Top 5 e-signature security best practices for credit unions

When moving member-facing processes online with electronic signatures, security is a top concern for credit unions. It’s important to have confidence that your records will be reliable and enforceable in the event of a dispute or compliance audit, and that your member data is protected. To help with these concerns, we’ve compiled the 5 most important features you need to look for in an electronic solution.

1. Use Digital Signatures. Both the document and the electronic signatures should be protected using digital signature technology. The digital signature creates a digital fingerprint of the document (called a hash) that can later be used to verify the integrity of the electronic record. Even if the document is tampered with in the slightest way, the electronic signature will be visibly invalidated. This is a unique and significant advantage over the paper world, where it is not always possible to detect changes that have been made to a document. It is worth noting that applying a digital signature as an envelope to a document (once all signatures have been captured) is not a recommended practice. This approach leaves the document and signatures unprotected while the process is being completed and results in the wrong date and time stamp being placed on individual signatures. If a signer and co-signer e-sign a mortgage application on two separate days, you want that history reflected in the audit trail. Applying digital signature encryption as each e-signature is added to the application builds a comprehensive audit trail with a unique date and timestamp from when each signature was applied.

2. Embed the Audit Trail. All electronic signatures, time stamping and audit trails should be embedded directly within the document rather than stored separately in the cloud or a proprietary database. In addition to being more secure and easier to manage, there are two very practical reasons for this:First, document authenticity can be verified independently of the e-signature software. This means there is no need to worry if a verification link will be valid years later, or if it will give you a “page not found” error message. Whether or not you maintain an account on the e-signature service, or whether your vendor is even still in business, your documents will never be affected since you, your members and other stakeholders do not need to go online to verify the e-signed document.Second, you do not have to store the e-signed record in the e-signature service. For example, a new member application can securely travel through any email, storage or archiving system without being compromised. This enables you to manage e-signed records in a manner that meets your long-term records retention policies. In other words, the e-signed document can be indexed, stored and retrieved easily in the system of record of your choice and you can leverage your investments in those systems.As a general rule, always avoid e-signature solutions that require you to access a server to verify the signature or document. Not only will it create an inconvenience to your members, but it also introduces major problems in the event that you terminate your subscription, or the vendor goes out of business.

3. Make it Easy and Intuitive. Look for intuitive, one-click signature and document verification. If the verification process is too cumbersome, users may wrongly assume that the document and signatures are valid, without proper verification. For example, when verifying a document that has been e-signed with e-SignLive™, users click on the signature block. This opens the audit trail and automatically verifies both signer authentication and document validity. A red ‘X’ or green check indicates whether the document can be trusted. A one-click process such as this simplifies the user experience, leading to greater confidence in the e-signature and reassurance that any errors or fraudulent actions will be detected. Plus, there is no need to train any of your members on how to verify a document.

4. Gather Process Evidence. Digital processes should aim to strengthen a credit union’s legal and compliance position by capturing and reproducing stronger evidence than is possible with pen and paper. The majority of legal disputes call into question the clarity of the process or understanding of terms and conditions, with claims such as, “That’s not what I signed”, “I didn’t see the information / document”, and “I didn’t understand the information”. For this reason, it is not enough to simply secure an electronic document with a tamperproof electronic signature. An enterprise electronic signature platform should provide both document AND process evidence. Process evidence captures a record of all web pages, documents, disclosures, or pop-up windows that were displayed; emails or SMS messages sent; any image capture; IP address; as well as the time/date of each event.

5. Do NOT use Email to Distribute Documents Containing Private Member Information. There are many types of documents that may need to be shared with members; some require signatures, and some, such as consumer disclosures, may not need a signature but by law, must be delivered. Regardless of whether a signature is required or not, if a document contains member information and you need to be able to prove delivery of the information, email will NOT suffice. Firstly, email is not a secure channel; secondly, if emailing a PDF document to a customer, there is no way to be certain your members have the system requirements necessary to receive, open and view the PDF. How can you be sure that the font and layout of the disclosure will display exactly in accordance with the law? The recommendation here is to deliver documents and disclosures through a secure html page (one that the member logs into to view). From there, PDF copies of documents can be downloaded for their own files.

By following these 5 best practices, not only will you provide better service to your members through more streamlined processes, you’ll be able to more comfortably embrace electronic signatures knowing that you’re in a more secure legal and compliant position than if you were to continue transacting using pen and paper.

Related Resource: Security for E-Signatures and E-Records

About e-SignLive™ by Silanis
Credit unions of all sizes choose e-SignLive™ because e-signatures matter. With over 600 million documents processed annually, e-SignLive by Silanis is the most widely used e-signature solution in financial services. As CUNA Strategic Services’ Exclusive E-Signature Partner, we have helped many credit unions with a paperless process for member sign-up, loan fulfillment and more. We understand the unique credit union difference, and can help create a personalized digital and mobile experience for your members. Compliant, enforceable and secure, e-SignLive makes the online signing process easy and accessible. Contact us for special credit union pricing and learn how to get started with e-signatures right away, with no IT effort.