When it comes to selecting e-signature technology, lenders are well advised to think in terms of digital signature technology, as well.
E-signature technology is seeing rapid adoption in the mortgage industry. Today, most, if not all, mortgage lenders accept e-signatures in some form, regardless of what stage they are at in terms of e-mortgage adoption.
Although this rapid adoption is being fueled mainly by regulation (for example, the Consumer Financial Protection Bureau’s new “Know Before You Owe” rules required lenders to update their systems, which resulted in many of them adopting e-signature and e-document technology), lenders are also recognizing that e-signature technology is essential for achieving operational efficiency and, as the mortgage process increasingly moves online, borrower satisfaction.
Also propelling adoption is the fact that e-signatures are being accepted by more and more organizations across the industry – for example, government-sponsored enterprises Fannie Mae and Freddie Mac as well as the Federal Housing Administration now accept e-signatures on almost all mortgage documents.
Despite the fact that e-signature technology has been around for more than 20 years and has been in use in the mortgage industry for over a decade, many people still do not fully understand how the technology works. One of the most glaring examples is the general lack of understanding regarding the difference between electronic signatures and digital signatures. Ask any mortgage professional what the difference is, and he might say there is no difference or they are one in the same.
Although electronic signatures and digital signatures have many similarities, they are not the same. An electronic signature, like its paper equivalent, is a legal concept. According to the U.S. Electronic Signatures in Global and National Commerce (E-SIGN) Act, an e-signature is an “electronic sound, symbol or process attached to, or associated with, a contract or other record and adopted by a person with the intent to sign a record.” Basically, an e-signature is any method for signing a document electronically. But, the definition includes other elements because one needs a system of hardware and software in order for an e-signature to take place.
Therefore, by definition, an e-signature system provides a method of signing (e.g., the borrower either clicks on a button on his or her computer screen or signs an electronic pad or tablet); facilitates data authentication (i.e., the signature is linked to the data contained in the documents); facilitates user authentication (the signature is linked to the borrower’s profile in order to authenticate his or her identity); and captures intent (the system “records” what the borrower sees on screen and signs in a way that demonstrates the borrower’s intent).
A digital signature, on the other hand, is a type of e-signature that uses encryption to provide a higher level of security. Digital signatures are based on public key infrastructure (PKI) technology and, thus, guarantee signer identity and intent. They also ensure data integrity and the non-repudiation of signed documents. Because a digital signature is encrypted and embedded in the e-document, it cannot be copied, tampered with or altered – at least, not without someone immediately knowing about it.
What’s more, because digital signatures are based on standard PKI technology, they can be validated by anyone – without the need for proprietary verification software. This is a huge advantage over e-signatures, which use proprietary technology for authentication.
The key difference is how the two technologies handle authentication. Today, lenders using e-signature technology alone are using different types of multimedia in order to authenticate electronic signatures. For example, a digitized image of a handwritten signature, a symbol or a voice print can be used to identify each person who electronically signs a document. Because of this, e-signatures require proprietary software to validate the e-signature and authenticate the borrower’s identity.
Because e-signature systems are proprietary, the level of security provided and the ability to authenticate can vary greatly between systems. What’s more, because encryption is generally not used, electronic signatures tend to be more vulnerable to copying and tampering when compared with digital signatures.
There is a misconception that one must choose between a system that supports e-signatures and a system that supports digital signatures. However, it isn’t really a “one or the other” decision, as these two technologies are increasingly being used in complementary fashion. These days, digital signature technology is essentially layered on top of the e-signature technology to provide additional security and ease of authentication.
As explained by Steve Bisbee, president and CEO of document management technology firm eOriginal, digital signature technology is basically a subset of e-signature technology – and most lenders today are using systems that combine the two technologies.
“Today, having both capabilities is preferred,” Bisbee tells MortgageOrb. “The digital signature capability is what travels with the document … it is what seals the document and makes it tamper-proof.”
Bisbee says one of the disadvantages of using only e-signature technology is that it is trickier to authenticate the signatures. In order to do that, he says, a borrower’s signature must be associated with a “profile” or borrower metadata that is hosted by a third party on a remote server or in another secure system. Therefore, with e-signature technology, “you always have to draw a path back” to the user’s profile in order to authenticate a borrower’s signature. In other words, one server must “phone” a third party’s server in order to authenticate the signature.
With digital signatures, however, the borrowers’ metadata is encrypted and stored with the signed document, making authentication much simpler and faster. “The digital certificate is what seals the doc, and it is also the identity of the organization that is managing the transaction,” Bisbee explains, adding that eOriginal has built a PKI engine into its software to [authenticate] at the user level, as well.
Although digital signatures have a clear advantage when it comes to authentication, they present their own challenges – not the least of which is that the U.S., unlike Europe, lacks an independent entity that manages the PKI.
“With a digital signature, there is a digital certificate – it is token-based – and when I say token, it could be a hardware-based token, such as a PCMCIA card, or a software-based token,” Bisbee explains. “In Europe, and in other countries around the world, that is what constitutes a qualified electronic signature – having that software or hardware token – because it works with your national identity card or business identity card. So, it is having a national ID card that allows you to sign those types of documents.
“But, because Americans just are not comfortable with the idea of having an national ID card, multimedia comes into play,” he adds. “For example, there’s the ability to use a voice signature – a borrower can agree to sign by making certain statements. We have a way of taking that voice recording and embedding it into the document using the digital signature. It’s a way of using something other than one’s handwriting to execute a document.”
“The problem with individual digital certificates is that, in order to do that, you need someone who is running an official certificate authority-type organization,” Bisbee explains. “Let’s say you want to buy a house in Switzerland, where they have national ID cards, and you wanted to do the transaction all electronically. Well, in Switzerland, you would have to go to the local post office, and you would have to apply for a digital certificate, using your national ID card. Without that digital certificate, there is no way for you to complete that transaction electronically. So, the key [with digital signatures] is that you need to have the public infrastructure – it has to be managed in order for it to work properly.”
Bisbee says a lot of the early state laws pertaining to electronic transactions required companies to use digital certificates, but “the federal law did away with that, because [having to get a certificate] didn’t encourage adoption by users, especially at the consumer level.”
The bottom line is this: Although many e-signature solutions on the market today may meet the baseline requirements of the E-SIGN Act, lenders looking to minimize the risk of unenforceable records should consider choosing an e-signature solution built on digital signature technology.