Often people ask us, “How do you know who signed?” when using the DocuSign electronic signature system. The answer? Use one or more authentication tools available to all senders.
DocuSign offers several authentication options designed to help our customers verify the identity of their signers. These signer authentication features are optional to the Sender, and can be based on the Sender’s assessment of transaction risk or need to comply with any relevant business or regulatory requirements. If applied, a Signer will have to satisfy the authentication steps before they can access the documents of a DocuSign Envelope and the results f the authentication written into the record.
DocuSign provides the most robust authentication options of any electronic signature provider in the market.
Email
For Recipients who access their Envelopes through DocuSign-generated email notifications (or “Remote Recipients”), their email address provides an implicit level of authentication. Because each email address is unique, when a person accesses an Envelope through the link delivered in email, he or she has demonstrated that he or she had access to that email.
This is a common practice for website interactions with their users, and is sufficient in many cases.
Access Code
In order to increase authentication over email, the sender may create an Access Code. Here, the Sender (sending application) establishes an Access Code or “shared secret” for a Recipient at the time of Envelope creation. The Sender must share this secret word or code with the Recipient via a phone call, email, or text message (commonly called “out of band”). Before the Recipient can access the Envelope, he or she needs to enter and validate his or her Access Code. If the signer does not know the Access Code, they cannot view or sign the document. They can request a new access code from the sender if they forgot it.
Access Code is very effective in situations with a touch-point between the Sender and Signer. Effectively using Access Code in a “touchless” solution is more challenging, such as when the Recipient is triggering the Envelopes through self-service processes.
ID Check
If a higher level of authentication is needed, Senders may choose ‘ID Check’. The ID Check process will request the signer provide some information such as last 4 of social security number, and a date of birth, and from this information along with the name being authenticated, will create a set of questions only that person could answer.
These questions are known as ‘out of wallet’ questions because they are based on information that cannot be found in a wallet. A Recipient must answer enough of the questions correctly—within a limited time– to access the Envelope. Considered “Knowledge-Based Authentication,” ID Check is provided through an integration between DocuSign and Verid, owned by RSA, and used by many of the top financial institutions nationwide. Because ID Check identifies a specific person based on background information at the time of signing, it provides very strong authentication.
As with the other authentication forms, the record of passing ID Check is written into the record.
STAN Authentication
STAN Authentication, specific to student lending and based on a Free Application for Federal Student Aid (“FAFSA”) PIN and the student’s basic personal information, is similar to Access Code and ID Check. Using this form of authentication incurs an additional per use fee and is only available via the DocuSign API.
Phone Authentication
With nearly everyone having a mobile phone with them all the time, Phone Authentication provides an excellent option for signer authentication. Phone Authentication ties the person to a known phone number that he or she has access to, and requires that he or she provides a biometric voice recording. These two elements combine to make Phone Authentication a very powerful, easy to use authentication option.
In a phone authentication session, the DocuSign service presents the signer with a validation code in the browser, then places a phone call to the signer. The signer is told to speak or enter the validation code tying the phone to the session. It also records the signer’s voice, creating a biometric ‘fingerprint’, stored with the record.
A key benefit of Phone Authentication is that it can be used anywhere in the world, compared to ID Check, which works with signers who have a US Social Security number. Some signers may also find Phone Authentication easier to use. There is an additional per-use fee for using this authentication check.
Custom Question
This feature is specific to In-Person Recipients, in the same place with a User of the Sending Account. During the signing process hosted by the Sending Account User, the Sending Account User is prompted to collect information that demonstrates the Signer’s presence. (Valuable because the Envelope is actually delivered to the host’s email address, not the Signer’s). Questions, such as “What is the Signer’s driver’s license number?” posed to the Sending Account User are fully customizable. DocuSign does not validate the answer, which is logged within the Envelope’s audit trail.
A very detailed document indeed as you said that Docusign gives several authentication options designed to help our customers verify the identity of their signers.Its really cool feature.
ReplyDeleteelectronic signature for sharepoint