Contract Management Blog by Contracts 365

The Importance of Having a Secure Digital Signature Platform

Written by Jessica Alden | May 7, 2019

If you need a more convenient and secure way to get your documents signed, a digital signature platform is the answer. Digital signatures provide technical advantages over traditional contract-signing methods and are fully enforceable in court. An online digital signature platform helps you quickly and efficiently integrate them into your business.

What Is a Digital Signature?

A digital signature is a thumbprint for an electronic document. It contains unique technical information that virtually guarantees who the document sender is and that the document wasn't altered in transit.

How Is a Digital Signature Different from Electronic Signatures?

Digital signature and electronic signature are often used interchangeably, but technically refer to two different things that are frequently combined.

An electronic signature is the equivalent to putting pen to paper and manually signing a document. It may be made by typing a signature, uploading a handwritten signature, or signing a screen with a finger or stylus. The trouble with an electronic signature alone is that anyone can type a name or edit a standard text document before signing it.

A digital signature is closer to a notary stamp. When someone electronically signs a document, the software creates a digital certificate that provides assurance about who signed the document and whether the document was altered.

Why Use Digital Signatures for Contracts?

The main business case for digital signatures over traditional handwritten signatures is convenience and time savings. Digital signatures eliminate the need to schedule in-person signing meetings or to mail and fax documents back and forth. In addition, since the documents are locked in electronic form, there is no need to spend time verifying that the other party didn't make unilateral changes before signing.

Are Electronic Signatures Legally Binding?

Electronic signatures are legally binding in nearly all cases. The ESIGN Act of 2000 provided federal recognition for electronic signatures used in interstate or foreign commerce. The Uniform Electronic Transaction Act is a joint act by most states to adopt laws recognizing electronic signatures in participating states. Most of the remaining states have separate laws recognizing electronic signatures, and most foreign countries do as well.

Like other contracts, electronic signatures could be challenged based on the facts rather than as a matter of law. Two contract defenses are of special concern with electronic contracts — that the document was altered after signing or that the signature was a forgery. A secure digital signature platform has built-in measures to address these concerns.

How Do Digital Signatures Work?

To understand how a digital signature protects you, it's important to understand how they work. In the contracts context, the first step is signing the contract electronically like you would with a paper contract.

When you sign electronically, a few things happen in the background. The signer's computer uses a private key to encrypt the document and create a hash value. These are sent to the recipient along with a public key that can be used to decrypt the document.

To verify that the keys are valid and secure, the software must create them using public key infrastructure, and a certificate authority must verify the owner of the public key.

When the recipient receives the document, the recipient's computer attempts to decrypt the document. It also verifies that the hash value matches the document. If either of these fails, the document is assumed to have been tampered with and the signature is not valid.

How Do You Know Who's Signing Your Document?

While the technical infrastructure of digital signatures can verify that the signature came from a specific computer, it doesn't tell you exactly who was sitting at the computer to sign the document. It's possible for a certificate authority to perform identity checks before issuing a key, but this is rarely feasible in the document-signing context.

Instead, you'll also need to add in secondary identity verification methods. This might include offline methods such as conducting in-person contract negotiations, or online methods, such as two-factor authentication with a known phone number or email address. Another common method is using security questions drawn from consumer reporting agencies (e.g., "Which street have you lived on?").

Whatever process you use, the digital signature confirms that the person who completed it is the person that signed your document.

How Do You Know a Digitally Signed Document Hasn't Been Altered?

If you control the software, a digitally signed document simply can't be altered outside of the most extraordinary hacking efforts. Unlike a Word document or PDF file, contract management software locks a contract into its current form. There is no option to edit the contract before signing — it can be accepted as-is, rejected, or turned into a counteroffer that would invalidate any existing signatures.

If a user did attempt to alter the contract by changing the data files, the hash would be invalidated, and the other user would be alerted.

Are Digital Signatures Secure?

In addition to the above concerns, you may be wondering if a document sent for digital signature can be intercepted or read by others. This may be out of a general sense of security or a need to comply with specific regulations such as HIPAA or attorney-client privilege. There are three points of security to address.

  • On your computer: Digitally signed documents are protected by your usual passwords, firewalls, network security, and other methods. There is no more risk to digitally signed documents than to any other sensitive file you may have.
  • On the recipient's computer: Digital signature platforms can be configured to require passwords, two-factor authentication, or other login requirements to ensure that only the intended recipient can open the documents.
  • In transit: Digital signature platforms encrypt documents both ways. It would be virtually impossible (to the point that it likely wouldn't be worth it) for someone to intercept and read your documents.

In short, using the right digital signing process is more secure than mail, faxes, emailed documents, or other traditional contract-signing methods.

How Do You Enforce a Digital Signature?

You can enforce a digital signature just like any other contract. When a document is signed digitally, the software typically creates a printable file showing the complete contract with all signatures.

A secure digital signature platform will also provide a complete audit trail showing when the document was altered, when it was signed, and how each person signing it was validated. This gives you overwhelming evidence to take to court if you needed to prove the validity of a contract. In reality, the other party would likely accept the validity of the contract before a dispute got that far.

How Do You Convince People to Use Digital Signatures?

Even if you want to use digital signatures, you still need to get your customers or business partners to buy in. You do that by sharing information about how it is more secure than using other methods of getting signatures.

You can also use convenience as a selling point. Clients rarely want to take time out of their day to come to your office when they don't have to. Most people will also want to get started as quickly as possible rather than waiting extra days or weeks to exchange signatures.

Finally, you'll likely find that many people you deal with have already used digital signatures in either their personal or business lives. For them, digital signatures are more a matter of routine than something new they have to be sold on.

Why Use Contract Management Software for Digital Signatures?

Few companies have the ability to create a secure digital signature process on their own. The time and resources it would take would make it economically impractical.

The major hurdle is the technical requirements. The key creation and encryption process requires constant upgrades to protect against the latest threats and comply with new industry standards. You would also need to maintain adequately secure servers and keep them running at all times to prevent halts in your business. Finally, you must maintain integrations with third-party providers such as identity verification or two-factor authentication services.

In addition, the mere process of creating a signing system takes time. You will need to create a login portal, decide how to authenticate users, provide a means of reviewing the contracts and adding a signature, etc. By using existing software, there is no need to reinvent the wheel.

Conclusion

Digital signatures are a safe and efficient way to get signatures on your contracts and other important documents. You can easily make them part of your business processes by using contract management software.  Contracts 365 is the leading provider of contract management software for businesses that run Microsoft 365. Please don’t hesitate to reach out to us or, even better, request a demo and we can show you how it works in real-time.