The digital transformation of companies is moving forward due to changes the way of working and one of the most obvious effects has been the digitization of processes and, among others, of document signing processes (contracts, authorizations, etc.). In this sense, according Lleida.net, the use of electronic signatures increased by 598.81% compared to June 2020- 2019 and by 609.44% compared to December 2020 , with December 2019. This means that the electronic signature is used in a large number of documents and in documents with increasing economic importance, so that security becomes essential. In this post we are going to talk about the difference between authentication and identification so that you know how to recognize a secure electronic signature.
Difference between authentication and identification
The key for the electronic signature to allow companies to implement digital transformation is to find a balance between security and customer satisfaction, that is, if the signature is secure, but involves great complexity for the customer, their experience will not be good and will abandon the purchasing process. Finding that balance means growth of transactions. But what is the difference between authentication and identification? Let us take a closer look:
- It is the process of verifying the identity of the user, that is, it is verified that someone is who they claim they are. The verification of a person in the case of a physical signature is simple through its ID, passport, or driver’s licence, however, to make an electronic signature it is necessary to prove through the mobile or other device to prove the user is who you they say.
- It consists of analysing the user’s digital credentials before giving them access to the electronic signature process. There are several forms of authentication:
- The signatory receives an email with a link providing access to the signature process. The moment the signatory clicks on the link, he is authenticated because the email address is unique.
- Access credentials. The signatory logs in with a valid username and password and thus accesses the contracts waiting to be signed. For example, when entering your Bank online, we enter our ID number (user) and a password. With these data the system understands that the identity of the user is valid.
- SMS or OTP (One Time Password). Another way to authenticate a user is through an SMS text message and a one-time password. The password is sent to the signatory’s phone number, who adds it to the page where the document to be signed is located.
- Security questions. The user must answer one or more security questions before accessing the signature process, the answers are known to the sender and the signatory and, we speak of shared information. The questions can be static or dynamic, so that they are always the same or change randomly and only the signatory knows the answer.
- Digital certificate. The user uses a digital certificate issued by a trusted service provider and certification authorities
- Biometric data. Used for operations with a higher risk and therefore they need more security. We are referring to fingerprints or facial recognition measurements. Fingerprint authentication is widely used in businesses. First of all, employees’ fingerprints are stored in a company database. subsequently to access the company offices, the fingerprint will be read by placing the finger on the fingerprint reader. This allows you to access the office or to leave it.
What is the security of the electronic signature based on?
- The regulation of the electronic signature through the eIDAS Regulation implies the establishment of a series of requirements that must be met for the electronic signature to be secure:
- First, the electronic signature must allow the signatory to be unequivocally identified.
- Second, the integrity of the signed document must be ensured. In other words, it is important to know that the document has not be tampered.
- Finally, the signatory cannot reject or deny that he has signed the document, that is, the non-repudiation of the signed document must be ensured.
Summing up, although the COVID-19 pandemic has boosted the use of electronic signatures, the need to compete digitally by companies has meant that this tool has come to stay and be used, every time, in more areas of the companies.