Technology

E-Signatures: A New Avenue for Forgery?

While convenient, this technology also creates new fraud risks.

September 13, 2010
/ PRINT / ShareShare / Text Size +

Laws permitting electronic signatures have been around for a decade, but implementation by credit unions has accelerated in just the last year.

E-signatures are becoming more popular because they enable a member to sign electronic loan documents remotely over the Internet. While quite convenient, this technology also creates new fraud risks.

What’s an e-signature? This term can be confusing as it refers to a broad category containing many definitions.

In short, laws allow any type of sound, symbol, or process to be considered an e-signature, including:

  • A member typing his name on an electronic form or website;
  • A member clicking a box on a website;
  • A recording of a member’s voice;
  • Signing an electronic pad, also referred to as a digitized signature (usually done in-person, not remotely); and
  • A digital signature, which is different than the digitized signature and the most complex.

Digital signatures involve a mathematical encryption process that uses digital certificates and public/private keys to create a secure digital signature on an electronic document. Vendors use digital signatures in different ways, which adds to the complexity.

For example, some vendors issue individual digital certificates to each signer of a document, while other vendors use a common digital certificate to protect the document at the server level.

More credit unions are moving to emerging technologies, such as e-signatures, because they improve their operations and member service. Unfortunately, technologies such as e-signatures bring their own unique risks for credit unions to address.

The primary risk exposure when conducting remote transactions with e-signatures is the ability (or inability) to authenticate a signer’s identity. When a credit union no longer can examine a person’s physical identification, witness the signature, have documents notarized, or compare the signatures to other documentation, this opens the door to potential member identity theft by criminals attempting to secure loans.

Remote transaction fraud, which includes unauthorized access to online banking and impersonation of members through transfer requests received via fax or telephone, is the fastest growing loss area under CUNA Mutual’s Fidelity Bond coverage.

How can credit unions mitigate this risk? In addition to transferring the risk through the use of insurance, one effective way credit unions can reduce their exposure is to make use of authentication tools their vendors offer.

For example, a vendor-provided online registration process, which requires signers to validate their identities, will verify information against a third-party database, reducing the potential for fraudulent loan acquisition.

Finally, it’s important to note traditional bond policies only provide forgery coverage for handwritten signatures on original written (paper) documents. CUNA Mutual was the first insurer to introduce coverage for digital signatures in 2000, but it requires the use of individual digital certificates and digital signatures for each signer.

CUNA Mutual continually monitors and evaluates enhancements for new coverages and is now evaluating requests to offer broader coverage for other forms of e-signatures on loan documents.

This type of coverage isn’t usually automatically included in a bond. We encourage credit unions to contact their insurance representatives to discuss coverage requirements and options.

ROGER NETTIE is staff underwriting specialist for CUNA Mutual Group’s Fidelity Bond program. Contact him at 800-356-2644, ext. 7154. Bond coverages are underwritten by CUMIS Insurance Society Inc.

Follow Up

John Jacobs
September 14, 2010 9:06 am
Hello Roger, You have made very valid points in this article, thank you for sharing your expertise. I am with eOriginal, an electronic signature provider. I certainly agree with your views on potential fraud; as we all know, you can’t stop one from attempting fraud, but you can protect yourself against it. Implementing electronic or digital signatures into your business processes can prove to be beneficial in many ways. When executed properly, electronically signed documents can be validated much easier and faster than a document signed with wet-ink. Authenticating an individual prior to giving access to documents electronically is important and in any case should be considered as the first priority. Front line authentication such as access to an email account, hyperlink access or a simple user name are great first steps but users should be cautioned if this is your only line of ID authentication. Additional protocols, could and often times should also be in place to validate the ID of your signers. Individual security codes (delivered by an alternate means of communication) are great first steps to ensuring your signers are who they say they are. For additional assurance, ID validation services can be added, that compare “out of the wallet” questions (pulled from multiple public databases) and the answers provided by your signers to further create reasonable assurance that the signer is who they say they are , both are services eOriginal can provide to customers who want and need an extra level of ID verification. If you would still like even more proof of ID make sure the solution you chose allows for scanned images (i.e. drivers licenses, alternate forms of ID, etc.) to be entered, bound and recorded within the documents audit trail. Overall having multiple layers of ID authentication is your best bet to protect yourself against fraud.


Flag Comment as Offensive

Post a comment to this story

What's Popular

Popular Stories

Recent Discussion

Your Say: Should CUs Impose Age Limits for Directors?

View Results Poll Archive