Were you unable to attend Transform 2022? Check out all the summits in our on-demand library now! Look here.
Closing deals and signing agreements in a face-to-face meeting seems almost quaint. Soon they will probably be a thing of the past, replaced by digital agreements and document signing.
Still, with the completely virtual back and forth, how do you know if a document is genuine and legitimate? That it came from the person it’s supposed to? That the signer is not a hacker?
The Web3 world ultimately requires a more sophisticated approach to digital contract security.
To address this, cybersecurity company OneSpan today announced the general availability of its Virtual Room cloud service, a secure environment that enables organizations to provide real-time assistance.
MetaBeat will bring together thought leaders to provide guidance on how metaverse technology will transform the way all industries communicate and do business on October 4th in San Francisco, CA.
“Security must be woven throughout the transaction process given the patch-quilt nature of today’s cloud – and this is where the e-signature market falls short because e-signature companies are not security companies,” said Matthew Moynahan, OneSpan president and CEO.
The virtual data room market is a young but rapidly growing market: expected to reach $3.2 billion by 2026, representing a compound annual growth rate (CAGR) of 14.5% during 2021.
Similarly, the digital signature market will reach $42 billion by 2030, an increase of $4.4 billion from 2021 – a compound annual growth rate (CAGR) of 28%.
OneSpan’s new product competes with those offered by iDeals, SecureDocs, ShareVault, Ansarada and Citrix ShareFile.
“The number one attack vector today is targeting people for the purpose of stealing their credentials,” said Jim Lundy, founder and CEO of Aragon Research.
This makes user authentication essential for transactions, he said. And for documents that need to be highly secure, this process has traditionally been slow and cumbersome. This has led to what he called a “race” to digital onboarding, which allows user identities to be digitally verified in minutes versus hours or days. It is especially becoming a “hot use case” for new account openings.
But electronic documents require higher levels of identity verification and validation – users must pass a series of identity requirements such as biometric verification (facial identity, for example) and one-time passwords. Only when the user has been verified are documents presented, said Lundy.
Organizations are increasingly adopting credential management and advanced multi-factor authentication that generates tokens. This is a “safer and proven way to prevent credential phishing attacks,” he said. Similarly, to further speed up the process, there is increasing use of content AI (artificial intelligence) that automatically validates user documents such as driver’s licenses and photos via image verification.
But in addition to such tools, organizations need to train IT and C-suite employees, Lundy said. “There are highly sophisticated spear phishing attacks that target both IT administrators and managers,” he said.
In today’s “anywhere economy,” consumers expect convenient, digital experiences, and they want to engage with companies through external channels rather than face-to-face. The e-signature and the development of digital agreements have strengthened this.
Still, when e-signature providers emerged, most documents were simple forms, Moynahan said. Now? High value agreements including contracts, mortgages and loan agreements are handled digitally. This market has grown due to its convenience and accessibility; security and compliance functions “fell to the wayside,” Moynahan said.
Similarly, video conferencing platforms have grown in use and they add a layer of security.
“The thinking was that if you can see the other person and see them sign, they must be who they say they are,” Moynahan said.
But off-the-shelf video conferencing tools pose a serious security risk. We “live in a world of insecure links,” and video conferencing platforms do not always offer authentication and verification capabilities to verify whether a person joining a virtual meeting via a web link is who they claim to be.
He pointed to so-called “Zoom-bombing” in the early days of the pandemic with the almost overnight adaptation to remote living. This particularly highlighted how easy it is for anyone to access video conference links.
Although Zoom was quick to add passcode features, they aren’t always enforced, he said. E-signature providers such as DocuSign work with video conferencing and business communication platforms, but this does not always involve identity verification and does not capture all events that occur in the signing process. Also, hosts or signers (or both) can easily override access by “remote control” and accidentally sign on each other’s behalf.
Digital transactions, in real time
When entering OneSpan’s new virtual space, however, users must be identified and authenticated via email, credentials, SMS, Q&A or knowledge-based authentication and ID verification, Moynahan explained.
Then, legally binding e-signatures are captured in real-time, and co-browsing allows agents and customers to collaborate on documents while simultaneously reviewing them and raising questions.
Digital signature encryption helps ensure that data and agreements are secure in transit and at rest, Moynahan said. Built-in security controls prevent participants from signing on behalf of others. An audit trail also maintains the integrity of signed documents by capturing signing privileges granted between participants, geolocation details, authentication and signing order. Furthermore, virtual sessions are recorded.
The platform can be used by any industry that wants a remote, human-assisted financial deal process, Moynahan said — including retail and corporate and personal banking, financing, wealth management, auto financing and healthcare.
For example, wealth management advisors can help clients choose the right products and finalize investment strategy agreements, Moynahan said. Advisors in private and corporate banks can help customers open new accounts and manage changes to existing accounts. Other scenarios may include insurance and claims or financing services.
Preparing for a Web3 world
In an era of Web3 — the next iteration of the Internet — high-value transactions are happening digitally and in huge volumes with more complicated cloud workflows, Moynahan said.
But “many of us have become so conditioned to simple clicks and scribbles that we don’t think about the security of the workflows or the people interacting, especially for high-value transactions,” he said. “We’re simply relying on the SaaS provider to do this for us when the truth is that it’s not there in the entire business process.”
Our trust and integrity on the internet has been broken due to deep fakes, fake news and unsafe links. “It’s really hard to tell what’s real anymore,” Moynahan said.
Cyber security must move into a whole new realm to protect such Web3 interactions, he said. As the threat landscape continues to evolve, so will attackers. They are ready to take advantage; they will attempt to manipulate the integrity of digital agreements and their underlying artifacts, which are essentially the foundation of business and capital markets.
“It’s already happened, unfortunately,” Moynahan said. “At the end of the day, it’s a business responsibility to restore that trust and integrity.”
VentureBeat’s mission will be a digital town square for technical decision makers to gain knowledge about transformative business technology and transactions. Discover our orientations.