Credit unions all over the country are seeing the benefits of e-signatures—increased member satisfaction, online lending and efficiency. But if you’ve started looking for an e-signature vendor, you probably know how confusing the process can be. You don’t just need a vendor that will make it easy to sign online, you also need someone that will keep your members’ personal information safe.
Every vendor says you can trust them, but how do you know who to believe? The only way to really know how to pick an e-signature vendor is to know the right questions to ask. John Harris, an e-signature expert and our very own director of product management, suggests that credit unions ask these three questions to pick a secure and compliant e-signature vendor.
1. What options will I have to prove the identity of my signers?
When you’re dealing with account openings and loan applications, it’s important to know who’s signing your documents. This is even more important when someone is signing remotely. That’s why some e-signature vendors offer a feature called “identity authentication.”
Here are some of the options for identifying your signers:
Email Authentication: The signer gets an email with a secure link to access and sign the document. The fact that they’re able to access the email is seen as a very basic way of proving their identity. This is a low cost option that should only be used for low-risk transactions or in situations where you know and trust the signer.
Shared Secret Questions: This type of authentication lets you pick a question to ask signers based on some information you already know about them. Many credit unions use this type of authentication to ask members their account number or the name of the branch where they opened their account.
Cell Phone Authentication: This method sends a unique code via text message to the signer’s cell phone. This is a popular choice for credit unions because it’s easy and members love it—after all, most of your members already take their phones with them everywhere.
Knowledge-Based Authentication (KBA): If you’re dealing with a high-value or high-risk transaction, KBA authentication is the way to go. Signers are asked to enter their date of birth and social security number, and then they’re prompted with a set of multiple-choice questions pulled from a database of 30 years of public records. Questions could be “What year was the Jeep you owned in 1987?” or “Which North Carolina county have you lived in?”
It’s important to pick an e-signature vendor that lets you change the authentication for each person in the transaction. For example, you might already know and trust your employees, so you could set their authentication level to be “email only.” But if you have members or members’ spouses signing remotely, you might want to use a higher level of identity authentication.
2. How will my documents be protected against tampering?
It seems like every day you hear about another financial institution suffering a data breach or digital security flaw. In the past, someone would have to break into your branch to tamper with your members’ signed documents. But today, an advanced hacker could access your documents without stepping foot in your offices. That’s why you need to make sure your documents are protected against tampering.
Some e-signature vendors offer a feature called “tamper evidence,” which can protect your documents from hackers and fraudsters alike. This feature alerts you if anyone makes even a small change to the document.
You should pick an e-signature vendor that protects your documents throughout the signing process—not just at the end. Some vendors only secure the document from tampering after everyone has signed. This leaves you open to risk because the second signer could change the terms of the agreement after someone has already signed the document.
SIGNiX adds a tamper-evident seal to the document with each signature and initial applied to the document, which means you don’t need to worry about in-transit tampering. We also offer a Signature History feature that can show you an image of what the document looked like when it was signed. This helps to protect you if someone ever claims, “It didn’t look like that when I signed it.”
3. What happens to my signed documents if I switch vendors?
This is definitely the most important question, and many credit unions overlook it. Most of our competitors prove documents are authentic (they haven’t been tampered with) by giving you a link back to their website. That might not seem like a big deal, but it’s actually critically important for your credit union.
If someone ever challenges one of your documents in court, you’ll need evidence to prove the document is authentic. If you use a company that only links back to their own website to give you legal evidence, you’re putting your credit union at risk.
What if the e-signature vendor gets acquired, goes out of business or changes their technology? What if they raise their prices and you don’t want to use their services anymore? Because the evidence isn’t contained in the document, it doesn’t belong to you—it belongs to the vendor.
If you try to get the legal evidence in one of those situations (or even without an Internet connection), all you'll get is a message saying "404 Error – Web Site Not Found." I’ve seen enough episodes of Law & Order to know that would get ripped apart by an attorney in court.
In contrast, the legal evidence for SIGNiX’s e-signatures belongs to your credit union because they’re based on standards. All of the information you’d need to prove a document in court is contained within each signed document, and you can easily view it using any free PDF reader software.
That means you don't have to be a SIGNiX customer or even be connected to the Internet to prove your documents are authentic. You can see who signed, when they signed and if the document has been tampered with after signing without even leaving the document.
This is essential because, as anyone who ever used a Blackberry knows, technology changes incredibly quickly. If you base your credit union’s business on a specific technology rather than published standards, you're putting your credit union at risk. In fact, you’d be safer continuing to use paper processes than to use a vendor that doesn't embed standards-based signatures with every signature and initial into your signed documents. Yes, using is a lot more expensive and less efficient than e-signatures, but that would be better than using a technology that puts your credit union at risk.
If you keep these three questions in mind, you can be sure you pick an e-signature vendor that you'll be happy with—not just today but decades down the road.