Authentication for E-Signature Transactions: Forrester Recommends Flexibility
Forrester Research just published a new report on e-signature, The State Of E-Signature Implementation: 25 E-Signature Use Cases Show Adoption Trends. In it, Forrester analyzes electronic signature implementations from a cross-section of industries, including financial services, government, food services, tourism, manufacturing, retail and more. This report provides a global view of e-signature implementations, covering:
- 25 organizations in 10+ countries
- >10 authentication methods
- 7 use cases (44% automated contracting & procurement)
- Project timelines from 1 – 24 months
- 23 lessons learned
Look for flexibility in authentication supportOf the 25 e-signature cases in the Forrester report, authentication methods vary significantly:
- Government-issued ID verification
- LiveID video
- SMS authentication
- 3rd party digital certificates
- Non-trusted certificates
- Username and password
- One-time password
- Biometric signature
- Login PIN
- Email invitation
- Handwritten signature
- Knowledge-based Authentication (KBA)
Image courtesy of User Authentication for E-Signature TransactionsIf nothing else, this list underscores the need for flexibility in an e-signature solution. Why? Research indicates that while most organizations introduce e-signatures for one initial process, once that process is live, requests from other departments and divisions quickly flood into IT. Within business and government, there are so many opportunities to replace paper processes with digital workflows in:
- Internal processes (e.g., HR, accounting, legal)
- B2B processes (e.g., contracts with vendors)
- B2C processes (e.g. documents signed by customers)
Authentication differences between the US and EuropeWhen it comes to authentication, Forrester found distinct differences between the US and Europe:
- "The US predominately opts for simpler e-signature authentication. Most US cases we examined did not require qualified signatures… an advanced signature that uses several forms of authentication proved adequate."
- "Europe emphasizes authentication and leans toward biometrics. […] Firms in the EU place a higher priority on authentication. We looked at firms in Belgium, Italy, Romania, and Turkey that all used qualified signatures."
Image courtesy of eIDAS and eSignature: A Legal Perspective
E-Signature solutions that support biometric authenticationBiometrics such as thumbprint and facial recognition are a new option for authenticating signers. While it’s still early days for biometrics, Forrester expects this to change rapidly, predicting that "… over the next three years, authentication will migrate to biometric alternatives that have an easier customer experience and leverage advancing analytics." According to the analyst, "Smartphone signatures, voice, fingerprint, retina, and facial recognition will become more important. eSignLive by VASCO, for example, is integrated with VASCO’s DIGIPASS for Apps offering, a mobile software development kit that offers biometric capabilities such as facial and fingerprint authentication." This integration brings together biometrics, fraud analytics and mobile e-signature technologies to deliver secure and convenient mobile experiences. It leverages e-signatures to capture intent in a legally binding way, using something as simple as a "selfie" to validate the customer’s identity before the signing process is complete.
Watch a demo of the eSignLive Smile & Sign facial biometrics capability
Balance risk with customer experienceAccording to Forrester, "In the battle between risk and customer experience, the latter should win. Making the process overly complex will inhibit adoption." As you think about how to digitize your paper process, start by familiarizing yourself with your process, requirements and risk tolerance. While there are many secure and user friendly options for identifying signers online, ultimately the choice of authentication method depends on the risk profile of the process being automated and the underlying digital transaction. The key point here is to securely authenticate users without diminishing their experience. Look for an e-signature solution that offers a wide range of authentication options to better fit your needs and as a result, enable better experiences. For example, ensure you have the ability to authenticate signers before they gain access to documents AND at the point of signing for your higher risk, higher value transactions.
Look for flexibility to help mitigate complexityOf the four recommendations made in this report, Forrester urges e-signature buyers to "Select providers with proven flexibility to support a variety of signing scenarios. E-signature approaches will become more complex, not less. Deployments may opt to use two of 10 possible authentication options, want to experiment with emerging biometrics, or design a unique mobile experience." As the diversity of authentication methods cited in the Forrester report shows, there are many options for authenticating signers online. Ultimately, however, the choice of authentication depends on the process being automated. To determine the best authentication method for their needs, e-signature software buyers have to ask themselves:
- What type of processes are we automating?
- In what channels do they take place?
- What types of documents are being signed?
- What is the transaction value?
- How much risk is involved?