Secure ‘Virtual Room’ service adds trust to e-signatures and digital agreements

Closing deals and signing agreements in a face-to-face meeting seems almost strange. Soon they will probably be a thing of the past, replaced by digital agreements and document signing.

But with that fully virtual back and forth, how do you know if a document is real and legit? That it comes from the person it should be? That the signer is not a hacker?

The Web3 world ultimately requires a more sophisticated approach to digital contract security.

To address this, cybersecurity company OneSpan today announced the general availability of its Virtual room cloud service, a secure environment that allows organizations to provide real-time assistance.

“Security needs to be woven throughout the transaction process, given the patch-quilting nature of today’s cloud – and this is where the e-signature market falls short because e-signature companies are not security companies,” said Matthew Moynahan, president and CEO from One Span. .

The virtual data room market is a young but fast-growing market: expect to reach $3.2 billion by 2026, representing a compound annual growth rate (CAGR) of 14.5% over 2021.

Likewise, the digital signature market $42 billion by 2030, an increase of $4.4 billion from 2021 – a compound annual growth rate (CAGR) of 28%.

OneSpan’s new product competes with those of iDeals, SecureDocs, ShareVault, Ansarada and Citrix ShareFile.

“The main attack vector today is to attack people with the aim of stealing their credentials,” said Jim Lundy, founder and CEO of Research in Aragon.

This makes user authentication vital for transactions, he said. And for documents that need to be highly secured, that process has traditionally been slow and cumbersome. This has led to what he called a “race” to digital onboarding, which allows for digital verification of user identities in minutes versus hours or days. It is mainly becoming a “hot use case” for opening new accounts.

But electronic documents require higher levels of identity verification and validation – users must meet a range of identity requirements, such as biometric verification (e.g. facial identity) and one-time passwords. Documents aren’t presented until the user is authenticated, Lundy said.

Organizations are increasingly adopting credential management and advanced multi-factor authentication that generates tokens. This is a “more secure and proven way to prevent user credential phishing attacks,” he said. Likewise, to further speed up the process, content AI (artificial intelligence) is increasingly being used that automatically validates user documents such as driver’s licenses and images via image verification.

But in addition to such tools, organizations need to train their IT and C-suite staff, Lundy said. “There are very sophisticated spear phishing attacks targeting IT administrators and executives alike,” he said.

In today’s “everywhere economy” consumers expect convenient, digital experiences and want to interact with businesses through external channels rather than meeting in person. The evolution of the electronic signature and the digital agreement has reinforced this.

But when electronic signature providers emerged, most documents were simple forms, Moynahan said. Utilities? High-quality agreements such as contracts, mortgages and loan agreements are handled digitally. This market has grown because of its convenience and accessibility; security and compliance functions “fell by the wayside,” Moynahan said.

Likewise, video conferencing platforms have grown in use, adding a level of security.

“The thinking was that if you can see the other person and see him draw, they have to be who they say they are,” Moynahan said.

But out-of-the-box video conferencing tools pose serious security risks. We “live in a world of insecure links”, and video conferencing platforms don’t always provide authentication and verification capabilities to confirm whether a person joining a virtual meeting via a web link is the person they claim to be.

He pointed to the so-called “zoom bombing” in the early days of the pandemic with the near-night adaptation to life at a distance. In particular, this highlighted how easy it is for anyone to access video conferencing links.

While Zoom was quick to add password capabilities, they aren’t always enforced, he said. Electronic signature providers such as DocuSign work with video conferencing and business communication platforms, but they do not always require identity verification and do not capture all events during the signing process. Also, hosts or signers (or both) can easily override access with “remote control” and accidentally sign on behalf of each other.

Digital transactions, in real time

In contrast, when entering OneSpan’s new virtual space, users must be identified and authenticated via email, credentials, SMS, Q&A or knowledge-based authentication and ID verification, explains Moynahan.

Then legally binding e-signatures are captured in real time, and cobrowsing allows agents and customers to collaborate on documents while simultaneously viewing them and answering questions.

Digital signature encryption helps ensure data and agreements are secure in transit and at rest, Moynahan said. Built-in security controls prevent participants from signing on behalf of others. An audit trail also maintains the integrity of signed documents by recording signing rights passed between participants, geolocation data, authentication, and signing order. Furthermore, virtual sessions are recorded.

The platform can be used by any industry looking for a third-party, human-assisted financial agreement process, Moynahan said — including companies in retail and corporate and personal banking, financing, wealth management, auto financing and healthcare.

For example, wealth management consultants can help clients select the right products and complete investment strategy agreements, Moynahan said. Advisors at retail and corporate banks can help clients open new accounts and manage changes to existing accounts. Other scenarios may include insurance policies and claims or financing services.

Prepare for a Web3 world

In the era of Web3 — the next iteration of the Internet — high-value transactions are happening digitally and in massive quantities with more complicated cloud workflows, Moynahan said.

But “many of us have become so conditioned by simple click and scribble processes that we don’t think about the security of the workflows or the people interacting, especially for high-value transactions,” he said. “We just trust the SaaS provider to do this for us, when the truth is, it’s not there in the entire business process.”

Our trust and integrity on the internet has been violated by deep fakes, fake news and insecure links. “It’s really hard to say what’s really more,” Moynahan said.

Cybersecurity must enter a completely new domain to protect such Web3 interactions, he said. As the threat landscape continues to evolve, so will attackers. They are ready to take advantage; they will try to manipulate the integrity of digital agreements and their underlying artifacts, which are essentially the foundation of business and capital markets.

“Unfortunately, it has already happened,” Moynahan said. “Ultimately, it is a corporate responsibility to restore this trust and integrity.”