eIDAS: Qualified Electronic Signatures – Just what the Bankers ordered

by Gaurav Sharma (guest) on 20. March 2019

The broader financial services industry – including banks, credit card companies, FinTech service providers, tech companies offering digital wallets etc – are today at the frontlines in the fight against cybercrime. Because these companies are involved in moving large sums of money around each day, they become obvious targets for criminal elements.

Many people assume that cyber attacks targeting financial service companies are sophisticated and high level, and while that is indeed true for some cases, the vast majority of them happen due to simple carelessness. For example, not having secure passwords, allowing malware to infect your computer, logging in on infected public computers and so on.

A Balancing Act

New Call-to-actionFinancial services companies have to obviously protect against this threat. However, they are also under pressure to make banking a lot easier and seamless. They are under threat from things like digital wallets, P2P lending, robo-advisors, digital-only banks etc which offer a hassle-free experience and are becoming the platforms of choice for many people.

A balance is therefore needed – something that provides a great level of security but is also capable of being seamlessly integrated on
multiple platforms using multiple
approaches.

This is where Qualified Electronic Signatures come into the picture. To be fair, electronic signatures have been used for a while now but with the eIDAS Regulation, the European Commission has clearly set out the criteria for what qualifies as a Qualified Electronic Signature (hence the name).

These signatures have a certificate that is issued by a qualified trust provider using a Qualified Signature Creation Device (QSCD). The technical specifications for using these electronic signatures for XML, PDF and emails have been developed by the European Telecommunications Standards Institute. However, from a banking/ FinTech perspective, the most interesting aspect is their legal status. EU member states have to accord the same legal standing to qualified electronic signatures provided by qualified trust providers as they do to handwritten signatures as per the eIDAS Regulation.

Two Birds with One Stone

What this means is that using Qualified Electronic Signatures allows banks to tackle both of their problems together – on one hand they can offer a fully digital and hassle-free experience to the customer. There is no need for physical documents to be signed and shipped or handed over back and forth due to errors or mistakes or mismatching signatures and so on. And on the other hand, the electronic signature will have the same legal probative value as a handwritten signature and provides the necessary assurances. These signatures guarantee that it is indeed the customer that has signed the document or initiated a transaction (non-repudiation of origin) and that his message or command has not been altered in-transit (non-repudiation of emission).

These built-in features for non-repudiation ensure that financial service providers are able to ascertain both the authenticity of the user and the integrity of the message. But it's not just the banks and service providers that benefit, the customer also gets a better level of security and a more user-friendly fully-digital experience.

Download white paper

References and Further Reading

Other Related Articles: # eIDAS # Banking

Want to know how we can help ?

Get in touch to better understand how our solutions secure ecommerce and billions of transactions worldwide.