Technology

E-Signatures: A New Avenue for Forgery?

While convenient, this technology also creates new fraud risks.

September 13, 2010
/ PRINT / ShareShare / Text Size +

Laws permitting electronic signatures have been around for a decade, but implementation by credit unions has accelerated in just the last year.

E-signatures are becoming more popular because they enable a member to sign electronic loan documents remotely over the Internet. While quite convenient, this technology also creates new fraud risks.

What’s an e-signature? This term can be confusing as it refers to a broad category containing many definitions.

In short, laws allow any type of sound, symbol, or process to be considered an e-signature, including:

  • A member typing his name on an electronic form or website;
  • A member clicking a box on a website;
  • A recording of a member’s voice;
  • Signing an electronic pad, also referred to as a digitized signature (usually done in-person, not remotely); and
  • A digital signature, which is different than the digitized signature and the most complex.

Digital signatures involve a mathematical encryption process that uses digital certificates and public/private keys to create a secure digital signature on an electronic document. Vendors use digital signatures in different ways, which adds to the complexity.

For example, some vendors issue individual digital certificates to each signer of a document, while other vendors use a common digital certificate to protect the document at the server level.

More credit unions are moving to emerging technologies, such as e-signatures, because they improve their operations and member service. Unfortunately, technologies such as e-signatures bring their own unique risks for credit unions to address.

The primary risk exposure when conducting remote transactions with e-signatures is the ability (or inability) to authenticate a signer’s identity. When a credit union no longer can examine a person’s physical identification, witness the signature, have documents notarized, or compare the signatures to other documentation, this opens the door to potential member identity theft by criminals attempting to secure loans.

Remote transaction fraud, which includes unauthorized access to online banking and impersonation of members through transfer requests received via fax or telephone, is the fastest growing loss area under CUNA Mutual’s Fidelity Bond coverage.

How can credit unions mitigate this risk? In addition to transferring the risk through the use of insurance, one effective way credit unions can reduce their exposure is to make use of authentication tools their vendors offer.

For example, a vendor-provided online registration process, which requires signers to validate their identities, will verify information against a third-party database, reducing the potential for fraudulent loan acquisition.

Finally, it’s important to note traditional bond policies only provide forgery coverage for handwritten signatures on original written (paper) documents. CUNA Mutual was the first insurer to introduce coverage for digital signatures in 2000, but it requires the use of individual digital certificates and digital signatures for each signer.

CUNA Mutual continually monitors and evaluates enhancements for new coverages and is now evaluating requests to offer broader coverage for other forms of e-signatures on loan documents.

This type of coverage isn’t usually automatically included in a bond. We encourage credit unions to contact their insurance representatives to discuss coverage requirements and options.

ROGER NETTIE is staff underwriting specialist for CUNA Mutual Group’s Fidelity Bond program. Contact him at 800-356-2644, ext. 7154. Bond coverages are underwritten by CUMIS Insurance Society Inc.

Follow Up

John Jacobs
September 14, 2010 9:06 am
Hello Roger, You have made very valid points in this article, thank you for sharing your expertise. I am with eOriginal, an electronic signature provider. I certainly agree with your views on potential fraud; as we all know, you can’t stop one from attempting fraud, but you can protect yourself against it. Implementing electronic or digital signatures into your business processes can prove to be beneficial in many ways. When executed properly, electronically signed documents can be validated much easier and faster than a document signed with wet-ink. Authenticating an individual prior to giving access to documents electronically is important and in any case should be considered as the first priority. Front line authentication such as access to an email account, hyperlink access or a simple user name are great first steps but users should be cautioned if this is your only line of ID authentication. Additional protocols, could and often times should also be in place to validate the ID of your signers. Individual security codes (delivered by an alternate means of communication) are great first steps to ensuring your signers are who they say they are. For additional assurance, ID validation services can be added, that compare “out of the wallet” questions (pulled from multiple public databases) and the answers provided by your signers to further create reasonable assurance that the signer is who they say they are , both are services eOriginal can provide to customers who want and need an extra level of ID verification. If you would still like even more proof of ID make sure the solution you chose allows for scanned images (i.e. drivers licenses, alternate forms of ID, etc.) to be entered, bound and recorded within the documents audit trail. Overall having multiple layers of ID authentication is your best bet to protect yourself against fraud.


Flag Comment as Offensive

Post a comment to this story

heroes

What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive