Trustworthy Processing of Biometric Signatures on Tablets and Smartphones Creating Business Processes with Strong Evidential Weight Berlin – May 21, 2014 EAB Seminar “Biometrics in Banking – Reality Check 2014” introduced by Alain Sarraf (SOFTPRO) & Michal Lichner (ANASOFT)
41
Embed
Trustworthy Processing of Biometric Signatures on Tablets and Smartphones
Michal Lichner of Anasoft and Alain Sarraf of Softpro were introducing how Biometrics of handwritten Signatures captured on Tablets and Smartphones play a vital part to create trustworthy electronic signatures and help banks to go paperless in many situations. One of the case studies presented focuses on an application which is running for more than a year now at Cetelem, brand of the BNP Paribas Finance Group, in Slovakia. Customers fill documents and sign them within several applications on mobile tablets (in this particular case, a Samsung Galaxy Note 10.1). Documents created by the application which will be demonstrated are legally binding providing strong evidential weight. The bank is saving the processing of approximately 1.6 mil sheets of paper every year. Additionally, they are saving the time to which would have been necessary to amend mistakes caused by manual data entry. Finally, retailers enjoy an improved cash flow as payments are settled on the next day after a sale (processing time with paper process is approximately 1 - 2 weeks). Moreover, the speakers were sharing experiences with E-Signing deployments in Banks around the world.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Trustworthy Processing of
Biometric Signatures on Tablets and Smartphones
Creating Business Processes with Strong Evidential Weight
Berlin – May 21, 2014
EAB Seminar “Biometrics in Banking – Reality Check 2014”
introduced by Alain Sarraf (SOFTPRO) & Michal Lichner (ANASOFT)
The Signature Professionals – SOFTPRO Group
2
Singapore
SOFTPRO Asia Pacific
Böblingen (Group Headquarters)
SOFTPRO GmbH
SOFTPRO UK
London
Westlake Village,
California
Foundation 1983
Employees ~ 70
Chennai
SOFTPRO Signature Management India
Beirut
Representation
Santiago de Chile
SOFTPRO LATINOAMÉRICA
SOFTPRO North America
Bear,
Delaware
www.sp-l.de/Nscz
Trusted by the World’s leading Financial Institutions
3
* Ranking Source: The Banker: Top 1000 World Banks 2013, Ranking of Banks by Assets end of 2012, published July 2013
12 of the “Top 25 Banks”* are SOFTPRO customers.
SOFTPRO caters for Financial Institutions of all sizes – e. g.:
Electronic Documents and Legal Acts (Decree-Law No. 290-D/99)
Law on Electronic Signature (No. 455/2001)
Act on Electronic Signatures (No. 215/2002)
Among the 28 country laws and ordinances
to be widely replaced by the European
Regulation are for example ….
Note: The year shown at each act lists when these acts came into force for the first time. Most of these acts were updated last time in either 2012 or 2013.
E-Signature Terminology by European Commission
‘Electronic Signature' means …
Directive 1999/93/EG
Art. 2 paragraph 1
Regulation eIDAS 2014
Art. 3 paragraph 10
data in electronic form which are
attached to or logically associated with
other electronic data and which are
used by the signatory to sign;
data in electronic form which are
attached to or logically associated
with other electronic data and which
serve as a method of authentication;
E-Signature Terminology by European Commission
‘Advanced Electronic Signature'
means an electronic signature which meets the following requirements:
Directive 1999/93/EG
Art. 2 paragraph 2
Regulation eIDAS 2014
Art. 3 paragraph 11
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using electronic signature
creation data that the signatory can, with
high level of confidence, use under his
sole control; and
(d) it is linked to the data to which it relates
in such a manner that any subsequent
change of the data is detectable;
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using means that the
signatory can maintain under his sole
control; and
(d) it is linked to the data to which it relates
in such a manner that any subsequent
change of the data is detectable;
Purpose:
Provision of
Authenticity
&
Integrity
Admissibility
21
Can Electronic Signatures created with SOFTPRO SignDoc be used in Court?
An electronic signature shall not be denied legal effect and admissibility as evidence in
legal proceedings solely on the grounds that it is in an electronic form or that it does not
meet the requirements of the qualified electronic signature.
Admissibility Yes
Directive 1999/93/EG
Art. 5 paragraph 2
Regulation eIDAS 2014
Art. 25 paragraph 1
Persuasive Evidential Weight
22
Holistic Assessment of all Process Steps in a Document Lifecycle required
Access Authentication Document
Presentation
Capturing
additional data
Document
Completion
Signature
Creation
Archiving /
Delivering
take photo on tablet on web portal e.g. insert text,
tick boxes…
Components of Evidential Weight
Signature
Creation
Adding evidential weight
via multiple E-Signing
options
Additional Evidence (Integration via SignDoc SDK)
GPS Coordinates, Time Stamp,
Certificates, ….
Handwritten
Signatures
Image of
Signer
Image
of ID
+
+
+
+
+
+
+ +
+
+
Leverage Cameras
of Tablets
The more precise and differentiated signals of the writing procedure
may be captured the higher the evidential weight of a particular
signature data set
Capturing of as many signals per second as possible – also required
for accurate display of arcs and loops, ideally also capturing of different
levels of writing pressure
Crucial for the reliability of a comparison with a reference signature no
matter if verified
- automatically using software and/or by a forensic expert
- per default always immediately after signing or later, only if necessary
Evidential Weight of Data of
Digitized Handwritten Signatures
24
Spotlight: E-Signing in Spain
25
Full legal support as a means of client consent
Must obtain from client consent to use the system, both required by
Data Privacy laws and two-party agreement laws
Double signature process based on transaction complexity and risk
Not relevant that Biometric Signatures are not a PKI: Solution
robustness provides the proof of the agreement
Technical Audit by 3rd party to certify security level and robustness
Must comply with legal restrictions based on Data Privacy laws
“Firma
Digitalizada”
Source: Main Conclusions of the Legal Report on Firma Digitalizada, Santiago Uriel, Presentation at SOFTRPRO Partner Academy 2013 Prague
Santiago Uriel
CIO CECA
In many cases there is no regulation at all
26
Image Source: Legal Framework of Firma Digitalizada, Santiago Uriel CIO CECA, Presentation at SOFTRPRO Partner Academy 2013 Prague
If there's no legal regulation …
…..there is no need to wait for one.
The Spanish Savings Bank Organization, one of the most successful users of e-Signing in
Europe, did not wait for a law to come (as there wasn't any).
In 2008 they have just started to include E-Signing in their processes.
No Limitation Requirement of written form
Consumer Loans regulated in
Civil Code Art. 492
Case Example of Regulations in Civil Law
27
E-Signing of Loan Contracts on Tablets – Today different situations in the EU
Exception to the rule: If no interest is
imposed on the consumer loan (Zero-Percent-Financing) the contract does not fall under the regulations of a
consumer loan and may be categorized as form free.
Similar legal situation for example in …
What to do if Written Form is still required?
28
! Written Form
Hybrid Solution:
Combination of Paper &
Special Pen with Tablet
Signature Capturing with special „Tablet
Inking Pen“ in parallel: wet ink on paper and
digital ink on tablet.
Suitable in particular for usage where written
form required in some processes only while
most processes are form free
Video http://sp-l.de/9vmi
Form Purposes of Written Form
Features of a written form which should be fulfilled by an electronic method:
Identity
Integrity
Proof
Conclusiveness
Warning Protection
against
Haste
Resistance
against
Manipulation
Non-Repudiation
29
Pen Computing: Evolution from Stationary to Mobile
30
Tablets &
Smartphones
Windows
Tablet PCs
Tablets in connection with
PC / Notebook
Stationary Mobile primary area of use
Display Size & Content to be signed
31
12.2“ 10.1“ 8.0“ 5.7“
Receipts
~ A6
Complex Contracts
A4 / letter size
Smartphone – Alternative to Signature Pads
… applicable for ‚Bring Your Own Device‘ concepts
until December 2013: worldwide > 50 mio. sold devices
GALAXY Note since Nov 2011
GALAXY Note II since Nov 2012
GALAXY Note 3 since Sept 2013
33
First impression counts – also when Signing
Stylus
Digital Ink
Display Surface
Smartphone – Alternative to Signature Pads
34
Connect Smartphone and PC in same network
App Sign2Phone
Rich Client SignDoc Desktop
Browser Client SignDoc Web
or
Integrate E-Signing in existing Workflows
35
Apps for
Signature Platform
36
Key Take Aways
Signatures …
Are a viable biometric for stating consent in contracts
Can be easily incorporated into existing bank processes without disruption
Are subject to only very few legal restrictions for usage in most banking
applications
Legality is becoming clearer and more transparent due to new regulations
May be cheaply captured with a broad array of devices = many capture
possibilities and lower costs
Consumer Credit Specialist of BNP Paribas Personal Finance
Group is saving 1.6 mil paper sheets (20 trees) per year
37
E-Signing on Tablets – Reference Banking
eSign Cetelem is the customer’s application
based on SIGNATUS, a solution provided by
ANASOFT with E-Signing components powered
by SOFTPRO. Retailers and their customers sign
on tablets, like the Samsung Galaxy Note 10.1,
for installment sales in retail.
http://sp-l.de/fTwX
Case Study: Cetelem, BNP Paribas Personal Finance Group
38
Topic: Dematerialization, in two phases ...
Goal: Electronic Clients’ documentation
Solution: DMS Alfresco Enterprise
Goal: Electronic signing of contracts on
points-of-sale
Solution: eSign Cetelem project
Requirements:
• Signing of contract on the reading device
• Maximum safety – personal data, fraud, loss
• POS infrastructure independence
Solution:
• SignDoc SDK + Samsung Galaxy Note =
fully mobile solution
• Samsung SDKs + PKI + custom features = maximum security
• Integration with Cetelem’s environment (Extranet, DMS)
Case Study: Cetelem, BNP Paribas Personal Finance Group
39
+ + + L I V E D E M O + + +
Customer’s View:
• Improved cash flow for POS partners
• Signed contract immediately accessible to Client via Client Zone
• No fraud, no loss of documents, decreased error rate
• Innovation and market leadership
• Solution for POS & for e-commerce (delivered by couriers)
SIGNATUS – the preferred solution for BNP Paribas Personal Finance Group
40
12 000+ contracts 54% time saved
0% issues / errors 100% satisfied customers
Case Study: Cetelem, BNP Paribas Personal Finance Group