Electronic signatures (e-signatures) are becoming more and more common as the reach of financial institutions grows beyond traditional, geography-based markets. In this kind of environment, having products and procedures that require in-person validation puts Credit Unions on the back foot when it comes to what they can offer potential borrowers, or even potential members.
eIDAS, the EU regulation on electronic identification, defines an electronic signature as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” eIDAS also repeals Directive 1999/93/EC, which means that there's no need to spend time implementing it into a country’s legal systems - regulation is binding directly.
Basic (sometimes called Standard) e-signatures
These e-signatures have low compliance requirements, and naturally a much lower legal standing than other forms of e-signatures. A basic or standard signature can be something as simple as writing your name under an email - there’s no way to track or verify where the signature has come from, or if it’s even a real signature. Users do not need to be registered to anything, and their identities do not need to be validated before offering their signature on a document - the fraud and money laundering risks associated with basic signatures is exponential, and, as such, Credit Unions need to ensure they don’t become part of their regular process.
At Wellington IT, we use Advanced e-signatures within cuOnline+. According to Article 25 (1) of the eIDAS regulation, an advanced electronic signature shall "not be denied legal effect and admissibility as evidence in legal proceedings". Gaining an advanced trust level requires much more scrutiny than a basic signature.
There are four requirements used to determine if an implementation has met the requirements for Advanced e-signatures:
- Be uniquely linked to the signatory
- Be capable of identifying the signatory
- Created using electronic signature creation data that the signatory can, with a high level of confidence, use other their control
- Linked to the data signed in such a way that any subsequent change in the data is detectable
An advanced e-signature comes with a unique identifier that links to the person signing - this signature key is only accessible by this person, meaning not even a service provider can replicate it, as well as the guarantee that a document has not been modified since signing. Article 26 of eIDAS provides more specific requirements for advanced electronic signatures. These signatures are also much easier to identify due to the way they store data, with even a simple PDF reader being able to validate them. Going forward, advanced signatures are expected to be the most commonly used in financial institutions throughout the EU.
E-signatures are only as secure as the business processes and technology used to create them. High value transactions need more secure signatures, balanced against the required detail and cost to ensure the system remains viable. With Credit Unions pushing to expand what they can offer to members, both in terms of the number and value of services in the coming years, it’s important to take the necessary steps now to protect your Credit Union in the future.
If you want to find out more about how e-signatures can improve your member services, get in touch.
Disclaimer: This article is available for educational purposes only, as well as to give you general information and a general understanding of the law, not to provide legal advice. This article is not legal advice. You should not act upon this information without seeking advice from a lawyer licensed in your own state or jurisdiction. Your use of the article is at your own risk. The materials presented in the article may not reflect the most current legal developments, verdicts or settlements. These materials may be changed, improved, or updated without notice. Wellington Computer Systems LTD is shall not be responsible for any errors or omissions in the content of this site or for damages arising from the use or performance of this article under any circumstances.