Wednesday, August 02, 2006

Electronic signatures for financial services - a background

Electronic signatures are core requirements for new account opening for financial services products. I certainly do not claim to be an expert in this area so I’m hoping to use this as a starting point, by laying out some of the issues that need to be addressed, and laying out a little of what I know as background.


What is a signature?

In simple terms a signature is a proof of identity or used to represent the intention of informed consent. Signing a document or contract is surrounded by a certain ceremony to reinforce the ‘will’ of the agreement – a signature is really not enforceable if the signing process was disguised or the agreement terms were hidden.

Wikipedia has some background on the meanings and traditions surrounding signatures.


A use case

Imagine that I go to Fidelity’s web site to apply for a new account. As a customer without a history with the institution there are various challenges to me opening a new account and signing an agreement as to my rights and obligations for running it.

Fidelity needs to enforce several steps:

  • Create a reusable identity for me
  • Ensure that I am who I say I am, and live where I say I live
  • Create a customer profile to enforce risk and Anti-Money Laundering controls
  • Gain and prove my acceptance of their agreement terms

In this online world they need to do all of this without ever seeing me in person, or seeing any physical evidence of who I claim to be. In the future, ensuring that I do not deny ownership of the account or agreement with its term is essential to the institution. Unfortunately non-repudiation is hard to achieve when an institution doesn’t already have a relationship me. In this case a signature without a valid and verifiable profile is worthless, either in the manual or online world.

Creating and confirming identity

The first step when setting up a relationship with a new customer is for the financial institution to create and confirm the customer’s identity. In its most basic form this is a set of some uniquely identifiable information about the customer, name, date of birth, residential address, social security number, etc. This provides a base identity for the person. A signature is then assigned to enable the customer to in future confirm they are who they say they are, for contracts and transactions, without having to re-examine their details in more depth.

In the paper application world, I would walk into a branch of Bank of America, fill in a form, present three forms of identification to the customer services rep and sign a ‘signature card’. The signature card provides a record of the customer’s signature for future reference if ever required to confirm the customer’s identity. In the US this signature card is rarely ever used. In France, for example, a certain percentage of checks written and signed by a customer must be compared to the signature on the signature card (a good reason why banks have been encouraging the use of plastic / electronic payment for years).

In the online world things work slightly differently, but the principles are the same. In this world I’ll go back to the Fidelity web site. I fill in a series of personal details that enables them to uniquely identify me. This enables Fidelity to pull my credit report from Equifax. Here I am presented a series of questions to confirm the providers of certain services that are listed on my report over the last few years. The combination of correct answers for these questions enables Fidelity to be reasonably sure that I am who I say I am, especially as the credit report is tied to my social security number and mailing address. After filling some more information I have to select a username and password for access to my new online account. For low value or low risk accounts (standard brokerage accounts being one), this is considered enough identification to authenticate my agreements and transactions with the username / password combination as my signature.


Legal background

For commercial consumer, especially financial services transactions, there are two key laws addressing the issue of electronic signature.

The Uniform Electronic Transactions Act (UETA) provides a uniform state legal framework for electronic transactions. This gives them the same legal weight as equivalent paper based processes and wet signatures.

The Electronic Signatures in Global and National Commerce Act (E-SIGN) provides a federal backdrop for electronic signatures, governing situations where there is an absence of state law, or states make changes to UETA.

Special provisions have been put in place to protect consumers, controlling when organizations can demand the use of electronic transactions and documents and how organizations ensure that customers have the facilities to accept electronic delivery of documents.

The financial services industry has looked at providing best practices and rules, combining electronic records and signatures issues. This is the Standards and Procedures for Electronic Records and Signatures (SPeRS).

Wikipedia refers to additional laws.


Summary

As you can see, many of the issues in financial services related to signatures are tightly coupled with validating, managing and authenticating the identity of an individual. The approaches that organizations take to perform this in an online world mirrors what is required in a paper world. For higher value and higher risk products the current online model is considered insufficient and much work is needed to strengthen both the signature and general identity management issues.


More to come

In the next post I will address some of the deeper issues around electronic signatures as they relate to higher value or higher risk accounts, as well as the hot topic of biometrics.


Technorati tags:

5 comments:

Bruce Silver said...

If only it were that easy. Yes it's true Fidelity lets you set up a brokerage account instantly online. But you want checkwriting and a debit card on that account? Download and print a PDF, fill and sign, snail mail in. I did it a week ago and I'm still waiting. The paper "signature card" lives on!!

Phil Ayres said...

Bruce, it sounds like you are 6.5 days ahead of me here.

And there you go, you spotted the veneer of automation that Fidelity manages to put around the account opening process. Many other institutions don't even manage that.

BPM, integration and identity management has a lot to offer in this area, but the vendors need to work with the finserv industry to find out what they are comfortable with in terms of risk.

Its a big money area that could really be for the good of the consumer. When you can apply online in minutes you can switch accounts easily, which forces a good deal more competition than there is now.

Here's hoping that you can get your snail mail application sorted in the next few weeks. The big issue then will be whether Fidelity can manage and find records of your application (or even enter the data correctly) so that in the future you can get good customer service, and they can avoid other potential issues.

Fingers crossed on your paper signature card. I bet the last time a human eye even looks at your signature is when they take it out of the envelope you mail it in. And that would be fine if a machine new how to handle it!

Either way, Fidelity is better than Scottrade - they can even take electronic funding of the account!

Cheers
Phil

Bruce Silver said...

I'm sure they will have no problem with the customer service part. They do that etremely well. And I understand why you would need a signature image to validate paper checks, although it seems they could allow one to upload a scanned signature (users would probably screw it up...). I even understand why you might need it for a credit card, where the transactions are validated by a signature. But a debit card? Makes no sense.

Phil Ayres said...

Bruce, its good to hear that Fidelity has great customer service. This suggests that they capture enough information in the initial online application for things to run smoothly. One of the biggest issues in account opening is typically poor data entry from paper applications, leading to incorrect customer information, which in turn leads to poor service and incorrect product recommendations. Next is the inability for customer service reps to get access to paper documents, leaving them with an incomplete set of information to respond to a customer's issues. As I say, fingers crossed that your paper applications make it into the system successfully, otherwise as you are no doubt aware, they will have no record of you even submitting them.

My guess is that the signature for the debit card is to allow for international usage. For example, my Bank of America debit card is Visa, so I can use it anywhere in the world - many places do not use the debit card PIN, instead performing a standard credit swipe and signature.

By the way, thanks for taking the time to expand on your account opening/maintenance experiences.

Cheers
Phil

Phil Ayres said...

For anyone interested in identity issues, Kim Cameron's Identity Weblog talks about some of the identification verification issues I addressed in this post around the Fidelity/Equifax checking.