How can electronic signatures be used to reduce the risk of identity theft ?
Electronic signatures are becoming more and more popular as companies are going digital, which is happening quicker and quicker! Private individuals are no different either, as they’re using them more and more as well. However, a lot of you have probably already wondered whether there is a risk of someone stealing your identity through the use of electronic signatures, or how you can best protect your personal information online. Our first tip: never give anyone the SMS code that is sent to your mobile phone, as someone could use it to electronically sign a document in your name! It’s also important to note that electronic signatures are very strictly regulated by the European eIDAS regulation. This regulation standardises the different laws of all the member states on this issue, provides a level of trust to relationships between signatories and reinforced the legal framework by creating the Trust Service Provider statute (TSP), to offer recognised services in Europe. As such, electronic signatures guarantees both the integrity of a signed document, as you can be sure that the content will not be modified in your name, and the identification of the signatories, as they have the same probative value as a handwritten signature. For both handwritten and electronic signatures, identify theft is a major issue that needs to be tackled. So how do electronic signatures help to defend you from identify theft, and what guarantees can we give you regarding the protection of your personal information? Read on to find out.
Let’s start from the beginning…
Are electronic signatures legally recognised in France?
The answer is yes, but only under certain conditions. To demonstrate the legal value of an electronic signature, the signatory must be identified in a reliable way, and the integrity of the signed document must be guaranteed. This is therefore a legal operation. In France, Article 1367 of the Civil Code defines the electronic signature as proof which is equally effective as a handwritten signature. Electronic signatures are therefore accepted in courts of law, as their reliability is recognised.
Different signature levels for different levels of protection
The eIDAS regulation provides for three signature levels: simple, advanced and qualified. These three types of signature are executed using different electronic identification methods, allowing you to better manage the risks of identity theft. However, the electronic signature is not just a technical matter. This is indeed a legal operation, but one which need not detract from the user experience. It’s for this reason that a fourth level has developed within the market: advanced with qualified certificate.
The simple electronic signature is issued without a personal certificate in the name of the signatory and is based on personal information (phone number, email address) provided by the person who wants the document signed. Our simple signature process is reinforced and acquires greater legal value thanks to the addition of an authentication stage via a code sent to the signatories by text message.
The advanced signature uses more reliable identification methods and requires the creation of a certificate issued in the name of the signatory, containing information taken from an ID document that they send. The identification documentation is managed by a TSP. The level of identification is higher with this type of signature. There is also an authentication stage via an SMS code, which is essential to complete the signature.
The advanced signature with a qualified certificate is completed with a certificate that requires the signatory to send an ID document and for there to be a face-to-face meeting between the future certificate holder and the opérateur d’enregistrement. The registration operator will physically check the signatory’s identity in addition to their ID document, thus ensuring that the information is accurate. The issued certificate can then be classed as “qualified”. As with the simple and advanced signatures, this type of signature must be authenticated through the use of an SMS code.
As for qualified signatures, they are done using a qualified certificate and a qualified device for creating signatures. They carry a presumption of reliability. In this case the identification is presumed to be reliable, leading to a reversal in the burden of proof. As such, it is the person who questions the identity that will need to prove that it’s false.
In summary, the higher the security level of a signature, the more checks there are to confirm the identity of the signatory, either in person or remotely, thus reducing the risk of identity theft.
Timestamps also provide an additional level of security and thus help to guarantee the integrity of the document you’re signing. As a certified TSP, in accordance with the eIDAS regulation, our electronic signatures always include a qualified timestamping service. Remember, a qualified timestamping guarantees the existence of a file at a given date, and that it has not been modified since (principle of integrity).
What guarantees do we offer for the protection of your personal data?
The security and confidentiality of the personal data of our users are at the heart of our business. As such, the security measures that we implement go beyond the requirements established by the European eIDAS regulation. We also ensure data is processed securely and guarantee our users’ rights related to their data, in full compliance with GDPR requirements.
Our platform is renowned for its high levels of security. We were actually awarded security visas by the French National Cybersecurity Agency (ANSSI), allowing us to identify the most reliable IT solutions. These visas guarantee that holders have been assessed by certified laboratories, in accordance with a rigorous and proven method.
The role of Trust Services Providers in the protection of your identity
We are a long-standing player on the trust services market and one of our founding principles is to guarantee equal treatment of our customers and signatories. As a TSP, we can guarantee eIDAS compliance of signatures as well as the integrity of signed documents. We also ensure that all signature processes are clear and explicit, so that signatories can give informed consent.
And finally, we couldn’t finish this article without giving you some practical advice1 to help you protect your data better online and avoid any kind of identity theft.
- Conceal your email address and phone number when signing up to websites or posting adverts online to avoid someone using them to steal money from you, for example;
- Use strong passwords to protect yourself from cyberattacks;
- Watch out for any suspicious emails that you might receive.