E-Signatures: A New Avenue for Forgery?
While convenient, this technology also creates new fraud risks.
Laws permitting electronic signatures have been around for a decade, but implementation by credit unions has accelerated in just the last year.
E-signatures are becoming more popular because they enable a member to sign electronic loan documents remotely over the Internet. While quite convenient, this technology also creates new fraud risks.
What’s an e-signature? This term can be confusing as it refers to a broad category containing many definitions.
In short, laws allow any type of sound, symbol, or process to be considered an e-signature, including:
- A member typing his name on an electronic form or website;
- A member clicking a box on a website;
- A recording of a member’s voice;
- Signing an electronic pad, also referred to as a digitized signature (usually done in-person, not remotely); and
- A digital signature, which is different than the digitized signature and the most complex.
Digital signatures involve a mathematical encryption process that uses digital certificates and public/private keys to create a secure digital signature on an electronic document. Vendors use digital signatures in different ways, which adds to the complexity.
For example, some vendors issue individual digital certificates to each signer of a document, while other vendors use a common digital certificate to protect the document at the server level.
More credit unions are moving to emerging technologies, such as e-signatures, because they improve their operations and member service. Unfortunately, technologies such as e-signatures bring their own unique risks for credit unions to address.
The primary risk exposure when conducting remote transactions with e-signatures is the ability (or inability) to authenticate a signer’s identity. When a credit union no longer can examine a person’s physical identification, witness the signature, have documents notarized, or compare the signatures to other documentation, this opens the door to potential member identity theft by criminals attempting to secure loans.
Remote transaction fraud, which includes unauthorized access to online banking and impersonation of members through transfer requests received via fax or telephone, is the fastest growing loss area under CUNA Mutual’s Fidelity Bond coverage.
How can credit unions mitigate this risk? In addition to transferring the risk through the use of insurance, one effective way credit unions can reduce their exposure is to make use of authentication tools their vendors offer.
For example, a vendor-provided online registration process, which requires signers to validate their identities, will verify information against a third-party database, reducing the potential for fraudulent loan acquisition.
Finally, it’s important to note traditional bond policies only provide forgery coverage for handwritten signatures on original written (paper) documents. CUNA Mutual was the first insurer to introduce coverage for digital signatures in 2000, but it requires the use of individual digital certificates and digital signatures for each signer.
CUNA Mutual continually monitors and evaluates enhancements for new coverages and is now evaluating requests to offer broader coverage for other forms of e-signatures on loan documents.
This type of coverage isn’t usually automatically included in a bond. We encourage credit unions to contact their insurance representatives to discuss coverage requirements and options.