people do not have access to an electronic signature that is widely accepted, either by all types of businesses or by businesses in different countries.
A new regulatory development in the EU is helping change this situation for the better. Specifically, eIDAS has adopted a European Telecommunications Standards Institute (ETSI) package which standardises the requirements for electronic signatures and their ties to identity.
With eIDAS, EU regulators have tried to form a stronger link to natural persons by creating a higher level of requirements for electronic signatures, and the legal effects arising from those requirements. These include:
- Advanced Electronic Signatures (AeS)
An advanced electronic signature (eIDAS Article 3) is an electronic signature which is additionally:
- uniquely linked to and capable of identifying the signatory;
- created in a way that allows the signatory to retain control;
- linked to the document (or record) in a way that any subsequent change of the data is detectable.
The most commonly used technology able to provide these features is a public-key infrastructure (PKI), which incorporates certificates and cryptographic keys.
- Qualified Electronic Signatures (QeS)
A qualified electronic signature (eIDAS Article 3) is an advanced electronic signature which is:
- created by a qualified signature creation device;
- based on a qualified certificate for electronic signatures.
These developments are helping make advanced electronic identity verification a reality across the EU today. eIDAS now defines that all contracts signed with a QeS (see above) are legally binding in EU courts and vis-a-vis all public authorities. In other words, they are explicitly recognised to have the equivalent legal effect of hand-written signatures all over the EU.
This provides the stimulus for more businesses across the continent to adopt electronic signatures and realise the ultimate cost and efficiency benefits.
How do I integrate e-signatures in my business?
One of the major remaining hurdles for the entire industry is to issue electronic signatures to natural persons remotely. Due to a combination of challenges related to technical standards and security, certification requirements, and legal processes involving government agencies, only a handful of companies have the expertise to develop this type of advanced technology.
If you want to futureproof your business and benefit from significant cost savings, find a company with this capability and look for either a stand-alone app or an app software development kit. This method of issuing electronic signatures to natural persons is the future of digital identity verification. And by leveraging the global ubiquity of smartphones and iOS and Android security, your customer’s user journey will become fully based on touch and face ID.
In other words: simple, elegant and compliant.