User Authentication Best Practices for E-Signatures Wednesday February 25, 2015

Similar documents
Signer Authentication

Implementing Electronic Signature Solutions 11/10/2015

e-signlive Help Content

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Verizon Registration Process:

POPA MOBILE BANKING USER GUIDE

Identity Management as a Service

Transforming the Document Signing Process

Adobe Sign and 21 CFR Part 11

Verizon Registration Process:

Fingerprint Authentication Guide

Keep the Door Open for Users and Closed to Hackers

AUTHENTICATION IN THE AGE OF ELECTRONIC TRANSACTIONS

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

Authentication Methods

Managed Access Gateway One-Time Password Guide Version 1.0 February 2017

Account Access User Guide. How to login, make payments and manage your accounts. Any day, anytime, anywhere.

DigitalPersona Altus. Solution Guide

Century Bank Mobile. Android and iphone Application Guide

Red Flags/Identity Theft Prevention Policy: Purpose

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

Online Banking Wire Transfer Enrollment

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

New Paradigms of Digital Identity:

Biometrics problem or solution?

CIBC FirstCaribbean Mobile App. FREQUENTLY ASKED QUESTIONS (FAQs) Page 1 of 9

white paper SMS Authentication: 10 Things to Know Before You Buy

Monitise. RSA Adaptive Authentication On-Premise Implementation Guide. Partner Information. Monitise Mobile Banking Solution

Chapter 3: User Authentication

1.1. HOW TO START? 1.2. ACCESS THE APP

CIBC FirstCaribbean Mobile App. FREQUENTLY ASKED QUESTIONS (FAQs)

Making the Case for Digital Signatures

By accessing your Congressional Federal Credit Union account(s) electronically with the use of Online Banking through a personal computer or any other

esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5

Welcome to United Bank - Mobile Banking!

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

ITU-T SG 17 Q10/17. Trust Elevation Frameworks

Safelayer's Adaptive Authentication: Increased security through context information

Charter Pacific Biometrics Acquisition

Report HQ. Quick Start Guide. Report HQ Quick Start Guide - Version 1.2

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

IDENTITY THEFT PREVENTION Policy Statement

Contents KAS-WEB: MANUAL IDG OPERATOR

Lecture 41 Blockchain in Government III (Digital Identity)

DocuSign for the Applicant and Co-Applicant as part of DortCredit

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

American Bank s. Automated Online Banking Enrollment User s Guide. Automated Online Banking Enrollment

Lecture 9 User Authentication

Universal Representation of a Consumer's Identity Is it Possible? Presenter: Rob Harris, VP of Product Strategy, FIS

Sumy State University Department of Computer Science

Electronic and digital signatures in Adobe Sign for government.

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Terms and conditions of use for the Online and Mobile Banking Service

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Yubico with Centrify for Mac - Deployment Guide

DocuSign for Salesforce User Guide v6.1.1 Published: July 10, 2015

/ 1. Online Banking User Guide SouthStateBank.com / (800)

Contents. Multi-Factor Authentication Overview. Available MFA Factors

User Guide. esign Emcee is a trademark of esign Emcee. All other trademarks are the property of their respective owners.

Paystar Remittance Suite Tokenless Two-Factor Authentication

Page 1 of 10. The same process happens for the Applicant as well as a Co-Applicant.

/ 1. Online Banking User Guide SouthStateBank.com / (800)

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

Virtual Product Fair. Protect your agency data protect your business

Oracle Banking Digital Experience

Information Security Identification and authentication. Advanced User Authentication II

PSD2 webinar session - Q&A

Elders Estates Privacy Notice

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

System Administrator s Guide Login. Updated: May 2018 Version: 2.4

Commercial Card Expense Reporting: Program Administrators

Identity Theft Victim s Complaint and Affidavit

REACH Remote Deposit Capture

Mehmet İzzet Hacıalioğlu Digital Special Projects & Security Manager

Welcome to CSB on Command Frequently Asked Questions

Phone-Based One-Time Password without Proofing (Level 2) User Guide November 2017

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Identity Management. Rolf Blom Ericsson Research

WIRE TRANSFER ENROLLMENT QUICK REFERENCE GUIDE

Oracle Banking Digital Experience

Guide to Getting Started. Personal Online Banking & Bill Pay

Oracle Communications Services Gatekeeper

PS&R Backup Security Official, Admin, or User Registration PS&R Backup Security Official, Admin, or User Registration

CIS 4360 Secure Computer Systems Biometrics (Something You Are)

Personal Online Banking & Bill Pay. Guide to Getting Started

PS&R Security Official Registration

Authentication. Chapter 2

Identity Management: Setting Context

ONLINE BANKING USER GUIDE

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Financial scams. What to look for and how to avoid them.

Corporate Online. Introducing Corporate Online

GST Registration Guide

Notification Template Limitations. Bridge Limitations

ISSUE N 1 MAJOR MODIFICATIONS. Version Changes Related Release No. PREVIOUS VERSIONS HISTORY. Version Date History Related Release No.

Best Practices Guide to Electronic Banking

Mobile Banking User Guide App for Android and iphone

Transcription:

User Authentication Best Practices for E-Signatures Wednesday February 25, 2015

Agenda E-Signature Overview Legality, Authentication & Best Practices Role of authentication in e-signing Options and applications of user authentication techniques Live demo Silanis 2015 2

User Authentication and E-Signatures User authentication: validating a person s identity Prevent or detect fraudulent transactions Prevent repudiation of a signed document E-Signing: capturing intent Enforce a transaction, contract, agreement Is signing the same as authenticating a person? Historically, signature was seen as method of user authentication (i.e. checks) Identity fraud prevention and detection is not normally associated with signatures Repudiation of a signed document may void the business transaction Silanis 2015 3

User Authentication as a Process Identify: validate a credential or other data against claimed identity Web-based Identification Knowledge-based authentication (KBA) through online databases of credit information, DMV and other available information Credential: data, device or process to authenticate claimed identity Web-based credentials Passwords, tokens, digital certificates, biometrics User Authentication for web-based e-signatures Transactions requiring: personal data capture, document exchange, third party verification, payment and delivery of goods and/or services Reliability of user authentication increases with process Silanis 2015 4

Associate Affirmative act click SIGN Clear purpose to signature Apply at signature location for explicit intent i.e. consumer forms Implicit intent place button anywhere Authenticate Associate action to document and signature location Embed verifiable signature data in document and secure User ID/PIN Email address Shared secret Graphic signature capture SMS Passcode Online ID Service (KBA) Voice IP Address Silanis 2015 5

Balance Usability & Security Security safeguards should be in proportion to risk Security safeguards should be similar to security applied in paper process For most electronic signature and e-delivery processes, the goal will be to have the transaction, on the whole, be no riskier than the current processes. Pat Hatfield, Partner, Locke Lord LLP Silanis 2015 6

E-Signature Process Workflow Access Web app, Mobile app, Email, SMS, Transaction Manager, Integrated app UI NAVIGATION WORKFLOW USER MGMT NOTICATIONS Legal, Regulated E-Transaction Silanis Technology 2014 7

E-Signature Process Workflow Authenticate UID/PIN, Q&A, Email, SMS, KBA, External (SAML, Directory, Web UI NAVIGATION WORKFLOW USER MGMT NOTICATIONS Legal, Regulated E-Transaction Silanis Technology 2014 8

E-Signature Process Workflow Document Presentment On-screen, mobile, paper (hybrid), ADA UI NAVIGATION WORKFLOW USER MGMT NOTICATIONS Legal, Regulated E-Transaction Silanis Technology 2014 9

E-Signature Process Workflow Data Capture Form fields, controls, auto-fill, data merge and update, data return UI NAVIGATION WORKFLOW USER MGMT NOTICATIONS Legal, Regulated E-Transaction Silanis Technology 2014 10

E-Signature Process Workflow Document Upload Update document changes; Scan, upload or fax paper or digital documents UI NAVIGATION WORKFLOW USER MGMT NOTICATIONS Legal, Regulated E-Transaction Silanis Technology 2014 11

E-Signature Process Workflow Sign Click to sign, Write to sign on mobile phone or tablet, or on signature capture tablet UI NAVIGATION WORKFLOW USER MGMT NOTICATIONS Legal, Regulated E-Transaction Silanis Technology 2014 12

E-Signature Process Workflow Deliver Distribute documents during and after e-signing, deliver disclosures UI NAVIGATION WORKFLOW USER MGMT NOTICATIONS Legal, Regulated E-Transaction Silanis Technology 2014 13

Authentication factors Something the user knows Password to email account Shared secret, e.g. loan number ATM card PIN Something the user has ATM card Phone Something the user is Iris scan Silanis 2015 14

Biometrics Characteristics Universality Uniqueness Permanence Measurability Performance Acceptability Circumvention Process Enrollment Template storage Verification Template matching Silanis 2015 15

Knowledge based authentication False negative The user knows who they are but the system disagrees False negative rate How often are users turned back due to a failed identification attempt False positive An impersonator successfully identifies themselves as someone else False positive rate How often is the system allowing someone through that it should not Silanis 2015 16

The right authentication method for the right risk level Knowledge based authentication (KBA) is a last resort If using KBA, try using recent events as questions Make it hard for impersonators and easy for legitimate users Evaluate the risk first Consider what is being done in the paper world today Silanis 2015 17

User Authentication Methods Authentication Method Description Use Case Email Transaction is accessed from email account Low risk, internal processes e.g. NDA, expense reports User Name & Password Shared Secrets SSO Signer enters password to access transaction. Password management done by e-signlive and shared with signer. Signer agrees on series of challenge response questions in advance with rep who enters the data into e-signlive Signer logs on to Web application which embeds e-signature process within it Existing/repeat signers Call center processes or advisor-customer relationship. Online banking; any customer portal Smartcard, Token Individual s own digital certificate is used to sign Government agencies SMS Passcode User must enter one-time passcode received via Face-to-face, POS transaction SMS; two-factor authentication in combo with email KBA via Equifax Identification questions generated dynamically Account opening; customer acquisition Silanis 2015 18

USE CASE DEMONSTRATION 1. New business application (account opening) 2. Signer identification with, SMS text and KBA 3. Document and evidence review Silanis 2015 19

Questions? Silanis 2015 21

Next Steps Download the White Paper: User Authentication for E-Signature Transactions https://www.silanis.com/resource-center Silanis 2015 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback