Sign of the times: how to pick the best software for e-signatures

By Engel Schmidl

The COVID-19 pandemic – and the drive towards paperless transactions and digital transformation – has expedited the adoption of electronic signature technology for organisations large and small.

Adopting e-signature technology can be transformational for businesses, and particularly SMEs. But many businesses are still cautious about the technology, sticking with ink and paper because they think e-signature software may expose them to fraud and other forms of cybercrime.

What should businesses look out for when making the switch from ink to digital signing? 

Why e-signature software can be safer

The co-founder and CEO of Cynch Security, Susie Jones, says there is always an element of risk involved with any technology. 

"I think particularly when it comes to e-signature, the risks are not greatly different from the risks that have always existed when it comes to gathering signatures in person," says Jones, whose company specialises in managing cybersecurity risks for SMEs.

"The biggest risk is forgery. As with traditional paper and ink signatures, forgery and identity theft are a real risk. The difference is, with e-signature software, provided you're using a reputable software that uses encryption; then provided that you protect your password and use multifactor authentication, I would argue the risk of forgery is actually a lot lower."

Professor Matthew Warren, the director of the RMIT University Centre for Cyber Security Research and Innovation, says e-signature software offers far more protection to users than ink and paper. 

"The risk that organisations face is not having e-signature software," he says. "Without e-signature software, it is easy for organisations to be defrauded as traditional signatures can be copied.” 

Additionally, he says, the use of e-signature software can be managed by organisations so that they can log and track documents more easily.

Legally, e-signatures have gained traction in recent times, too. Andrew Hii, a partner at legal firm Gilbert + Tobin, says an increased understanding of the benefits provided by e-signatures has helped boost its uptake.

"E-signing can be just as safe as traditional wet-ink signing, and also provide additional protections," Hii says. 

He notes the COVID-19 crisis has brought the technology into greater focus, necessitated by the constraints of remote working arrangements. 

"Some of the laws that enable e-signing were introduced as part of COVID-19 contingency measures and are temporary in nature, although it is widely expected that these measures will be made permanent."

E-signature safeguards

Businesses must consider several factors when using e-signature software. Hii says e-signatures can now be used for a wide range of commercial and legal documents, but frameworks vary between jurisdictions, making it imperative for businesses to check their local laws.

"There are some situations where a deed cannot be signed electronically – so you should always check with deeds," he says. 

"Not all government forms can be signed electronically, so you should check with the relevant government agency if seeking to do so."

Likewise, companies trading internationally must be cognisant of the requirements in different countries. Professor Warren cites the European Union as a jurisdiction with an advanced framework for trust services such as e-signatures, but again, not all countries follow the same rules.

"The EU's eIDAS [electronic and trust services] regulation provides one of the more comprehensive e-signature frameworks in the world to ensure a high degree of identity assurance during the e-signing process."

He says in mitigating e-signature risks, businesses should look at how a software platform they are thinking of using handles authentication, cloud security, remote identity proofing and data security, including back-ups. 

4 critical factors

There are many reputable and reliable e-signature software platforms. Investing in one is a safe bet for a business, but certainly not the only option, says Hii.

"You don't need to use an e-signing platform to e-sign," he says. "Copying an image of your signature or using a stylus to sign your name in the execution space is just as effective from a legal standpoint."

"From a risk perspective, you will want to make sure you are sharing a signed copy of the document that cannot be edited, for example, in PDF and not Word. Obviously, these practices lack some of the protections provided by the e-signing cloud platform."

Warren, Jones and Hii all say the four key factors to consider when picking a software platform for e-signatures are encryption, multi-factor authentication, audit and tracking, and data storage.

"For cloud-based systems, users ought to consider what access controls are in place [e.g. two-factor authentication], what metadata is collected and what level of encryption is employed," Hii says.

"Make sure you're confident that the software provider is using encryption to actually protect the document so that other people can't access it unintentionally, and if they do, they can't read it," Jones says.

She says multi-factor authentication ensures the document is sighted and signed by the intended person. 

"So if you know for certain the phone number of the person that you're sending the documentation to, as well as the email address, then you can be confident that the person that signs the document is the person that was able to (a) access that email address and (b) they can access that phone."

The software should also log all the interactions on the document, so there is an audit history of who logged in and who signed what, she says.

After a document has been signed, it must remain only accessible to the signatory parties, and that the parties have access to the documents for future reference. 

"After a document has been e-signed, can you download the signed document as a PDF and store it in your own systems? Or are you dependent on the e-signing platform to store the document? Clearly, the first situation is preferable," Hii says. 

"The location where the data is stored, and the ability of the cloud provider's staff or other third parties to access that data, is also a relevant consideration."

The continued repercussions of the COVID-19 pandemic almost guarantee the swift recent uptake of e-signature software will be consolidated as remote deal-making becomes the norm. 

Picking the right e-signature platform for your business will provide you with the assurance that your documents are signed by the right people and remain uncompromised by forgery and other fraudulent activities.