By Rian Schoeman, head of legal at Etion Secure (Incorporating LAWtrust)
Digitalisation and digital transformation have seen a significant organisational shift from paper-based processes and procedures. Most organisations have adopted alternative methodologies for signing documents to ensure auditable document trails while minimising the costs associated with paper-based transactions and the risks of fraud and identity theft. However, few recognise the difference between an electronic signature and a digital signature – a critical difference that can have an impact on the legalities and security of any document trail.
“The electronic signature is usually defined as an identifying mark that can be anything from a photograph or a scan of a signature to a squiggle made on a mobile phone or tablet,” explains Adv Rian Schoeman, head of Legal, LAWtrust, an Etion company. “It isn’t secure. In fact, the electronic signature is at risk of fraud as it is easy to copy, move and adjust. This is particularly true of poorly executed signatures that are not easily identifiable.”
To ensure deeper security, particularly with regards to highly sensitive or complex records and contracts, digital signatures are more efficient and reliable. A digital signature ensures an auditable, provable trail that can be clearly linked to a specific person and identity. Usually, a digital signature can only be used once the individual has undergone a process of identity verification which assures all parties that the right person has signed the right documentation.
“When you open a digitally signed document with a solution such as Adobe PDF reader, selecting the signature will reveal the digital certificate that outlines the individuals name, surname, and other specified identifying factors such as email and email address,” says Schoeman. “These signatures are certified and legally binding.”
An electronic signature, paper-based signature, photograph or email signature may have legal weight but proving that the person’s intention was to be bound by that signature is an involved, complex process. A digital signature does not face the same challenge. The identify verification process ensures that much of this evidence is built into the signature. While the legal process will require that the organisation prove who made the signature, in the event of a query, the process is simplified by the digital trail and embedded forensic evidence.
“To be completely assured of digital signature security, South Africa’s Electronic Communications and Transactions Act (ECTA) recognises the concept of an Advanced Electronic Signature (AES),” adds Schoeman. “This is similar to a digital signature in that it is based on a digital certificate, but it requires face-to-face verification. This ensures the person receiving the document that the signer (signatory) of the document has been verified in person.”
When a signature is disputed, it is the person who queries the signature who has to prove that it is invalid. For large organisations that enter into numerous contract agreements, this is a valuable tool as it assures them of a measure of security when signing agreements.
“To provide both enterprise and its legal department with peace of mind, it is recommended that all digital contracts or agreements are signed using a digital signature,” concludes Schoeman. “This will not only alleviate unnecessary issues that could occur further down the line but will provide all parties with the right levels of assurance from the outset.”