Get visibility on eSign fraud with Verifier API

March 27, 2024

Rachna Bhalla

Product Manager

Verifier API Blog

Summary

  • Get visibility on eSign fraud with Leegality’s Verifier API
  • Validate the signed documents are tamper-free
  • Verify the signer’s identity

In the digital age, signing documents electronically has become increasingly popular. With electronic signatures (eSigns), individuals and businesses can sign contracts, agreements, and other documents with ease and efficiency.

However, verifying the authenticity of eSignatures is critical to ensure the validity of any document. Even a single mistake can put your digital documents at RISK.

In this blog post, we will discuss the importance of verifying eSigns and how to verify eSigns.

The problem with the existing mode of verifying eSigns

Digital signatures use encryption technology to confirm the identity of the signer and protect the document against tampering. This encryption technology is compatible with all PDF readers. So when you open a eSigned document, you can see verification details like this

PDF Reader Signature Panel
Signature Panel in PDF Readers

But, imaging doing this at scale. Imagine you’re an enterprise that gets hundreds of documents eSigned per day. Manually opening each document in a PDF reader and verifying each eSign hundreds of times is practically unviable.

That’s why we built Verifier API.

Introducing Leegality Verifier API

Leegality Verifier API allows users to verify eSigned documents at scale in a convenient, auditable way.

Leegality Verifier API conducts following checks:

  • Certificate validity check returns the validity period and authenticity of the certificate issuer ensuring that you are protected against man-in-the-middle attacks caused by compromised/expired certificates.
  • Certificate chain validation check ensures to return the name of the Electronic Signature Provider through which a digital signature has been issued.
  • Timestamp token validation check ensures that the document containing an eSignature has not been altered after the time of signing. It returns the date and time of signing.
  • Certificate revocation check ensures that the signer's certificate is not part of the list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date. A revoked certificate can no longer be trusted as it might have been compromised.
  • The Signer details given by you are crosschecked against the records in the signing certificate. It allows businesses to validate the signer's name, address, pin code, year of birth, gender, and country against those found in the signature certificate.

Disclaimer - Verifier API doesn't assure validation of the certificates signed outside India.

Here’s how Leegality Verifier API confirms the signer’s identity -

Verifier API flow
How Verifier API checks if the right signer eSiged the document

Leegality Verifier API - eSign Verification Report

eSign Verification Report will give the result by matching the following information available in the eSign certificate against the signer details passed -

  • Signer’s Name
  • Signer’s Gender
  • Signer’s Year of Birth
  • Signer’s last 4 digits of Aadhaar
  • Signer’s State
  • Signer’s postal code
Verifier API eSign Verification Report
eSign Verification Report

Verifier API will help you validate any eSign which carries a digital signature certificate and uses the key-pair encryption technology.  This includes the following types of eSigns -

  1. Aadhaar eSign (through OTP, Fingerprint, or IRIS authentication)
  2. DSC Tokens
  3. Cloud DSC (Cloud-based alternative to problematic DSC Tokens)
  4. NeSL
  5. DocSigners used for corporate signing 

PS - You can’t verify Virtual Signatures (i.e., OTP-based signatures which don’t carry digital signature certificates) with Verifier API.

Why Verifier API? eSign verification at scale

We believe Verifier API is not a need but a must for any flow that collects electronic signatures. Here are the benefits of integrating Verifier API -

  1. Prevent signature fraud
  2. You can verify eSignatures at scale instead of manually validating

Verifier API is ideal for

Banks and Financial Institutions: Banks and financial institutions use eSignatures extensively for loan agreements, account opening, and other financial transactions. They have a strong need to ensure the authenticity of eSignatures and prevent fraud.

Legal Firms: Legal firms handle a large volume of documents, including contracts and agreements, and rely on electronic signatures to simplify their document management process. Verifying the authenticity of eSignatures is crucial for legal firms.

Government and Public Sector: The government and public sector in India are promoting digital transformation initiatives, and eSignatures play a vital role in this process. Verifier API product can help ensure the authenticity of eSignatures used in government transactions.

Large Enterprises: Large enterprises in various industries such as healthcare, logistics, e-commerce, and real estate use eSignatures for their contracts and agreements. 

These are just a few potential customer segments for Verifier API product in India. 

Conclusion

In conclusion, verifying eSigns is crucial to ensure the authenticity and validity of documents signed electronically. The verification process helps to

  • Establish the identity of the signer
  • Confirm that the document has not been altered or tampered with
  • Protect against eSign fraud

By using Leegality’s Verifier app or API individuals and businesses can ensure the authenticity of their eSignatures and protect their legal and financial interests.

You can write to us at enquiry@leegality.com if you want a customized demo for Leegality Verifier API.

PS - You can try Verifier API for free (No login, no credit card) here - verifier.leegality.com