Zions? offspring leader in e-signature verification

SALT LAKE CITY — When President Clinton signed a bill into law this summer allowing electronic signatures the same validity as the pen and ink kind, critics jumped to the public soapbox proclaiming them easily forgeable and risky.

A Utah sibling of Vectra Bank Colorado has the answer to that.

In place of a scribbled signature, digital-signature technology creates a one-of-a-kind set of numbers and passwords unique to the signer. To quell the critics about verifying a signature’s authenticity, Digital Signatures Trust Co. has devised a way to authenticate the signature and serve as an independent, trusted third party, says Jim Palmer, director of solutions architecture.

SPONSORED CONTENT

Business Cares: April 2024

In Colorado, 1 in 3 women, 1 in 3 men and 1 in 2 transgender individuals will experience an attempted or completed sexual assault in their lifetime. During April, we recognize Sexual Assault Awareness Month with the hopes of increasing conversations about this very important issue.

The Salt Lake City company is an offspring of Zions Bancorp., a 127-year-old organization that owns 15 banking and finance companies and 350 banking offices in eight western states, including Colorado.

“Who do you trust more than your bank when you’re depositing your money there?” Palmer asks. “The consumer can have the same confidence as when they walk into the bank and see the sign that says their deposits are insured for $100,000.” Palmer says his company is subject to the same regulations and auditing as banks, noting that it is regulated by the Office of the Comptroller of the Currency.

Boulder high-tech law firm Colson & Quinn is no stranger to using digital signature technology in dealings with clients. Partner Joyce Colson says that it is as good as, and sometimes better than, traditional signatures on paper, because it is harder to dispute the authenticity of a digital signature, due to its encrypted and mathematical nature.

Those wanting to seal a deal online will need to have a key pair generated. A key pair is made up of a private password that only that person knows and a password that is released to the public in order to unlock a message affixed with a digital signature. A digital signature results from two mathematical algorithms being multiplied by the message’s electronic code and the private key code. The public key code is substituted in the equations for signature verification.

Digital Signatures Trust provided the technology that the president used to symbolically sign into law the Electronic Signature Act of 2000 prior to signing in ink. The law defines an electronic signature simply as an electronic sound or symbol. “An electronic signature can be anything. It can be pressing the number nine on my phone,” Palmer says, explaining the extra protection that his company offers over what the law requires. He says the extras provide the privacy and security consumers and businesses are looking for, as well as a defense against fraudulent transactions.

Digital Signatures Trust, founded in 1996 after Utah became the first state to enact a digital signature law, serves as a trusted witness to each transaction. The company issues a digital certificate to a client, which verifies the client’s name, company, authority to engage in certain transactions, digital signature and public key. All of this information is held in a central database so that people can check in to verify transactions.

The company also can revoke a certificate, known as TrustID, if a client loses his private key or it becomes compromised another way. In this case, a message carrying the revoked key will be flagged as illegitimate.

In disputing a contract with a digital signature present, the burden of proof lays upon the person disputing it, Colson says. “People disputing that it’s their signature will have to prove that there is a flaw in the system or that they lost their private key,” Colson says, adding that the responsibility of holding the private key is a heavy one.

A person must fiercely protect the key to guard against unauthorized use of it and must report the loss of the key immediately to their certification authority to head off that use, she insists. That leads to her primary issue with certification authorities. Since companies rely on their certification authority to validate signatures, what happens if the authority is wrong?

The company has learned a little something from its banking roots, Palmer says.

Digital Signatures Trust acts much like the Federal Deposit Insurance Corp., which insures bank deposits, by insuring each transaction for as much as $100,000 and each certificate up to $250,000. The company is backed by Zions Bancorp. which has combined assets of $21.5 billion, and it is insured by Lloyd’s of London.

“This is not a payment device. We are guaranteeing that person’s identity,” Palmer warns, adding that the company does not vouch for their clients’ financial ability to pay in transactions, only that they are who they say. Palmer says further that if Digital Signatures Trust were to make a mistake in verifying identity, the company would cover the transaction.

With all that protection and technology, what do you do with it in real life?

Online retail could be streamlined by capturing a signature at the point of sale instead of trusting that a person buying a product really owns the credit card being used. This capability is a very strong growth area, Palmer says, because it would provide a way for merchants to limit getting stuck with charges that their customers decline. Currently, he says, online merchants must rely on billing addresses to match their customers to credit card numbers. The company also is implanting digital certificates into Smart Visa cards, cards carrying a chip that can be programmed with consumer information.

A company or government agency also can provide the digital certificate service, as is planned for the Utah State Bar association when the state begins processing civil lawsuits electronically. The bar association will issue the digital certificates to its members and verify a member’s status when a suit is filed. Utah is already processing criminal cases this way.

A lawyer’s advice: “I think what you have to do is if you’re sufficiently comfortable with the technology and you feel it’s sufficiently safeguarded, go ahead and use it,” Colson says. “For most large companies, it will probably make sense to embrace it in some way.” She says companies will need to be sure to commit to it and set up policies to protect private keys. Typically, the technology would benefit companies that do large volumes of business together.

Digital Signatures Trust is confident the technology will catch on widely. The certification is relatively inexpensive, depending on the level of liability for which a company or agency wishes to be covered. Typically, the range runs from less than $1 to $200 per certificate, with the latter covering a contract with the U.S. Department of Defense.

Business is good, too, Palmer says. The company has grown from 40 to 124 employees since January, and Palmer says the company is adhering to its business plan. Declining to provide specific numbers, he says the company is in the black. It is finalizing a strategic partnership with a Japanese systems integration company, making its first leap into the international business market. The company also has a sales office in Maryland to handle government contracts and another in Seattle to handle that state’s system. The company is negotiating with Vectra Bank Colorado to bring the system here.