In an era where digital transactions are increasingly the norm when conducting business, the integrity of electronic signatures is paramount in ensuring the authenticity and integrity of contracts, deeds, and other documents. However, with the rise in digital signature usage comes the inevitable threat of fraud by cybercriminals.
What is a Digital Signature?
A digital signature (or electronic signature/e-Signature) refers to any electronic process that captures a person’s intent to sign a contract or deed. In essence, it indicates legal acceptance of terms and conditions in the same way a written signature. Common types include:
- Click-to-sign: sign online and click “I accept” button
- Digital signatures: Encrypted to guarantee identity
- Biometrics: Capturing a unique attribute e.g. fingerprint or voice
- Video identify Verification
For background guidance of the use of eSignatures in England and Wales see previous blog.
What is Digital Signature Fraud?
There are several methods by which cybercriminals can exploit the digital signature process – from key theft and impersonation to the exploitation of software vulnerabilities and the manipulation of data. In all cases the end goal is to make it look like a document, deed, or contract has been legitimately signed.
This can lead to unauthorised transactions, contract breaches, the gaining of access to sensitive material, and identity theft. Digital signature fraud can have serious consequences including financial loss, reputational harm, and legal implications.
What is the status of current legislation on digital signature fraud?
The Ministry of Justice, at the recommendation of the Law Commission, set up an industry working group (IWG) to consider the position in relation to electronic signatures. Amongst other challenges considered its final report, published in March 2023, explores how best to use electronic signatures to optimise their benefits when set against the risk of fraud.
Here are some its recommendations:
- The importance of advice: The giving of advice, consultative interactions, and verbal agreements can provide reassurance that the proper processes have been followed as well as establishing intention and understanding.
- Recording the signing: Using technology to record and preserve the evidence surrounding execution of a contract or deed provides and accurate and lasting record of the signing. It is possible to use video or voice recording of the signing process further to confirm the identity of the parties present and their state of mind when signing the deed or acting as a witness to a signature.
- Follow a robust process: All parties should be directed to follow a required process with established checks and safeguards. In addition, all parties should be required to acknowledge that they’ve followed the necessary procedures validly to sign and witness a contract or deed, providing clearer evidence of understanding and agreement than solely relying on documentary proof.
- Reduce the risk of coercion: To reduce the risk of a person being subject to coercion or duress, or at least make it easier to expose duress when it has occurred, an electronic signing platform should track the behaviour of the signer to show the amount of time taken to review, read and sign each page of a contract/deed. This approach can provide greater assurance as to the specific steps a signatory had taken in signing the document and the time taken to absorb the provisions within, therefore establishing a significant audit trail of the activities undertaken by the parties in the act of signing and witnessing.
Identity verification is also vital to combating digital signature fraud
The identity of the parties to a contract or deed is of significant consequence when considering the implications arising from potential digital signature fraud. If a process is technically executed but is in fact carried out by an individual assuming the identity of another, the entire process is compromised.
The Department for Science, Innovation and Technology (DSIT) is working to set standards in the form of the UK digital identity and attributes trust framework, which includes rules and standards on privacy and data protection, fraud management, cyber and information security, alongside supporting governance and legislative measures.
As we move towards a more digital future, this framework will play a crucial role in shaping the landscape of digital signature transactions.Â
Need help?
If you believe you/your company is party to a contract or deed that has not been validly executed, or if you have been the victim of digital signature fraud our experienced team can help.