The first question to answer regarding user authentication is whether any authentication is required by your particular work process. In the paper world, ink-signed documents are not normally authenticated unless they are notarized. We have become accustomed to accepting scribble on a paper document as acceptable in most cases. There are exceptions such as when you are familiar with a signer's signature, or you have a specimen signature that requires comparison (i.e. a bank account signature card).
If you accept unauthenticated paper documents, it may be fine to accept unauthenticated electronically signer documents as well. Many business processes do not automatically trigger upon submission of a signed document. There is some back office process required (i.e. check credit, verify address, id number, etc.). Most electronic signature laws (for example in the US, Canada, EU and other countries) do not require any form of authentication. There are some regulatory exceptions - for example, US Patriot Act identification requirements for opening a bank or brokerage account. So it is important to understand your business process requirements around authentication.
If you do require some type of authentication there are two basis approaches.
- External authentication (external to AlphaTrust e-Sign), or,
- AlphaTrust e-Sign managed authentication.
An example of external authentication would be to use your own customer portal to authenticate users before using any electronic signature services of AlphaTrust e-Sign. You may include results of external authentication in the AlphaTrust e-Sign audit trail record by adding this information to the Participant's
AlphaTrust e-Sign supports several methods of user authentication that you may request for a signer:
- Email Response Authentication
- One-Time PIN/Password Authentication
- Registered User Authentication
- Third-Party Identity Verification
- Federation Authentication
- HTTP Header Check Authentication
- Knowledge Based Authentication (KBA)
- Mobile Authentication