Are Digital Signatures Legal for Credit Unions?

Many credit unions are adopting digital signatures as a fast and easy way to get documents signed online. But before you adopt digital signatures, it’s important to make sure the technology you pick will hold up to legal scrutiny.

Laws in the United States are pretty broad about what counts as a legal electronic signature. But just because a technology is considered legal that doesn’t necessarily mean it will have enough evidence to stand up if it’s challenged in court. 

Luckily, you don’t have to go it alone when figuring out if a digital signature vendor meets your legal needs. The American Bar Association (ABA) had 70 lawyers spend four years developing a document called the Digital Signature Guidelines.

Here’s what the ABA has to say about different areas you should look for in a digital signature service:

The Signer’s Identity Must Be Authenticated

Anytime you do business online, you need to know who you're doing business with, and digital signatures are no exception. If a signed document is challenged in court, you'll have to prove the signer’s identity.

There are a lot of different ways your digital signature vendor can prove a signer’s identity. Here are some common options:

• Email Authentication: With email authentication, the signer confirms their identity by clicking a link to prove they have access to their email account. 
• Shared Secret Questions: With secret question authentication, signers answer a question that you choose when you send the document. Common questions include the last four digits of an account number, the signer’s mother’s maiden name or any other questions that help verify the signer’s identity. 
• Mobile Phone Authentication: With mobile phone authentication, the digital signature service sends a text message to the signer with a randomly generated code. When the signer enters the correct code into the digital signature service’s interface, the signer’s identity is proven. This method is ideal for members looking for an inexpensive, multifactor authentication method that’s easy to use.
• Knowledge-Based Authentication (KBA): With KBA, the signer is prompted to enter their date of birth or social security number. If they answer that question correctly, they’ll have to answer a set of four questions based on a database of 30 years of public records. This is a well-known authentication method that pulls information from credit reports, public health records, town hall records and more. 

There Must Be Disclosure and Consent

It’s essential that your digital signature service provides a disclosure and consent page before your members can sign. The ESIGN Act requires this because they want to protect you and your members. With this step, your members are informed that they are about to commit a legally binding signature. This ensures that no one accidentally signs a document online thinking they were just reading it.

The Document Must Be Secure from Tampering

A digital signature is only as good as the security it uses. After all, what good is a contract if someone can easily tamper with it?

Some digital signature services offer a feature called “tamper evidence.” If someone tries to change any part of the document (even something as simple as deleting a space or capitalizing a word) there’s proof that tampering took place.

This feature gives you the highest possible level of evidence if someone claims one of your digitally signed documents was tampered with.

All Signers Should Have Access to the Document

It’s important that everyone who signs a document online has access to the document after it has been signed. The digital signature service should give your credit union and your signers a finished copy of the signed document.

All Actions Taken Should Be Documented

Most digital signature companies use audit trails (sometimes also called an audit log) to track the steps of the signature process. The audit trail is a powerful tool that can prove who signed a document and when they signed it. 

To get the most legal evidence possible, you should make sure your digital signature service logs the following events:

• Transaction creation
• Emails and notifications sent to any signer
• Signers consent to use e-signatures
• User authentication
• Documents viewed by each signer
• Signature creation (by each signer)
• Party agreement to/acknowledgment of document
• Transaction completion
• Document downloads after signing
• Cancellations and opt outs
• Changed party information

If you follow the American Bar Association’s guidelines, you can be sure you’ll have a host of legal evidence to support your digitally signed documents if they’re ever challenged in court.