Home » Security » Page 2

Signing agreements, contracts, documents, and forms with electronic signatures is becoming the norm. Using electronic signatures is easy, fast, and convenient. People use different ways to e-sign documents. Some paste images of their signatures captured off of a laptop camera onto documents and some use computer generated signatures. Yet others use more sophisticated tools which allow them to sign documents with pen or finger onto a touch-sensitive screen. The act of signing a document is one aspect of it, security and privacy is another. In this article we share tips on how to protect your identity and think security first when eSigning agreements.

 

As we use electronic signatures to sign more high value, critical and sensitive documents we must make sure that our signatures, documents, information, and the entire transaction is secure and protected against fraud, tampering, and miss-use.  Examples of high value transactions are buying a home or business, signing sales contracts, promissory notes, loan documents, credit card applications, your child’s medical information release forms, and more. Over the years, ZorroSign has helped thousands of customers sign contracts and agreements securely, in this article we share best practices that we have learned.

 

Tips for protecting your identity

  1. Avoid signing documents by pasting an image of your signature on documents. Use highly secure online eSigning solutions instead.
  2. Shy away from eSign products that distribute documents via email attachments.
  3. Never use the same password for more than one online profile.
  4. Make the length of your passwords across different online profiles different.
  5. Avoid using obvious strings and numbers as your passwords that people can easily guess by knowing little about you.
  6. Take advantage of free online random password generators.
  7. If you use a password manager program, make sure to take full advantage of all of its features. For example use its random password generator and also review reports showing where you are repeating passwords and strengths of your passwords.
  8. Even if you are using a random password generator, make sure to change your password at least 4 times a year.
  9. If your online profile offers options to use Biometrics, like ZorroSign does, take full advantage of it.

Earlier this month, on December 5, 2018, the 21st Century IDEA (Act) passed in the US House of Representative and December 12, 2018 it passed the Senate. On the 20th of December 2018, the President of the United States signed the “21st Century Integrated Digital Experience Act” or the “21st Century IDEA” bill into law. We discussed this in a blog article speculating what it means and its impact on business. The passage of this bill is a tremendous milestone particularly for the Digital signature and digital transaction management industry and represents rather progressive “forward” thinking of our country’s leaders. The law addresses issues with regard to:

 

  • Website Modernization
  • Digitization of Government Services and Forms
  • Plan to Increase use of Digital Signatures within Federal Agencies
  • Improving Customer Experience and Digital Services Delivery

 

With this new legislation, the ability to conduct all of your government business via digital technology is closer than ever before. 21st Century IDEA, will position the US Government to be a fully digital public sector operation, potentially in the next few years.

 

The goal of the 21st Century IDEA legislation is to enhance the digital services within the federal government. Accelerating the federal government’s ability to improve digital service delivery and customer experience. The 21st Century IDEA will:

 

  • Enhance federal agency websites, making them mobile friendly, and establishing minimum standards.
  • Transition from paper-based forms to electronic transactions.
  • Decrease federal costs, saving taxpayers money.
  • Increase efficiency and productivity of federal employees.
  • Promote the use of Digital signatures standards established via the eSign Act.
  • Reinforce the validity of Digital signatures.
  • Decrease use of paper, and potentially decrease human error by digitizing processes.

 

We think there are two areas of significant impact that beg to be called out here.

 

Workflow Automation and Business Process Optimization

 

With the passage of this bill, there will be even greater emphasis on enhancing business process optimization and using workflow automation. The digitization will create opportunity to revisit how we run our operations, how we handle approvals, how we manage storage and tracking of information, how we handle inquiries and how we provide service to the constituents in the front office and how we handle everything else in the back office. Digital signature is just one part of the complete Digital Transaction Management system which will be a core enabling technology. An added benefit of going digital is the business savings of time, cost and efficiency. Check out our blog article of complete business impact of going digital.

 

Environmental Benefits of 21st Century IDEA

 

Imagine what the approximately 800,000 federal employees do every day. Add millions of State and local government employees to this list and then add all the millions of private companies that interact and do business with all the government agencies and programs. Now imagine how much paper is used every day, printers, ink, and storing of those files and documents. On average about 3 Gallons of water is required to produce one page of copy paper, 1.5 Gallons if recycled water is used. The magnitude of positive impact on the environment is tremendous. Water, trees, and Carbon footprint. Checkout ZorroSign’s Environmental Savings Calculator (a part of its Paperless Life initiative) to estimate the environmental impact this law will have.

 

Checkout our complete review of the environmental impact of going digital in this blog article.

 

ZorroSign is excited for the 21st Century IDEA to be implemented so we can start to see the digital transformation within the government. This marks a fundamental shift in Government to consumer customer experience. ZorroSign would like to thank and recognize all of the cosponsors of this legislation for a bipartisan job well done: Rep. Ratcliffe, John [R-TX-4], Rep. Kelly, Robin L. [D-IL-2], Rep. Russell, Steve [R-OK-5], Rep. Connolly, Gerald E. [D-VA-11], Rep. McMorris Rodgers, Cathy [R-WA-5], Rep. Krishnamoorthi, Raja [D-IL-8], Rep. Fitzpatrick, Brian K. [R-PA-8], Rep. Raskin, Jamie [D-MD-8], Rep. Costello, Ryan A. [R-PA-6], Rep. Watson Coleman, Bonnie [D-NJ-12], Rep. Hunter, Duncan D. [R-CA-50], Rep. Lawrence, Brenda L. [D-MI-14], Rep. Comstock, Barbara [R-VA-10], Rep. Eshoo, Anna G. [D-CA-18], Rep. Curtis, John R. [R-UT-3], Rep. Swalwell, Eric [D-CA-15], Rep. Stefanik, Elise M. [R-NY-21], Rep. Walker, Mark [R-NC-6], Rep. Ross, Dennis A. [R-FL-15], Rep. Faso, John J. [R-NY-19]. Read the entire bill here.

 

ZorroSign is the pioneer of the Digital signature technology which was instrumental in passage of the eSign Act in June of 2000. President Clinton also signed the bill into law using the technology invented by one of ZorroSign’s co-founders. That is a matter of pride for our team. ZorroSign not only uses the real true electronic code to sign documents it is also an enterprise-grade Digital Transaction Management platform built from the ground up using Blockchain with security and privacy at the core of its philosophy and design. With ZorroSign There is the added benefit of its proprietary document tampering and signature forgery detection system. With ZorroSign, documents are not only signed with real Digital signature, use of biometrics, and full automation, the Government can also ensure, verify and validate the sanctity of electronically signed digital documents for the life of the document.

 

ZorroSign is idiosyncratically poised to aid executive agency leaders to convey their proposal to the OMB and Congress and federal agencies in order to meet their 180-day requirement to demonstrate how their agency will increase the use of Digital signatures.

 

ZorroSign looks forward to using our industry and subject matter experts to help executive agencies identify their plans to meet the June 2019 deadline to submit their plan on accelerating the use of Digital signatures within their agencies. For consultative discussion, federal agencies can email [email protected] for immediate assistance.

 

Read more on how ZorroSign Supports the 21st Century IDEA for government agencies here.

For most real estate brokers and agents, long gone are the days where more time was spent paper chasing than with customers. Over the last decade, the real estate market has seen many improvements in the buyer experience, thanks to the use of technology. The industry is now using everything from virtual reality, 3D mapping, aerial drone photography, as well as eSignature and digital transaction management solutions to digitize contracts and the real estate sales and lease process. Whether you are a buyer/seller, broker, real estate agent, home inspector or real estate appraiser, these technologies are probably already impacting how you conduct business.

For those professionals in the real estate space who are already using eSignature/ digital signature software along with a digital transaction management (DTM) solution, you may feel that you are set and you do not need to adopt other technologies. For those who are not currently using an eSignature solution along with a DTM solution, you may be researching the best solution for your business, along with the benefits of a DTM solution. Others just use the eSignature solution provided by their business.

Now, what if you found out that your current solution may not have you covered long term? Specifically, in order to authenticate a signature that has been placed on a document, eSignature solutions often use something called a third party certificate. The third party certificate does not validate the person, his / her signature or if it was done with / without their permission, it only validates the ‘act’ of placing an unverified signature on the document. Digital certificates have a two year validity and eSignature providers using these third party certificates build in the cost of renewing the digital certificates for each of your documents that you have signed in your annual license cost. Essentially, this means that without your knowledge, eSignature solutions are binding you to use only their solutions, otherwise the digital certificates on your documents will expire within two years (or less) after you cease using their service. If for any reason you would need to take that document to court or need to validate it at a government agency, you would have to ensure the digital certificate thus meaning that you would have to go back to the solution you signed the document with and pay the arrears from the time when you stopped using the solution to when you needed your document certified. Needless to say, 10 years into a 30 year mortgage if something were to occur and documents needed to be certified for a pending legal action or civil dispute this would present a very expensive problem. However, ZorroSign solves this problem by issuing our own security certificates with our proprietary patented technology, whereby these certificates remain accessible for life, which we call our ‘lifetime escrow,’ even if you are no longer a customer.

As a digital disruptor, ZorroSign wants to highlight to users where there can be major gaps, specifically in security and service within their current eSignature and DTM solutions. Electronic signature solutions are here to stay and the acceptability and use will only increase over time, however, using the right solution which can validate the signature, authenticate the user and confirm the signature was placed with the knowledge of the authenticated user is what will really matter in the future. As a result, understanding digital security certificates is important, and having an eSign solution with a lifetime document certificate that is included as part of the service is imperative for long term piece of mind and future cost abatement.

Your company may already offer you an eSign solution for free, but with ZorroSign you can feel confident in knowing you are using the real esignature patented technology built into an advanced DTM along with a lifetime digital certificate. This will allow you to close residential and commercial real estate deals faster and more securely. If you are not convinced, sign up here for a free trial and try it yourself.

As part of their digital transformation, companies are quickly adopting eSignatures and Digital Transaction Management (DTM) to replace their pen-paper-scan-attach-email process. Most organizations stop at eSignature and a handful of them, (more security cautious and risk averse) have gone beyond eSignature and have adopted a Digital Signature into their process. The market in general uses these terms interchangeably but the reality is that they are not the same. These rather complimentary technologies have significant technical differences between them which include how they impact security and process of authentication of your eSign’ed documents and their legal acceptance in courts in case of disputes.

 

In this article we will explain the difference between the two and share a neat infographics for a quick glance.

E-signature: Under legal parlance, an electronic signature refers to “any electronic indication of intent to agree to a record”. The presence of eSignature has dominantly increased with the passing of E-sign Act in 2000 which makes it legally enforceable.  eSignature has its own unique feature and that is its ease of use. Customers get the advantage of signing a document using a verbal signature, like giving consent over the phone, with a simple click on the box, a visual representation of their signature, and any electronically signed authorization. A real electronic signature has four main components:

  1. Method of signing
  2. Data Authentication
  3. User Authentication
  4. Captured Intent to eSign

eSignatures are not fully regulated compared to digital signatures. Because most electronic signature providers simply use an image of your signature super-imposed on a document, the authenticity and integrity of the document is often questioned as it is difficult to identify the real owner of the document as it is not certified.  Just an image of your signature placed on a document cannot be verified especially if someone tampers  with the document after it is signed. With ZorroSign, however, the eSignature is real and not just an image and customers are protected against post execution forgery and tampering using our proprietary document 4n6 (Forensics) technology.

 

Digital Signature:  Uses a cryptographic technique. The digital signature encryption helps in securing the data that is associated with the signed document. The formula of a digital signature is that of a validation, like notaries in the past. The notaries were invented when paper-based documents were forged. Even today, notaries play a key role in ensuring and verifying transaction between parties. The same problem exists with eSignatures and digital signature helps in solving this problem and is the online equivalent of the notary.

 

In the world of digital transactions, the most popular authentication method, Public Key Infrastructures (PKI), is necessary to help ascertain the identity of  people signing documents, devices used to sign documents, and services used. PKI goes way beyond the use of user IDs and passwords. It employs cryptographic technologies such as digital signatures and digital certificates to create unique credentials (using combination of public and private keys) that can be validated beyond reasonable doubt and on a mass scale.

 

The process of applying the digital signature will be explained in the following steps:

  1. The software creates a unique digital fingerprint (called a hash) of the document content using a mathematical algorithm.
  2. The hash is encrypted using the signer’s private key.
  3. The encrypted hash and the signer’s public key will be combined to make a digital signature.
  4. This digital signature will be attached to the document.
  5. The digitally signed document is now fully secured and ready to use.

The evolution of online signature is quite significant as it has moved from simply imposing an image of a signature to a multi-layered encryption process. The benefit of an online signature cannot be deciphered in words.The integration of eSignature into the electronic document workflow has always been a top priority for respected eSignature providers like ZorroSign. It is safe to conclude that it has a strong legal presence to that of a wet ink signature as long as it sticks to the terms and conditions of the contracts drawn by (E-sign Act), 2000. ZorroSign adheres to the gold standard of these eSign laws and ensures quality delivery of their product/services to their customers.

There are a lot of great resources out there that inform and educate business consumers about the direction of the technological revolution. Especially those core business technologies that directly impact how companies run their business transactions. At ZorroSign, one of our favorite blogs to read is written and published by DLA Piper. When lawyers write about technology we take that very seriously.

Recently, DLA Piper published an article called Electronic Signatures: The element of intent in the digital environment. The article addresses the legal enforceability of electronically signed document under the notion of “intent.” To make a person’s signature legal on a digital paper and how the ESIGN act and UETA define a signature similar to the Uniform Commercial Code’s definition of a signature. If you are interested in how a businesses process must explicitly include an action of verifiable intent to sign a contract in order to make an eSignature legally binding, click here to read the full article.

Another article, published this year is, eSignature and ePayment News and Trends. In this article, DLA Piper goes into detail about case law where the use of electronic signatures are upheld over and over when a defendant can produce an electronic record showing that the plaintiff’s unique login and password were used to access and acknowledge an agreement. Click here to read the full article and explore the case law referenced. This article also covers use of Blockchain in business transactions, remote notary and other interesting regulations and use of technology. We find it invigorating to learn that ZorroSign technology is at the forefront of legally acceptable and binding eSignature and DTM solutions.

An interview with Shamsh Hadi, a co-founder and CEO of ZorroSign.

 

Since the mid 1990’s when electronic signature was first invented by one of ZorroSign’s Co-Founders, global commerce has experienced a rapid digital transformation. Businesses soon began to realize that in order to compete on a global scale, implementing processes that allowed for paperless (digital) transactions was imperative for growth. As a result, companies started adopting eSignature solutions.

 

Almost two decades after eSignature became legally recognized through the passage of the ESIGN Act of 2000, many companies are still slow to adopt this transformative technology. ZorroSign has taken the eSignature technology into its next phase of evolution; Digital Transaction Management (DTM) and digital document security. Today, ZorroSign customers are not only using electronic signatures to execute contracts, but they are managing entire business processes using workflow automation. There are several products in the market today that don’t necessary fulfill the promise of DTM. Shamsh Hadi, Co-Founder and CEO of ZorroSign explains the five questions he feels are most important for business leaders to ask before choosing an eSignature and DTM solution.

 

1. What is DTM and how different is it from eSignature?
Digital Transactions Management (DTM) refers to a software system that enables organizations to digitally manage document-based business transactions.  From simple business transactions like non-disclosure agreements and sales contracts to more complex ones such as new hire packet handling and purchase order processing.  ZorroSign customers are managing diagnostic lab workflows, M&A transactions, and real estate deals. A true DTM platform is more than just eSignatures, it also includes verification and authentication, non-repudiation, automation engine, workflow management, and multiple levels of security and privacy controls. There are levels of DTM, from basic to more complex enterprise systems. An advanced DTM solution can include a document management system, rules and policy engine, adherence and compliance to various laws and regulations such as Sarbanes-Oxley, GDPR, Document Retention Policies, and intelligent forms management. There are also provisions for security, privacy, authenticity, legality, and trust for managing document-based transactions conducted on all types of devices used.

 

In contrast, eSignature is one, but very important, component of a DTM system and refers to “any electronic indication of intent to agree to a record.” eSignature has its own set of characteristics, features, and use cases. Customers get the advantage of signing a document using a verbal signature, like giving consent over the phone, with a simple click on a checkbox or any electronically signed authorization. The four main components of a valid eSignature are: Method of signing, Data Authentication, User Authentication and the ability of the eSignature to capture the intent to eSign.

 

2. What can I use eSignature and DTM solution for?
eSignature and DTM are key to digital transformation for any organization. The grand promise of DTM is that it eliminates physical paper from the office and offers highly secure way to execute business transactions. Specifically, a DTM system can be used to automate business transactions from contracts execution to approval processes, managing digital records, capturing electronic and biometric signatures to secure sensitive documents, content automation, and support for mobile devices. More sophisticated solutions offer protection of documents or digital assets. All industries benefit from adopting an eSignature and a DTM solution, and each industry has its own blend of use cases and applications to use DTM system for.  What DTM is to business transactions; CRM is to contact management.

 

3. How are eSigned documents legally binding and admissible in court?
The US Federal ESIGN Act of 2000 made electronic signatures and eSigned documents legally binding and admissible in court if they meet specific qualifications and constitute, “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” Further, the Uniform Electronic Transactions Act (UETA) provides additional guidance on the validity of eSignatures and how to ensure they are legally binding. In the case of ZorroSign, we go beyond the legal parameters and offer added features to ensure authentication and verification of users, documents, and processes.

 

4. Is pasting an image of a signature on a document same as eSigning a document?
No, what we call, superimposing an image of a signature on a document is not the same as eSigning a document. In short, a legally binding electronic signature must meet specific criteria where the intent to enter into a contract is clear and verifiable and can be traced back to the person who the signature belongs to. Furthermore, a simple image can be simply cut out of a document and replaced with something else. That’s why only real electronic signatures are legally binding and admissible in court.

 

5. Are my eSigned documents secure against document fraud?
With ZorroSign, they are. ZorroSign has a proprietary technology, called Zorrosign 4n6 (Forensics) Token, that helps detect post-execution document fraud and signature forgery. ZorroSign 4n6 encrypted Token is the multipurpose bridge which comprehensively validates both electronic and paper documents. 4n6 Token can help verify that a document has not been tampered, revised, revoked, replaced or canceled. By adopting Zorrosign 4n6 (Forensics) Token Technology in their document transaction process, businesses can have the peace of mind that their documents are secure and always verifiable.

 

Zorrosign 4n6 Token, when challenged or investigated, can be used as evidence without repudiation in a court of law. Users can view audit trail including attachments, signatories, biometrics, time stamp, among many other pieces of information about the users, the documents and process used. Thus, you will never have any trouble with online document verification whenever required.

 

Contact ZorroSign if you are curious and interested to learn more about eSignature, document fraud, and DTM.

Ever wonder how signatures impact both history and the future?

 

The National Archives has created an exhibit that explores the history of signatures. The exhibit shows how people have left their mark on history through signatures, written, electronic and cultural signatures. The video and exhibit explores how signatures represent the power of original records.

 

Learn how the autopen was used to authenticate laws and documents and how technology has changed how we sign our name over the years.

 

President Clinton signed the Electronic Signatures in Global and National Commerce Act or eSign act also known as the Digital Millennium Copyright Act on June 30, 2000. The eSignature and digital signature pad invention of one of the co-founders of ZorroSign was instrumental in the passage of this historic law. President Clinton signed the law document with both wet ink, as a symbolic gesture, and also used a digital signature token. This paved the way for ZorroSign’s patented and legally binding signature application.

 

We found this video very fitting not only from the perspective of the role of electronic signature in our society today, but also the impact of signatures on our society throughout history.

 

This week, Japanese Prime Minister Shinzo Abe and his close ally, Finance Minister Taro Aso accepted blame for an unraveling scandal in which official records were tampered with.  Total of 14 documents related to a dubious sale of state land at one-seventh of the appraised value to nationalistic school operator Moritomo Gakuen had been altered. The papers were scrubbed of all mention of Mr Abe and his wife, as well as lawmakers from the ruling Liberal Democratic Party (LDP).  Later, it was discovered that another set of documents, which show a record of price negotiations with Moritomo before the sale, were missing from what was submitted to the Parliament. (News source)

 

When documents signed with wet ink are tampered with or signature forged, document forensics experts can very easily detect the wrong doing.  Multiple copies may provide protection as long as those copies are not destroyed. The list of ways document fraud can be conducted is extensive.  Document transactions conducted using digital paper and electronic signature give you the false sense of security. The truth is that digital documents that were either electronically signed or signed in wet-ink and then scanned can, very easily, be tampered with and signatures on them forged after the effect. This can be accomplished with the use of software such as Adobe Acrobat Reader and Preview on Mac which are available for free.  Complete digital transformation is inevitable. Its just the matter of time. This problem will not go away.

 

So, how can individuals and businesses protect themselves again such malicious act? How can the Japanese public protect itself in the future from what Shinzo Abe, Taro Aso , and Moritomo Gakuen did? This was just one transaction by them that got caught. How many other transactions they must have conducted with forged signatures and tampered documents?

 

Imagine you’re a healthcare service provider, a doctors office, a financial services institution conducted millions of transactions a month domestically and internationally, a real estate deal, or a half a million dollar sales contract. The liability of having documents tampered with or signature forged for any one of the transactions in the above mentioned industries, is significant. Even companies that strictly use wet-ink on paper signature are scanning-and-storing documents electronically – not to mention rows of steel file cabinets lining up in offices around the world resulting in increased risk and insurance premiums. At the end of the day whenever these digital documents are to be shared with anyone there will always be this one question, is the document that I am looking at, original and authentic?

 

Only if there was a way to lock all the documents of a transaction with an encrypted token, secure them by a super advanced hash, and seal them with biometrics? What if, in addition, a distributed ledger could track the audit trail of actions and chain of custody?

 

As it turns out that there is.

 

With ZorroSign’s real eSignature and patent-pending unique Document 4n6 (Forensics) Token technology, individuals and organizations can be 100% confident that their business is protected against document fraud whether you’re sending documents out for signature, signing documents yourself, or wanting to verify and authenticate documents shared with you. As long as they were signed by ZorroSign, you know you can have the peace of mind that you and your business are protected against document fraud.

 

With the era of “going paperless” well underway, the days of “wet signs” are soon going to be an ancient history. Going paperless, of course has its advantages, ranging from efficiency to environmental benefits, however, it is vital to keep in mind safety and security when it comes to using eSignatures as the replacement of actual wet signatures.

 

There is a plethora of evidence supporting the tectonic shift of going digital, however, many are concerned about the end-to-end execution of the entire document signing process. The US Federal ESIGN act defines it as, “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.” This is a broad definition, and there are a plethora of ways documents can be signed electronically and contracts (or transactions) can be executed ranging from entering your initials, checking a box, typing your name, pasting a scanned image of your signature, and using a cryptographic-based digital signature.

 

Many digital signature solutions have been created with different levels of security measures around each. These include ensuring that they are tamper proof by forming a link between the signatory and his signature with the help of an encryption key that may be in the possession of the signatory.  This layered security ensures that the three vital aspects of the digital signature that ensure its legal validity have not been breached. These three aspects are:

 

Authentication: All the signatories are known to each other and can be authenticated easily.

Integrity: The signatories are the same persons who have signed the contract. I.e., the documents and the digital signatures have not been changed en-route

Non-repudiation: None of the signatories to a contract can deny that they are in fact, the actual signatories of the contract

 

But, this however, leaves a glaring gap, the susceptibility to hacks, forgery, and fraud.

Enter the world of biometric signatures.

 

Biometric verification of a signature now adds yet another level of security to the documents that are a part of a digital transaction.  The idea is to find a very unique way to authenticate and verify signatory because even the most complex passwords can be cracked. Biometrics is the natural answer because it is unique and, if done right, cannot be stolen or duplicated. A ‘bio’ signature is pretty much amongst the highest levels of security solutions out there. It has the capability of recording individual idiosyncrasies of the person signing the digital document. Traditionally biometrics means signing and verifying signatures and documents with retina scan, iris scan, and recently popularized by mobile devices, fingerprints and facial recognition technology. Advanced biometric may also use the personal mannerisms of the signatory such as the ‘flourish’ of the pen when he signs, when he slows down and consequently where he accelerates when signing, his overall rhythm and speed; and many other seemingly random variables that taken together, form a highly personalized and forensically identifiable and therefore utterly unique foolproof signature.

 

And the applications for biometric signatures are endless. They can be as basic as opening a bank account to as complex as closing multi-million dollar deals. Biometrics can also be used in conjunction to a simple 2-form authentication. Biometrics can be used not only to secure the digital transactions but also to restrict access to authorized individuals only.  And we are just getting started.