In business, a legal document could make or break the company. Contracts, nondisclosure agreements (NDA) and even intellectual property rights (IP) require signatures from key people in the company.
Given the emerging concerns of COVID-19 and the emphasis on social distancing, it may not be as convenient and safe to meet and persuade the relevant people to sign the documents.
One possibility is to introduce electronic document signatures in the company. Did you know that electronic signatures (e-signatures) can be manipulated after signing, although this method of simple online signing is practical?
“The electronic signature cannot offer tamper-proof security, ie if someone kidnapped your email and changes the content in the signed document, you can't see it at all, ”said Edward Law, CEO, co-founder and director of Securemetric.
Example scenario 1: You have just signed a contract by e-signature. But the other party suddenly decides to come back to their word. You argue that the electronic signature is not yours and create a new contract because there is no evidence that you signed the contract personally.
Example scenario 2: You have an e-signature app, the signature of which is saved on your phone. Someone with malicious intent could open the app and sign an important document without your consent. By the time you find out, the damage is already done. How can you argue that the signature is not yours once you have signed it?
These scenarios are examples of why digital signatures exist. This is a convenient and secure way to sign important documents online without wasting time and material compared to traditional signatures.
Securemetric, a Malaysian company with a laser focus on digital security, would like to introduce SigningCloud, a new platform for companies to digitally sign documents online.
Digital signature VS Electronic signature
Both terms are used synonymously, but differ in terms of security.
The electronic signature can be viewed as a simple image that is inserted over the original document. But as I said, it could be manipulated.
Note: For electronic signatures, a simple "x" above the dotted line is sufficient. But can it have legal value in disputes?
A digital signature is equipped with more security functions that prevent it from being manipulated after signing.
Falsifying a digital signature is almost impossible because all of the cryptographic operations are performed in a secure environment. Falsifying a handwritten signature is easier in comparison.
Edward Law, CEO, co-founder and director of Securemetric
Edward Law, CEO, Co-Founder and Director of Securemetric / Image Credit: Securemetric
But what exactly does the digital signature make secure?
A digital signature is supported by four important pillars of security:
Before the person signs, they must first be authenticated to show that they are the intended signer. This is usually done by two-factor authentication (2FA) or biometric scans such as B. Codes that are sent via SMS, fingerprint or face recognition on a mobile phone.
When signing a legal document, the person must first complete an eKYC that will perform a MyKad and facial check.
The documents and communication between the parties are all encrypted so that only the owners and authorized signatories can see them.
A digitally signed document is given a cryptographic fingerprint tamper-proof. If someone tries to change the document after it has been signed, it can be recognized by all tools that can check the PDF signature, e.g. B. Adobe Acrobat Reader and Foxit Reader.
This means that after signing a legal document, all parties cannot deny that they signed it.
When you sign a document through SigningCloud, the document is issued a digital ID by a trusted neutral party called Certificate Authority (CA), which is licensed by MCMC under the Malaysian Digital Signature Act 1997.
The competent authority also has all the evidence for the signature. If the case is brought to court, the competent authority can be called in as a witness.
To use SigningCloud, all you need to do is register your account and download the app (available from the Google Play Store and the Apple App Store) to your mobile device or tablet.
So you can sign anywhere, anytime without worry. Aside from that, SigningCloud offers some additional features that set it apart from the others.
Why use SigningCloud?
First, Edward claims that SigningCloud is the first publicly available digital signature platform in Malaysia to support multiple licensed certification authorities. You have integrated support Raffcom and Trustgate, with the 3rd CA is coming soon.
Raffcom is a local company offering technology and IT services and they obtained their CA license back in 2018. Trustgate is a company that offers internet security related products and services and they obtained their CA license back in 2000.
"Imagine SigningCloud, you can only digitally sign with a selected certification authority, because the providers block their option with only one certification authority."
Regarding why it is important to have multiple certification bodies, Edward said that this enables customers Choose the CA you prefer based on their services and prices.
SigningCloud also runs on one Pay-per-use basis for legal documents. However, if you only sign internal company documents, they have a monthly subscription.
Depending on your company size and the value of tamper-proof internal company documents, you can choose plans with different monthly subscription fees.
The pricing plans for SigningCloud / Image Credit: SigningCloud
Unlike the other online sites or apps that you used to sign documents in the past, SigningCloud supports that Malaysian Digital Signature Act 1997 (DSA 1997).
The DSA 1997 is monitored by the Malaysian Communications and Multimedia Commission (MCMC) and the law ensures that digital signatures are regulated in Malaysia.
Last but not least, your company with digital signatures does not have to waste resources to print, manage or save documents as everything is stored on a secure cloud server.
A company with a proven track record
Securemetric was founded in 2007 and since then has been represented throughout Southeast Asia with branches in Indonesia, Singapore, Vietnam and the Philippines.
The company is also a major player in digital security, offering services such as software licensing protection, public key infrastructure (PKI system) and cryptography.
You have implemented PKI systems nationally for over 4 countries in SEA.
They also looked after a number of large customers such as Lazada and implemented authentication solutions for MyEG, SPS, banks and government agencies.
The Securemetric team on one of their previous starts / Image Credit: Securemetric
The company has also received many awards in the past. One of her latest awards is the Best security Award for their authentication and public key infrastructure products from Cybersecurity Malaysia and MSC APICTA.
Regarding the reason why they focus on digital signatures, Edward announced that this is included in their roadmap and one of the main reasons why they chose to go public. The IPO then enabled them to raise funds and invest in research and development.
With the additional engineering capacity granted to them by the IPO, they managed to shorten the development period when creating SigningCloud.
Selected image source: Securemetric