By Courtney Macavinta
When Nancy Sinsabaugh was the interim director of student finance for the University of Minnesota, she and her colleagues undertook an ambitious goal: Create a virtually paperless, one-stop shop to allow more than 33,000 students to handle financial aid transactions online. The effort was part of a university-wide movement to shred paper-laden processes. And it would mean moving away from another old-school marker at many universities: Students having to wait in long lines and hand-sign for their loans. Instead, with the new paperless system, UM students would be able to use digital signatures in the form of a PIN to receive their financial aid awards.
By 2001, the University of Minnesota Paperless Financial Aid Office project was a reality. The financial-aid processing time was reduced from an average of six weeks to just four days, and staff, printing, and mailing expenses were reduced by $80,000 annually. The award-winning new system also saved 500,000 pieces of paper per year.
"When technology can limit manual transactions, that's the best way to use it. The staff was thrilled that they were no longer pushing paper and that their time was spent working with students who need individual help with the financial aid," recalls Sinsabaugh, now president of her own consulting firm, Transformation in Higher Education, based in Cambridge, Mass. "Students were thrilled because they could register, get financial aid, and get disbursements online."
The University of Minnesota was obviously ahead of the curve in implementing digital signatures to increase efficiency and improve services. In another example, the U.S Army started processing 100,000 forms via the Web to expedite the approval of combat patrols -- including verifying the identities of personnel via electronic signatures -- saving $1.3 billion and increasing efficiency.
It's a wonder more organizations aren't using e-signatures. In fact, it's been six years since the "e-sign" law (the Electronic Signature in Global and National Commerce Act) went into effect in the United States -- giving electronic and digital signatures the same enforceability under the law as handwritten signatures. In the years since, electronic signatures have helped organizations like the University of Minnesota streamline business processes, save money, and improve the security of online transactions. Despite these benefits, however, many organizations "still view electronic signatures with trepidation," according to a May 2006 Forrester Research report, E-Sign Here, Please.
"Things have been pretty slow -- it has not been the uptake we would have expected in the early days," says Paul Stamp, a Forrester senior security analyst who co-wrote the report. "In the U.S., most of the e-signature implementations we're seeing are based around a holographic signature -- an electronic image of an actual 'wet' signature. One of the problems is: What do we mean by electronic signature? We use a lot of electronic signatures and don't know it."
For example, forms of digital signatures could include clicking the "accept" button while buying something online, signing electronically on a pad when receiving a package or paying by credit card at a department store, or even just entering a PIN to withdraw money at a bank or to pay for gas.
Even though digital signatures are becoming more common in everyday life, organizations still have concerns about implementing them to eliminate paper processes or conduct business, Forrester reports. Among the concerns are:
- Cost There is concern about the expense of implementing authentication processes for various digital signature methods that require different levels of security.
- Standards Not having a common digital signature method within an organization can seem daunting.
- Legality Many organizations lack understanding about global laws regarding the validity of digital signatures and are concerned about which jurisdictions have authority over an e-signature or whether they'll hold up in a legal dispute. In short: Different regulatory environments around the world make it difficult to know when, where, and how to use e-signatures.
But given the global and electronic nature of many business transactions and processes, businesses are eager to use digital signatures.
"It seems that the business people are crying out for the solution, yet they are waiting for a silver bullet," Stamp says. "They are ready for it, but to develop the use-case scenarios of where they'd need [digital signatures] is difficult."
For CIOs who want their organizations to gain the benefits of digital signatures, experts say there are key issues to help alleviate concerns:
- Focus on flexibility How can CIOs create a flexible signature environment to meet varied legal environments and the requirements for specific transactions? "Some laws are created without thinking of the e-signatures," Stamp says. In fact, Forrester reports that "it's unlikely that the heterogeneous legal environment will ever allow firms to have one standard way that electronic signatures are deployed. Therefore, they should create an environment that allows them to use electronic signatures in flexible ways -- meeting requirements for business transactions, regulations and laws, and local customs."
- Explore e-signature directives Stamp points out that there hasn't been much in the way of legal precedent around digital signatures. Global organizations must also accept that laws vary state-to-state and country-to-country. For starters, organizations need to understand key e-signature directives, such as the European Union Digital Signature Directive and the United Nations Convention on the Use of Electronic Communications in International Contracts. And when it comes to cultural sensitivity around signatures, Stamp says if a lawyer or business partner prefers to actually see a handwritten signature, then that concession should be made. "You should never underestimate the importance of making business people feel comfortable," he says.
- Strategize around security The value of digital signatures -- just like a traditional "John Hancock" -- hinges on their validity. And in the electronic world that means having end-to-end security for transactions completed by digital signatures. Forrester recommends that CIOs, for example, spearhead "a solution that meets the most stringent security requirements that the organization will face." Sinsabaugh agrees that before an organization rolls out any digital signature program, it needs to focus on the integrity of the security: "It has to be iron-clad," she says. Forrester advises that e-signature security processes must also ensure that the signer has been identified properly and knows what is being signed, and that organizations "put a watertight audit process in place to make sure that the data isn't tampered with once it's submitted."
Despite the challenges organizations face in adopting digital signatures, Sinsabaugh says the effort is worth the reward.
"If you don't have this capability, you'll lose potential customers and business," she says. "The payoffs are tremendous."
Courtney Macavinta is a Silicon Valley-based business and technology writer. Her articles have appeared in CNET News, Business 2.0, Red Herring, Wired News, and The Washington Post. She also is managing editor of the online program The Online Family.