hr en
© 2019. IT Sistemi. All rights reserved | Privacy Policy | Cookie Policy
Made with love by SAPUN.

Electronic signature


From dematerialization of paper to digitalization on all channels

Optimize FTE consumption and reduce operating costs

Many processes involve the creation of documents that need to be authenticated by one or more signatures. In the case of receipts for bank counter transactions, calculations show that the life cycle cost of such a document is approximately € 0.1 per document, and when they are all added up, at all locations, we come to noticeable costs.

By implementing an electronic signature solution, depending on the size of the organization, the return on investment varies from 3 months to a year.

Reduce operating costs.

Savings from 3 to 8 million HRK per year depending on the amount of documents created.

Speed up business processes.

Up to 20% time savings when signing multiple documents at once or in situations where the document has multiple signatories.

Eliminate unnecessary background jobs.

Reduce paper circulation, printing, storage, searching, and the likelihood of document loss.

Easier to control business risks.

Detailed traceability of work with documents and the possibility of automatic escalation in case of irregularities are ensured.

Easier to control internal and external frauds.

Automatic signature validation by the system.

What can you sign with an electronic signature?

Everything that has been signed by hand so far, in relation to the user or internally, you can replace with electronic:

  • in a branch or store– for example, signing a bank transaction on a signature screen,
  • outside the branch, in the field – for example, signing the insurance policy on the tablet of the sales representative,
  • remote signing – for example, any external signatory on your own device,
  • internal signing – for example, employment contract and NDA.
e-signing scenarios

Types of electronic signature

eIDAS

eIDAS (electronic Identification and Trust Services) – Regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market, which from 1 July 2017 must be applied by all members of the European Union.

According to this regulation, 3 types of e-signatures can be distinguished:

  1. Simple electronic signature – any signature in electronic form (e.g. signature in an email), has no special legal requirements and is considered an e-signature with a placebo effect.
  2. Advanced electronic signature – ensures provability by being uniquely linked to an identifiable signatory. It is unique to the signatory and under his/her exclusive control and attached to the document, so that it becomes invalid if the content changes. Biometric and HTML5 signatures are most commonly used.
  3. Qualified electronic signature – is equivalent to a handwritten signature and indisputable. It requires the signatory to hold a personally qualified certificate and to pass certain identity checks by the Certification Authority. The signature must be stored and used with a secure signature creation device (QSCD – Qualified Signature Creation Device).

Biometric e-signature

Biometric signatures transfer the process of signing and verifying signatures 1: 1 from the world of paper to the digital world. Signatories sign with a pencil and, if necessary, the graphologist performs a forensic analysis, thus verifying a previously recorded handwritten signature against a set of available known signature samples, either from digital or paper-based sources.

Recorded biometric signature data contains behavioral features of a handwritten signature, which include:

  • time data on the rhythm of writing – speed and acceleration,
  • graphics – slope and slope difference
  • and optionally – the pressure.

These dynamic parameters are unique to each individual and cannot be reproduced by counterfeiters.

biometrijski potpis

HTML5 e-signature

HTML5 signature

In implementations of simple and advanced e-signatures, HTML5 e-signatures are often used for remote signing when both parties communicate virtually.

Looking at the user experience, there are 3 functionalities available:

  • Click to Sign: signing is done by clicking on the checkbox.
  • Type to Sign: signing is done by typing the name using the keyboard.
  • Draw to Sign: Signing is done by writing with your finger or pen on the touch screen.

HTML5 e -signatures can include additional authentication according to one or more factors: email, PIN, OTP (SMS), LDAP, OAUTH (LinkedIn, Xing, Facebook, etc.).

It provides real-time signing and does not require signatories to download and install additional software.

Choose the optimal e-signature according to your needs

The choice of signature type depends on several factors. One of the more important arguments that needs to be considered when making such a decision is the level of legal and financial importance of the signed documents.

For more valuable and important documents, types of signatures are selected that are legally more difficult to dispute. Another important factor is the signing scenario.

Signing at the counters

For example, for counter-signing, a good choice are signatures created by hand-signing on the signature screen, simply for the reason that users are accustomed to this type of signing. With such a choice, as a rule, there is no resistance to the introduction of technological change.

Online signing

On the other hand, if we are talking about signing documents in online scenarios, e.g. web applications, a much better choice are signatures based on one-time certificates. For example, financial contracts, especially those of higher value, are signed with qualified electronic certificates (QEC). With the proviso that instead of QECs based on local devices (USB sticks or SD cards) remote certificates is introduced, the use of which does not require additional hardware or software.

Signing a large amount of documents

With remote certificates, a choice is also possible. For employees who sign a large amount of documents (e.g. management positions, procurement, etc.), the so-called long-term certificates, in other words, those that have a duration of several years, whereby they can be used repeatedly.

Occasional signing

For employees or business partners who will sign several documents per year, a better choice are one-time certificates, ie those that are issued ad-hoc and used to sign only one document.

The prerequisites for e-signing are becoming less and less

Prerequisites always exist. But the natural course, the evolution of e-signing solutions leads in the direction that the technical prerequisites are less and less.

For example, qualified electronic signature, until recently it was possible to create only using a certificate card. That meant the need for a card reader, for drivers. It was often limited to a specific operating system, did not work in virtualized desktop environments, never worked on mobile platforms, and the like.

Today, a qualified electronic signature can be created using a web module, with authentication with a one-time password sent via SMS. So the only prerequisite is a mobile device.

Of course, for handwritten electronic signatures it is necessary to have hardware, ie “screen” and “pen”. Until recently, this meant an additional signature screen connected to the client’s personal computer. Today, it is increasingly a standalone tablet or 2in1 device that can be used for various other applications (e.g. document scanning, marketing, etc.).

Minimal engagement of your IT department

E-signature solutions can be used as cloud services or can be executed in your own data centre. Both approaches have their pros and cons.

With cloud services, the need to engage internal IT is almost non-existent. But in scenarios where an additional level of security is required, in the sense that it is necessary to avoid the exit of documents signed from the organization, the cloud is not an option. Of course, the on-prem model requires certain additional resources and knowledge of the IT department.

An additional potential engagement of local IT is in defining integrations. For e-signature systems, it is minimally necessary to define input and output integrations, ie the ways in which documents will enter that system and how and where they will be returned after signing.

There are numerous of options, the choice is actually a matter of calculation based on the number of repetitions of the integration scenario and the cost required to automate a particular integration. The system can be used completely manually (e.g. manual uploading of documents through the user interface), but also fully automated (e.g. that the signatory sees the signature document as part of a business application, without even being aware that he used a “third party” to sign component).