Secure Virtual Signature
Virtual Signatures are electronic versions of your physical signature. However, they lack certain technical safeguards: they can't definitively verify the identity of the signer, nor can they detect document alterations post-signing.
To counter these weaknesses, Secure Virtual Signatures have been developed. They provide added layers of authentication to enhance security, such as:
- OTP Authentication: Mandatory authentication via phone/Email/Whatsapp before accessing the virtual signing pad.
- Additional optional layers of authentication such as Face and GPS Capture
- Multi-factor Authentication: An optional feature for further security.
- Secured via neutral digital signature: The service provider affixes their digital signature in the backend to protect the document being signed from being tampered without knowledge.
Secure Audit Trail: The signature event and document details must be meticulously recorded in a secure, digitally signed audit trail
Under Section 10A of the Information Technology Act, 2000, a contract signed with a Secure Virtual Signature is legally enforceable in India, with two exceptions. Secure Virtual Signatures can't be used to sign:
- Documents specified in the First Schedule of the IT Act, 2000.
- Any document that must, by law, rule, or regulation, be signed (here the law, rule or regulation must specifically use the word “sign”, “signed” or “signature”. Most contracts do not fall under this bracket)
Here is a handy table which tells you where can you legally use Secure Virtual Signatures:
The legal enforceability of any eSign type depends on:
- How well it can establish the identity of the signer (Authentication)
- Whether the document can be altered after the signatures are affixed (Integrity)
- Whether the parties can deny their acceptance of the terms and conditions at a later stage (Non-repudiation)
A Secure Virtual Signature is easy to enforce because it performs these 3 functions very well.
To dispute or deny a document signed via Secure Virtual Signature, the other party would need to:
- Deny and prove that the OTP was not authenticated on a device/email in their possession
- Deny and prove that the signature impression was not performed by them
- Deny and prove that they were not present for signing even though their face has been captured (in case of optional layer of Face Capture)
- Deny and prove that they were not present for signing even though their GPS coordinates were captured (in case of optional layer of GPS Capture)
- Deny and prove that they did not possess and authenticate the document via their alternate contact coordinate (in case of optional Multi Factor Authentication layer)
- Deny and prove that the entire series of events captured by the Secure Audit Trail are false
Doing all of the above is extremely hard to do - making Secure Virtual Sign a highly enforceable form of electronic signature.