Booz Allen Hamilton
Email This Page

Resource Center 

E-Signature Project Pitfalls

This article is a summary of a recent Webcast by Silanis Chief Technology Officer Robert Al-Jaar, PhD, who has overseen hundreds of e-signature implementations. To download the Webcast, click here.

So you have decided to implement e-signatures - a technology that will radically improve your organization's efficiency and auditability. It's important to remember that an e-signature implementation, like any other project, entails risks that are easy to avoid with careful planning. Read on to find out how. . .

All together now

We are all familiar with the risks of any new IT project: delays; cost overruns; stovepipe solutions ; lack of adoption; and non-compliance with rules and regulations. E-signature projects are not immune to these risks.

In Dr. Al-Jaar's experience, the mistake that can lead to the biggest headaches is also the most common.

"Not involving everyone in the project planning, from the very beginning, will guarantee problems later on," he warned.

For example, he said, "If your risk and compliance people are not involved, development time and effort could be wasted, and your project could be delayed in the 11th hour, while you try to address compliance requirements."

In other words, legislative, regulatory and internal policy-related compliance should all be a concern up front. But that's not all.

"Remember that business representatives are familiar with the process, with all of its exceptions, nuances, bottlenecks and trouble spots. They are the ones who will provide the basis of your requirements from a usability, functionality and process point of view."

IT and operations departments will also have their own concerns to address before going live, such as scalability, support for existing platforms and systems and reliability.

All of these interests may conflict with each other, which is why it’s important to balance everyone’s needs, and gain consensus, before choosing a solution and beginning to integrate. Executive involvement is especially crucial to negotiate this balancing act and to make sure the project remains a priority.

Consider the digital evidence

Electronic signatures help to protect your organization by providing lasting proof that your clients, partners or suppliers agreed to a transaction. But not gathering enough evidence to successfully defend your organization, should a dispute arise, can be a major pitfall.

When it comes to digital evidence, there are several things to consider.

Most people recognize that user authentication is an important element of a compliant and auditable electronic signature: you need to be able to identify all parties to the transaction, and be able to prove their authentication at the time of signing. For the various types of user authentication and how to choose the right approach, click here

WYSIWYS (What You See Is What You Sign) is also "a very critical component," said Dr. Al-Jaar, “but you would be surprised to learn how many solutions out there do not address this basic concept.”

An organization using e-signatures must be able to present documents exactly as they appeared to the signer. That means that you need a lasting record of the transaction as it appeared at the time of signing, regardless of the end users’ Web browser, or whether there have been changes to your Web site since then.

"If an end user’s Web browser alters the appearance of a contract, even slightly, the document and signature validity could be called into question."

When dealing with Web-based e-signing, it is not enough to have a single, signed electronic record as evidence. Lack of control over end-user systems and settings, along with constantly changing Web site content, can make it difficult to prove which steps the signer(s) took to arrive at the final signed document. To address this, a process signature™ creates a secure link between the process the signer went through in his/her Web browser and the resulting e-signed record.

Finally, signed records must not only be complete; they must be easy to access and present to a judge. "Reams of data and log files are useless in court," said Dr. Al-Jaar.

"What's more, complete and convincing evidence will actually help keep you out of court in the first place, saving you thousands of dollars in legal costs."

Capturing intent

Confusion between digital signatures and electronic signatures is common, and can lead people to believe that PKI and digital signatures are enough to ensure the best possible legal evidence, and protect you, should you ever go to court. They're not.

The term "digital signature" refers to an encryption technology, and while many people think it can take the place of an electronic signature, it is missing an essential element: intent.

An example would be the ‘signature’ any Microsoft Outlook user can configure to appear automatically at the end of an e-mail; while it affirms that the person wrote and sent the e-mail, it does not prove that the person accepted (intended) to be bound by its contents.

Electronic signatures and digital signatures work best when used together. Silanis e-signature solutions, for instance, use digital signatures to ensure that e-signed documents have not been tampered with. For more on the difference between the two, please click here.

Too much security at the expense of usability

Simply deploying e-signature technology is not enough to reap its benefits; people also have to use it. Organizations implementing e-signatures can best promote user adoption by ensuring that the technology is easy to use.

'The challenge here is that the easiest-to-use software is not secure enough, and the most secure software is unusable," said Dr. Al-Jaar. "Security, ease of use and cost are often in conflict."

For a whitepaper on achieving the right balance between security and usability, click here.

The importance of branding nearly always comes as a surprise to those new to implementing e-signatures for external-facing processes. But if the Web is a key channel for customer acquisition or service, your organization cannot afford to overlook it.

The e-signing process should integrate seamlessly with your site for a consistent experience. After spending tens of thousands of dollars establishing your Web presence and attracting visitors to your site, the last thing you want is for a user to end up on an external site, with your logo as the only consistent brand cue.

Building instead of buying

"There has been a significant increase in the number of companies buying versus building, compared to several years ago, when the e-signature market was less mature," said Dr. Al-Jaar.

Although homegrown solutions are less common, some organizations still attempt to build an e-signature solution themselves, under the presumption that it will cost less. It is a mistake to look at the initial licensing cost that you will avoid, and think you will save money. In the long run, the TCO is higher for in-house solutions.

In the words of one Silanis customer, “We're in the mortgage business. The time we would spend working on this technology would take away from the time we spend working on our site, improving our customers’ experience, improving our systems. . . . ”

For more on the Build versus Buy question, read this feature article.

Underestimating the rate of adoption

Dr. Al-Jaar often recommends planning for a phased deployment, so that users, agents and support staff can adapt to the change. But even when taking a phased approach, do not underestimate the number of people who will opt to sign online.

"Even we have been surprised at the rate of adoption, once customers have gone live," recalled Dr. Al-Jaar.

In one case, a customer reached its predicted 12-month e-transaction volume the first week-end after going live. Although the organization's Marketing Department was thrilled, the Operations Division had not anticipated such a high load, and quickly upgraded the supporting infrastructure to ensure optimal performance.

"Planning for strong adoption right away and choosing a solution that will scale to support it will always make for a smoother deployment, and we advise all of our clients to do so."

Planning for training and support is an oversight that often causes issues after implementation. A key part of the deployment, training must be well-timed, and target the right people: IT, help desk and operations. With the right solution, consumer end-user training should not be necessary.

"If a consumer or citizen needs to be trained on how to use a solution, there is something wrong with the design, said Dr. Al-Jaar.

"Everyone expects something that is easy to use."

Not all hope is lost!

You don't need to look far to see successful e-signature projects. Silanis has the experience to take you live fast, and avoid these pitfalls and others. To learn about successful e-signature implementations in your industry, have a look at these case studies.