Digital & Electronic Signature FAQ

A digital signature (standard electronic signature) takes the concept of traditional paper-based signing and turns it into an electronic "fingerprint.” This "fingerprint,” or coded message, is unique to both the document and the signer and binds both of them together. Digital signatures ensures the authenticity of the signer. Any changes made to the document after it has been signed invalidate the signature, thereby protecting against signature forgery and information tampering. As such, digital signatures help organizations sustain signer authenticity, accountability, data integrity and the non-repudiation of signed electronic documents and forms.

Watch a video to see how a digital signature works.  

An electronic signature can be as basic as a typed name or a digitized image of a handwritten signature. Consequently, e-signatures are very problematic with regards to maintaining integrity and security, as nothing prevents one individual from typing another individual's name. Due to this reality, an electronic signature that does not incorporate additional measures of security (the way digital signatures do, as described above) is considered an insecure way of signing documentation.

It is estimated that every year, 30 billion paper documents are copied or printed by US companies. When factoring the costs of copying, scanning, archiving, routing, and retrieving lost documents, each paper-based signature is estimated to cost $6.50. The average authorized employee signs 500 documents a year at a total cost of $3,250. Organizations are implementing digital signature solutions to:

• Automate and expedite business processes 
• Cut operational costs   
• Improve efficiency and collaboration 
• Address legal compliance and limit liability 
• Go green

Calculate the return on investment of implementing a digital signature solution in your organization by downloading our digital signature ROI whitepaper and Excel spreadsheet.

Many processes require formal authorizations or approvals. Often times, the number of signature-dependent processes within an organization or department is higher than many realize. By implementing digital signatures, organizations are able to significantly shorten process times while cutting costs and improving collaboration and efficiency.
The table below highlights some signature-dependent processes and documents:

Using Bob and Alice, we can illustrate how a digital signature (standard electronic signature) is applied and verified.

From Bob's perspective, the signing operation can be as simple as a click of a button. But several things happen with that one click:

Yes. In 1999, the EU passed the “EU Directive for Electronic Signatures” and on June 30, 2000, President Clinton signed into law the Electronic Signatures in Global and National Commerce Act ("ESIGN"), which made signed electronic contracts and documents as legally binding as a paper-based contract.

Today, digital signature (standard electronic signature) solutions carry recognized legal significance, allowing organizations to comply with regulations worldwide. Learn more about digital signature regulations and legislation.

Important milestones in the acceptance of digital signature (standard electronic signature solutions) solutions into business practices took place in 1999 and 2000, when the EU passed the “EU Directive for Electronic Signatures” and President Clinton signed into law the Electronic Signatures in Global and National Commerce Act ("ESIGN").

Furthermore, legal precedents are being established that confirm the validity of electronic documents and contracts. Here are a few examples:

• Cloud Corp. v. Hasbro Inc., 314 F.3d 289 (7th Cir. 2002) - electronic documentation satisfied the Statute of Frauds.  
• Sea-Land Service, Inc. v. Lozen International, LLC, 285 F.3d 808; 2002 WL 496943 (9th Cir. 2002) – ruled that an internal company e-mail was admissible evidence.  
• Moore v. Microsoft Corp., 741 N.Y.S.2d 91 (April 5, 2002) – By clicking “I agree,” the terms of the End User License Agreement were valid and binding.

Nicholas Leeson forged handwritten signatures of his boss and caused the collapse of Barings Bank, the United Kingdom's oldest investment bank. While both handwritten and digital signatures (standard electronic signatures) are legally-binding, only digital signatures ensure the non-repudiation of documents.

• Providing evidence of user identity
• Guaranteeing data integrity
• Ensuring the non-repudiation of signed electronic documents 
• Complying with regulations

The following are some considerations that should be taken into account when choosing a digital signature solution that will maximize the business benefits of moving to a paperless environment:

1. Seals the document: Some solutions offer a non-standard electronic signature, that can be tampered with and that is not legally binding. It is best to choose a solution that is based on Public Key Infrastructure technology, thereby guaranteeing document integrity and legal compliance.  
2. Compliance: Review the regulations within your industry, ensuring that the electronic signature solution addresses all industry requirements.  
3. Multiple Application Support: Some solutions offer electronic signature support for Microsoft® Word or PDF documents only. Find a solution that supports all applications in order to address current and  future business requirements. 
4. Transportability: Ensure that the electronic signature is part of the document and that the signed documents may be validated by an outside user without having to install a proprietary software application. 
5. Graphical Signature Support: Although graphical signatures are not technically or legally mandated, a graphical e-signature has the psychological benefit of easing the transition to a paperless environment, because the e-signature on the electronic document appears as it would on a paper document. 
6. Seamless User Registration: Ask the vendor how users are enrolled and how changes to user information are updated. Many electronic signature solutions require a new user to go through a complex software “wizard” or go through several steps to enroll or update their information. For fast rollout and easy adoption within the organization, registration should be transparent to the user.
7. Multiple Signatures on the Same Document: Some electronic signature solutions allow for only one e-signature on a document. Look for a solution that can support multiple signatures on the same document. 
8. Simple to Use: Some electronic signature solutions require multiple steps to e-sign a document. It should only take 1 or 2 mouse clicks to ensure that the document is sealed and legally enforceable. 
9. Zero IT Management: The electronic signature solution should be operational as soon as it is deployed. Help desk and IT support should be minimal.
10. Low Total Cost of Ownership: Remember to account for initial cost, deployment, support, digital certificates (which may be a recurring annual cost) and development for the applications that require electronic signatures.

Please reference How to Choose the Best Electronic Signature Software for more detailed information on choosing the best e-signature solution for your business.

Public Key Infrastructure (PKI) is the basis for the digital signature (standard electronic signature) today. PKI provides each user with a pair of keys, a private key, and a public key, used in every signed transaction. The private key, as the name implies, is not shared and is used only by the signer to electronically sign documents. The public key is openly available and used by those that need to validate the signer’s electronic signature. PKI encompasses different components which include a Certificate Authority (CA), end-user enrollment software, and tools for managing, renewing, and revoking keys and certificates.

Qualification as an SSCD is necessary for a digital signature (standard electronic signature) solution to comply with the EU Directive for Electronic Signatures. An SSCD is defined by the EC Directive 99/93 on Electronic Signatures as follows:

Secure signature-creation devices must, by appropriate technical and procedural means, ensure: 

• The signature-creation data used for signature generation can occur only once, and that their secrecy is reasonably assured. 
• The signature-creation data used for signature generation cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology. 
• The signature-creation data used for signature generation can be reliably protected by the legitimate signatory against the use of others. 
• Secure signature-creation devices must not alter data to be signed or prevent such data from being presented to the signatory prior to the signature process.