As more firms digitise their operations, it is likely more confidential documents will need to be signed digitally. There are three types of e-signatures, but what ones are the highest security?
Electronic IDentification recently released a post on the difference between advanced and qualified electronic signature.
It stated that under the EU regulation electronic IDentification Authentication and trust Services (eIDAS), there are three assurance levels of e-signatures. These are: simple electronic signatures (SES), advanced electronic signatures (AES) and qualified electronic signatures (QES).
Electronic IDentification stated that companies need to consider their business needs when selecting the appropriate e-signature method. It states that the core differentiation between the three formations of e-signatures is with the level of security it provides.
It stated that SES is for low-risk scenarios, AES is for moderate risk with high-volume demands, and QES is a robust signature format that is suited for large financial transactions that need a high-level of security.
The post continues with a brief outline of SES. This is the most basic level of e-signatures and it is data on an electronic form that is used by a signatory to sign. For instance, SES accepts scanned signatures and webpage tick-boxes when accepting terms and conditions.
This method allows quick confirmations but does not ensure integrity or authenticity of the signed document and limits the reach of a company’s digital performance and offering, it said.
Next up, Electronic IDentification compared AES and QES.
It stated that the AES guarantees the authenticity and integrity of a signed document. These signatures are uniquely linked to the individual and capable of identifying the signatory. Additionally, the form being used must be tied to the signature data to ensure any changes are detectable.
Electronic IDentification stated that these requirements are most commonly met when using Public Key Infrastructure (PKI) technology. Digital signatures that use PKI technology qualify for the AES standard as defined by eIDAS. Examples of documents that might use AES include employment contracts, bank documents and one-time passwords sent through a text or email for login verification.
As for QES, these are the highest level of security for electronic signatures. These use a similar security protocol as an AES, but they require a Qualified Signature Creation Device that generates a QES certificate.
Electronic IDentification stated that in the EU, only Trust Service Providers (TSPs) and Certification Authorities, which includes Electronic IDentification, are eIDAS-approved organisations that can provide a QES certificate.
It added, “In addition, unlike AES, a QES requires face-to-face, or video verification of the signer as a prerequisite before being granted QES signatory capability. eKYC companies such as Electronic IDentification are equipped with automatic video identification to provide their customers with the freedom of remote identification. Once the user has been verified, they are provided with a unique PIN code to create a two-factor authentication of the signature user.”
See the full post here.
Copyright © 2022 FinTech Global
Copyright © 2018 RegTech Analyst