Secure “virtual room” service builds trust in electronic signatures and digital agreements
Couldn’t attend Transform 2022? Discover all the summit sessions now in our on-demand library! Look here.
Making deals and signing deals in a face-to-face meeting seems almost quaint. Soon they will probably be a thing of the past, replaced by digital agreements and document signing.
Yet, with this entirely virtual back and forth, how do you know if a document is real and legitimate? That it comes from the person it’s supposed to come from? That the signatory is not a hacker?
The Web3 world ultimately requires a more sophisticated approach to digital agreement security.
To address this issue, cybersecurity firm OneSpan today announced the general availability of its Virtual Room cloud service, a secure environment for organizations to offer real-time support.
MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, California.
“Security must be woven throughout the transaction process given the patch-quilt nature of today’s cloud – and this is where the e-signature market falls short as e-signature companies don’t are not security companies,” said Matthew Moynahan, president and CEO of OneSpan. .
The virtual data room market is young but growing: it is expected to reach $3.2 billion by 2026, representing a compound annual growth rate (CAGR) of 14.5% over 2021.
Similarly, the digital signature market will reach $42 billion by 2030, up $4.4 billion from 2021, at a compound annual growth rate (CAGR) of 28%.
OneSpan’s new product competes with those offered by iDeals, SecureDocs, ShareVault, Ansarada and Citrix ShareFile.
“The number one attack vector today is targeting people with the intent of stealing their credentials,” said Jim Lundy, founder and CEO of Aragon Research.
This makes user authentication vital for transactions, he said. And for documents that need to be highly secure, this process has traditionally been slow and cumbersome. This sparked what he called a “race” to digital onboarding, which allows users’ identities to be digitally verified in minutes rather than hours or days. In particular, it becomes a “hot use case” for new account openings.
But electronic documents require higher levels of identity verification and validation – users must meet a series of identity requirements such as biometric verification (e.g. facial ID) and use passwords. unique. Only when the user is verified are the documents presented, Lundy said.
Organizations are increasingly adopting credential management and advanced multi-factor authentication that generates tokens. It’s a “proven and more secure way to prevent user credential phishing attacks,” he said. Similarly, to further speed up the process, content AI (artificial intelligence) is increasingly being used which automatically validates user documents such as driver’s licenses and images via image verification.
But in addition to these tools, organizations need to train their IT and C-suite staff, Lundy said. “There are very sophisticated spear phishing attacks that target both IT admins and executives,” he said.
In today’s ‘anywhere economy’, consumers expect convenient digital experiences and want to interact with businesses through remote channels instead of meeting in person. The evolution of electronic signature and digital agreements has reinforced this.
Yet when e-signature providers first appeared, most documents were simple forms, Moynahan said. Now? High value agreements including contracts, mortgages and loan agreements are processed digitally. This market has grown due to its convenience and accessibility; security and compliance features “have been dropped,” Moynahan said.
Likewise, video conferencing platforms are increasingly used and add a level of security.
“The thought was if you can see the other person and watch them sign, they must be who they say they are,” Moynahan said.
But off-the-shelf video conferencing tools pose serious security risks. We “live in a world of insecure links”, and video conferencing platforms don’t always offer authentication and verification capabilities to confirm if someone joining a virtual meeting via a web link is who they say they are. be.
He pointed to the so-called “zoom-bombing” at the start of the pandemic with the almost overnight adjustment to remote living. This particularly highlighted how easy it is for anyone to access video conferencing links.
Although Zoom was quick to add password features, these aren’t always enforced, he said. E-signature providers such as DocuSign work with video conferencing and enterprise communication platforms, but this doesn’t always involve identity verification or capture all events that occur in the signing process. Additionally, hosts or signers (or both) can easily revoke access with the “remote control” and accidentally sign on each other’s behalf.
Real-time, digital transactions
In contrast, when entering OneSpan’s new virtual room, users must be identified and authenticated via email, login credentials, SMS, Q&A, or knowledge-based authentication and identity verification, explained Moynahan.
Then, legally binding electronic signatures are captured in real time, and co-browsing allows agents and customers to collaborate on documents and simultaneously review and answer questions.
Encrypting digital signatures helps ensure the security of data and agreements in transit and at rest, Moynahan said. Built-in security controls prevent participants from signing on behalf of others. An audit trail also maintains the integrity of signed documents by capturing signing privileges passed between participants, geolocation details, authentication, and signing order. In addition, virtual sessions are recorded.
The platform can be used by any industry looking for a human-assisted remote financial deal process, Moynahan said – including retail and corporate and personal banking, finance, wealth management, auto finance and healthcare companies.
For example, wealth management advisors can help clients select the right products and strike investment strategy deals, Moynahan said. Retail and corporate banking advisors can help customers open new accounts and manage changes to existing accounts. Other scenarios could include insurance policies and claims or financing services.
Preparing for a Web3 world
In the age of Web3 — the next iteration of the Internet — high-value transactions are happening digitally and in massive volumes with more complicated cloud workflows, Moynahan said.
But, “many of us have become so conditioned to simple click-and-doodle processes that we don’t think about the security of workflows or people interacting, especially for high-value transactions,” he said. he declared. “We just hope the SaaS provider does it for us when in reality they are not present in the whole business process.”
Our trust and integrity on the internet has been shattered due to deep fakes, fake news and unsafe links. “It’s really hard to tell what’s real anymore,” Moynahan said.
Cybersecurity must enter a whole new realm to protect these Web3 interactions, he said. As the threat landscape continues to evolve, so will attackers. They are ready to take advantage of it; they will seek to manipulate the integrity of digital agreements and their underlying artefacts, which are essentially the foundation of business and capital markets.
“It’s happened before, unfortunately,” Moynahan said. “Ultimately, it’s the company’s responsibility to restore that trust and integrity.”
VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.