Rising levels of digital fraud and cybercrime may require digitalized organizations to relook document e-signing solutions
According to research by Deloitte, the global e-signature market is projected to reach over US$16bn by 2026, driven by supportive regulations in North America and spilling over to industries in the Asia Pacific region and Europe.
The widespread adoption and retention of hybrid- and remote-working arrangements is also adding to the digital transformation and cybersecurity landscape in terms of demand for digital identity verification and authentication solutions.
DigiconAsia.net finds out more from Andy Mellor, Regional Vice President (ANZ), Kofax, about how e-signature solutions and other solutions need to be modernized to keep pace with skyrocketing cyber threats.
DigiconAsia: Are current e-signature workflows coping with today’s distributed workforces, and if not, how can identity verification be improved to cope with rising fraud and cybercrime levels?
Andy Mellow (AM): Most basic e-signature solutions are just a “click-to-sign” system that does not require digital certificates. This limits security and tamper protection. For many organizations transitioning to the remote-working paradigm, adopting the right e-signature solution is a significant step: security criteria must remain top-of-mind to ensure smoother transactions while improving the document security and output.
More secure e-signature solutions involve the verification of digital certificates attributed to each signer to ensure that a document has not been tampered with or altered after the signing.
A certificate-based signature contains encrypted information that is unique to the signer, and this is a crucial step to reduce the fraud, unauthorized signing, and non-compliance.
DigiconAsia: Can digital trust solutions such as blockchain make digital signatures mostly unnecessary, or at least just symbolic gestures?
AM: In a digital world where contracting parties do not know or meet, and therefore do not trust each other, trustworthiness, non-repudiation, and data integrity are key points. This is achieved through the use of what is known as a ‘public and private key pair’.
A public key is something that can be distributed to the public, and a private key is something the owner must keep securely. Before documents are digitally signed, a public/private key pair is generated for the signer. The signing software applies a hash function on the information that needs to be signed and creates a message digest. The message digest is then encrypted with the private key. The result of this is the digital signature. The signature is placed with the document.
Placing the document on the blockchain, makes the document public available. A blockchain is a globally distributed, publicly accessible database. The blockchain adds another timestamp to the document, proving an event has occurred.
The public key can now be used by anyone to decrypt the digital signature to reveal the message digest. Successful decryption proves authenticity of the document. The integrity can also be determined.
Do note that blockchain and digital signatures are not mutually exclusive. A blockchain does not make digital signatures unnecessary or just symbolic gestures. The public key can be used by anyone to decrypt the digital signature. Successful decryption proves the authenticity of the document.
The fact that the public key works means the private key was used to sign the document and it also ensures non-repudiation. The owner of the private key cannot deny they signed it. However, blockchain is set to transform and improve e-signature processes, and will raise the next level of trustworthiness.
DigiconAsia: What are the considerations when selecting a Certificate Authority and certificate type?
AM: When selecting a Certificate Authority (CA) and certificate type, business decision makers would need to ask themselves about the features to consider
- Will users be opening the signed document using one of Adobe’s Acrobat or Reader products?
- What type of documents and content will be signed using the service?
- Is the highest level of certificate needed for users to trust your service?
- In which legal jurisdiction will the service be offered?
- Do these jurisdictions require a specific Trust Service Provider (TSP) to issue the certificate for certain types of transactions?
- Will the service need to support these transactions?
- Will different TSPs need to be used for different countries where the service is offered?
- How/where will your service be hosted?
When issuing certificates, the CA will undertake due diligence checks to ensure they only issue certificates to legitimate and trustworthy companies. These certificates are linked back to the CA’s certificates as part of the hierarchy, and creates a chain of trust as it is part of the same chain of certificates as the top-level CA.
DigiconAsia: Paperless office automation and workflow digitization had been progressing well even before the pandemic. Amid furious digital transformation what are the next-generation OA and intelligent automation solutions that can boost resilience sustainably?
AM: Organizations looking to scale and improve their workflow digitization process can leverage pre-built intelligent document processing capabilities. The latest solutions employ AI to increase accessibility and fully automate content-centric workflows by turning data into actionable insights.
Such continual automation, when accompanied by the right enhancements in identity verification and fraud detection/prevention, will reduce time spent on pre-sorting forms to deliver more accurate information to back-end systems. This increasing business resilience and mitigate compliance risk.
Also, cognitive document automation capabilities can help capture and process information correctly into the right system of record, without further human intervention, thereby relieving some of the problems of the current talent crunch and becoming a long-term sustainable option.
DigiconAsia thanks Andy for sharing his insights on intelligent office automation and advances in e-signature solutions.