Mass Mutual e signature
Email This Page

Resources 

Frequently Asked Questions

Security

Are e-signatures secure?

Yes. Once a document is signed electronically, it cannot be altered in any way without visible detection. Any attempt to alter or delete the content or signatures will automatically render the document and electronic signatures visibly invalid.

What are the top security features to look for in an e-signature solution?

  1. User authentication
  2. Data authentication
  3. Process control
  4. Process evidence

User authentication is the process of identifying an individual and ensuring that the person is who he or she claims to be. Data authentication, on the other hand, is the process of verifying the information contained in a signed document to ensure that it hasn’t changed since it was signed. Electronic transactions can be controlled by workflow rules to reduce the risk of non-compliance and errors. The importance of process evidence is to prove exactly what took place at every stage of the document review and signing process.

What is the difference between user identification, authentication and attribution?

Identification takes place the first time you conduct a transaction with an online user. Common approaches to user identification are self-identification (user enters personal information about themselves) and third-party identification (when that information is verified against a third party verification service such as Equifax).

User authentication is the process of verifiying credentials entered by a user. The most common approach and widely accepted standard for user authentication in online transactions is user name and password. Digital certificates, tokens or biometrics are other options for very high risk processes.

Attribution is the process of associating a signature to an individual. This is a unique challenge in a face-to-face environment when the method of signing is click-to-sign. Attributing the signature is important to be able to demonstrate who was 'holding the mouse". The best approaches for establishing attribution are voice signature, SMS password and affidavits.

Does the law require a minimum level of user authentication?

In a word, no. The federal ESIGN law does not specify the type of user authentication to be used with e-signatures. The definition of an e-signature under ESIGN refers to user authentication in the phrase "a contract or other record . . . adopted by a person"; however, it does not specify how the signer should “adopt” the contract or record.

Ideally, the choice of a user authentication method should depend on the risk profile of the organization and the process it is automating. Smart cards with digital certificates may make sense when signing highly sensitive military requisitions, but are clearly not feasible, or even necessary, for consumers applying for a loan online.

What is the best way to identify and authenticate users over the web?

Consider how customer identity is verified in other remote channels, such as call centers and by mail. These processes identify applicants using out-of-wallet information, sometimes verified against third-party verification services.

Once a user's identity is established, it makes sense to issue electronic credentials for future transactions. Because most Web-based consumer-facing processes are one-time or infrequent, it is not practical or cost-effective to issue digital certificates or hardware-based authentication devices to end users. A better option is to use password or leverage electronic credentials that have already been issued for other processes.