Surrey Mui, Chief Information Security Officer at BNP Paribas in Hong Kong tells her missions in...
Electronic signature: more secure than a physical one!
Electronic signatures are the final step in dematerialization. By providing a way to sign documents both digitally and officially, they make it possible to carry out transactions entirely online. Subscribing to a service, signing a contract or an official document – all of these procedures can now be done in the blink of an eye, without the use of paper!
A mature technology
Following an initial European directive in 1999, a new European regulation provided a new legal framework for electronic signatures in 2014. They can now be used in most electronic transactions: to subscribe to a service, sign a contract, approve an accounting document – all from a PC, tablet or smartphone.
The technology offers many advantages including faster transactions, reduced paper waste and mailing costs and the option to digitally archive each document.
In fact, electronic signatures guarantee:
• Authenticity of both sender and recipient
• Integrity: the system detects any alteration in transmitted data
• Non-repudiation: neither party can contest the signed document.
Electronic signatures and digital signatures
When you receive a package, the delivery service sometimes asks you to sign on a digital tablet using a stylus…however this is not a “digital signature”!
Digital signatures appear on documents as a sequence of characters that certifies the identity of the signer and ensures the document’s integrity. It is not a digital representation of your hand signature.
How does it work?
- Digital certificate
Electronic signatures are managed by a recognized third-party, who issues a digital certificate so you can securely verify your identity. Functioning much like an ID card, the certificate can take one of two forms:
- Software, sent to your computer by the certification authority
- Material, secured on a chip card or USB drive
A digital certificate contains your identity, a public and private key (to encrypt and decrypt the signature) and the name of the certification authority that issued the certificate.
- Signing a document
When you “sign” a document, the electronic signature program creates a digital imprint through a process called “hashing”. Akin to a “digital summary” of the document and composed of a sequence of letters and numbers, each hash is unique with the slightest change in the document producing a different hash value.
The hash is then encrypted (coded) using the private key for your digital certificate. Next, the encrypted hash and public key are combined to form your digital signature, which is then appended to the document.
- Verifying a signature
When a signed document is opened (in Adobe Acrobat, Microsoft Word, etc.), the hash value is decrypted using the signer’s public key. Next, the verification software recalculates the document’s hash value –: as long as it matches the decrypted hash value, that means the document has not been altered in any way. The program then displays a message certifying the document’s integrity and the signer’s name.
Four security levels for electronic signatures
Electronic signatures come in several different security levels. If it is less important to verify the signer’s identity, then a Level 1 signature, without a digital certificate, will suffice. Level 1 signatures are used to sign up for basic services, subscribe to magazines, etc. But for other procedures, such as taking out a loan or life insurance policy and signing notarized deeds or accounting documents, a Level 2-4 signature using a simple or qualified digital certificate is needed.
Electronic signatures and banking
The banking industry has widely adopted electronic signatures , because they enable banks to offer new online services.
BNP Paribas allows its retail customers to sign online for contracts initiated and taken out at a local branch. This feature is also available for co-signers, so that both parties can sign the contract at their convenience with no need to travel to the bank – all through the convenience of their mabanque message system.
Some banks also offer electronic signature services to their corporate customers, so they can exchange certified documents and access services.
BNP Paribas provides businesses with certification* and electronic signature solutions, available via software or a USB drive, so they can complete a range of transactions online!
The BNP Paribas International Hackathon (June 17-19, 2016) brought together 96 startups, 350 BNP...
In 2017, BNP Paribas was listed on LinkedIn’s ranking of the 25 most sought-after employers in...