Authentication for E-Signature Transactions: Forrester Recommends Flexibility
Forrester Research just published a new report on e-signature, The State Of E-Signature Implementation: 25 E-Signature Use Cases Show Adoption Trends. In it, Forrester analyzes electronic signature implementations from a cross-section of industries, including financial services, government, food services, tourism, manufacturing, retail and more.
This report provides a global view of e-signature implementations, covering:
- 25 organizations in 10+ countries
- >10 authentication methods
- 7 use cases (44% automated contracting & procurement)
- Project timelines from 1 – 24 months
- 23 lessons learned
While patterns emerge among geographic regions and enterprise sizes, one of the most interesting trends is the growing importance of authentication. "Authentication issues are moving front and center. Ramping adoption and the increased value of transactions settled electronically have led to a sharper focus on fraud, legal challenges, and authentication validity."
Look for flexibility in authentication support
Of the 25 e-signature cases in the Forrester report, authentication methods vary significantly:
- Government-issued ID verification
- LiveID video
- SMS authentication
- 3rd party digital certificates
- Non-trusted certificates
- Username and password
- One-time password
- Biometric signature
- Login PIN
- Email invitation
- Handwritten signature
- Knowledge-based Authentication (KBA)
Image courtesy of User Authentication for E-Signature Transactions
If nothing else, this list underscores the need for flexibility in an e-signature solution. Why? Research indicates that while most organizations introduce e-signatures for one initial process, once that process is live, requests from other departments and divisions quickly flood into IT. Within business and government, there are so many opportunities to replace paper processes with digital workflows in:
- Internal processes (e.g., HR, accounting, legal)
- B2B processes (e.g., contracts with vendors)
- B2C processes (e.g. documents signed by customers)
A future-proof e-signature solution has to be able to support the different authentication requirements of each of these. For example, an internal process that requires employees’ signatures may require a simpler form of authentication such as Single Sign-on (SSO). A legally enforceable transaction with a vendor or customer, on the other hand, may require stronger authentication, depending on factors such as the value of the transaction and level of risk involved. In addition, the needs of each sales and delivery channel (e.g., branch/retail, call center, online, remote in-person, etc.) will require different methods of authentication. An electronic document signing process that occurs face-to-face in the branch will not use the same authentication method as a remote transaction.
Authentication differences between the US and Europe
When it comes to authentication, Forrester found distinct differences between the US and Europe:
- "The US predominately opts for simpler e-signature authentication. Most US cases we examined did not require qualified signatures… an advanced signature that uses several forms of authentication proved adequate."
- "Europe emphasizes authentication and leans toward biometrics. […] Firms in the EU place a higher priority on authentication. We looked at firms in Belgium, Italy, Romania, and Turkey that all used qualified signatures."
As a result, organizations with offices and operations in multiple countries may need to add to their requirements list the ability to support authentication methods specific to various regions and jurisdictions, such as the third-party digital certificates foundational to a Qualified E-Signature, as defined under eIDAS. OneSpan Sign is a standards-based signing solution that fully supports requirements for Basic E-Signatures, Advanced E-Signatures, and Qualified E-Signatures:
Image courtesy of eIDAS and eSignature: A Legal Perspective
E-Signature solutions that support biometric authentication
Biometrics such as thumbprint and facial recognition are a new option for authenticating signers. While it’s still early days for biometrics, Forrester expects this to change rapidly, predicting that "… over the next three years, authentication will migrate to biometric alternatives that have an easier customer experience and leverage advancing analytics."
According to the analyst, "Smartphone signatures, voice, fingerprint, retina, and facial recognition will become more important. OneSpan Sign, for example, is integrated with OneSpan’s Mobile Security Suite offering, a mobile software development kit that offers biometric capabilities such as facial and fingerprint authentication."
This integration brings together biometrics, fraud analytics and mobile e-signature technologies to deliver secure and convenient mobile experiences. It leverages e-signatures to capture intent in a legally binding way, using something as simple as a "selfie" to validate the customer’s identity before the signing process is complete.
Watch a demo of the OneSpan Sign Smile & Sign facial biometrics capability
Balance risk with customer experience
According to Forrester, "In the battle between risk and customer experience, the latter should win. Making the process overly complex will inhibit adoption."
As you think about how to digitize your paper process, start by familiarizing yourself with your process, requirements and risk tolerance. While there are many secure and user friendly options for identifying signers online, ultimately the choice of authentication method depends on the risk profile of the process being automated and the underlying digital transaction.
The key point here is to securely authenticate users without diminishing their experience. Look for an e-signature solution that offers a wide range of authentication options to better fit your needs and as a result, enable better experiences. For example, ensure you have the ability to authenticate signers before they gain access to documents AND at the point of signing for your higher risk, higher value transactions.
Look for flexibility to help mitigate complexity
Of the four recommendations made in this report, Forrester urges e-signature buyers to "Select providers with proven flexibility to support a variety of signing scenarios. E-signature approaches will become more complex, not less. Deployments may opt to use two of 10 possible authentication options, want to experiment with emerging biometrics, or design a unique mobile experience."
As the diversity of authentication methods cited in the Forrester report shows, there are many options for authenticating signers online. Ultimately, however, the choice of authentication depends on the process being automated. To determine the best authentication method for their needs, e-signature software buyers have to ask themselves:
- What type of processes are we automating?
- In what channels do they take place?
- What types of documents are being signed?
- What is the transaction value?
- How much risk is involved?
An e-signature solution such as OneSpan Sign provides the flexibility to support any authentication requirement you have today and tomorrow, no matter how simple or advanced. This flexibility will enable you to use the same e-signature solution across your organization, while customizing the authentication to provide a secure and intuitive user experience. Get more insight into electronic signature authentication with the Forrester report or the webcast inspired by this report: E-Signature Implementation Best Practices to Drive Adoption.