Security, Apathy Still Hamper Digital Signatures
October 21, 2002
When former President Bill Clinton signed the Electronic Signatures in Global and National Commerce Act in April 2000, there was wide speculation that e-signatures would transform not just financial services but e-commerce as well.
Now, two years later, expectations for digital signatures, like e-commerce itself, have been significantly scaled back, and what remains is something still useful but hardly what was originally envisioned.
"While e-signatures have been slower to catch on that people expected, it's not been so slow in the securities industry. Several online broker/dealers - such as Harrisdirect, E-Trade and Charles Schwab - allow you to open an account and begin trading," said Benham Dayanim, an attorney with Paul, Hastings, Janofsky & Walker of Washington, who lobbied for the bill's passage.
However, Dayanim continued, it's been harder to translate e-signatures to the mutual fund, mortgage and insurance industries, which were expected to be leaders in their usage because of the significant amount of paperwork and signatures involved in these types of financial transactions.
I Sign, You Sign, We All Sign
There are a number of reasons why e-signatures have not exactly taken According to Dennis Behrman, an analyst at Meridien Research of Newton, Mass., the law defines an e-signature as "any sound, symbol or process logically attributed to or associated with a given transaction" - which means there is no single e-signature standard. Typically, many firms hang back until a standard proves itself in the marketplace.
In fact, only a handful of mutual fund companies permit investors to open an account electronically, including Vanguard of Malvern, Pa. [see MFMN 1/29/01]. Invesco of Denver and Quant Funds of Lincoln, Mass. were two other early adopters [see MFMN 9/6/99, 5/8/00].
Pat Nunley, VP of enterprise infrastructure at Ameritrade of Omaha, Neb., makes a clear distinction between a digital signature and digital authentication, which allows a firm to be sure the person is who he or she says they are and hasn't just stolen the PIN.
Indeed, the issue of security is a thorny one.
While firms often require customers to provide personal information as an added security measure when making a transaction, there's still the chance that information has been stolen along with the PIN number.
"Digital signatures can be forged like a physical signature," Nunley said. As a remedy, he would like to see a physical key - like a smart card - in concert with some kind of biometric input, such as a fingerprint.
Unfortunately, the current tough economic environment hurts the development of such innovative security measures since nearly all IT budgets are being squeezed.
"What's required is a more secure online environment, where institutions can really identify who they are talking to," said Jean-Paul Carbonnier, an analyst at TowerGroup in Needham, Mass. "It's a matter of time." The mutual fund and brokerage businesses are "cyclical, and there's a lot of hunkering down, especially with new technologies where cost benefits are not clear."
Even if IT budgets were dedicated to such a solution, Nunley pointed out, the maintenance and storage of such keys would be a nightmare.
This might be a case where the government needs to step in and create some kind of entity to store and maintain those keys, he said. Leaving the creation of such a clearinghouse to the private sector might delay the adoption of electronic authentication indefinitely since various business interests might not be inclined to work together.
"I think it's going to be a while," Nunley said. Added to these security concerns are those stemming directly from 9/11 and the Patriot Act, which emphasizes a firm's need to screen customers and account activity (see related story, page 1).
This is not an environment ripe for experimental security measures.
But authentication technology is not all that is needed. Trey Robinson, marketing director at CyberTrader of Austin, Texas, said it's important that customers are able to fund an account in real time with an "electronic check" when they open it.
"That will be the real key," Robinson said. "That's the piece that has to fall into place. Without the digital funding part, the benefits of digital signatures are kind of limited."
But perhaps the greatest impediment to the adoption of e-signatures - regardless of the investment in technologies that would have to occur first to make them more secure - is quite elementary.
Digital signatures do not seem all that necessary.
"Frankly, e-signatures haven't proven themselves critical components in the industry. They're not a necessity, so people are not inclined to use them," said Meridien's Behrman.
Not on the Phantom Line
And, he continued, there are many people who have no intention of ever signing a document online.
"My grandparents aren't going to call a broker and tell him to send a check somewhere. It's just not going to happen," he said.