Securing Electronic Customer-Signatures in Legally Binding Business Processes: A Case Study from the Insurance Industry
On the way to a completely electronic workflow, it is necessary to include customer signatures. Legislation in many countries treats electronic signatures similar to handwritten ones. Both are accepted for various purposes such as for finalization of documents, acknowledgement of the document’s contents as well as conclusion of agreements. Most important, electronic signatures are accepted as proof of those actions. But customers today often lack knowledge or means to issue them. In this study a business process is described that will produce reliable signatures without the need of previous knowledge or devices on customer side. A threat model for a generic process is described and countermeasures including cryptography, biometric features, tamper-resistant devices, timestamps, signature databases, and others are discussed.