In May 2021, researchers published two attacks on certified PDFs, which enabled unintentional and fraudulent modifications to be applied to signed documents. Here we provide a brief summary of the attacks and explain why documents that are digitally signed using Cryptomathic Signer and its WYSIWYS technology is not susceptible to these attacks.

When deploying digital signatures to fully digitalize business processes, large organization such as banks must comply with the technical and legal guidelines of the country in which they operate. Complying with standards of various jurisdictions can prove difficult when the signature solution must be made available on both a global and a local level.

What You See is What Your Sign (WYSIWYS) is a term that is used to describe an enhanced level of data integrity within a digital signature system. Its purpose is to ensure that the content of a signed message cannot be altered, whether intentionally or accidentally (non-repudiation).

eIDAS provides the technical and legal framework needed for electronic identification and digital signatures to allow the banking industry to digitize its processes fully. This article introduces the technology needed for remote signing at the level of a qualified electronic signature (QES).

Cryptomathic’s Signer is the only qualified (electronic) signature creation device (QSCD) that is certified under the SO-GIS agreement using the Common Criteria Recognition Arrangement (CCRA). Its security target is written to strictly conform to the certified protection profile EN 419 241-2.

In this article, we will discuss the Certificate Authority (CA) in the context of eIDAS and what is required of this entity in ensuring the integrity of qualified electronic signatures.

Considering the COVID-19 impact on digitalization, EBA’s updated Guidelines on ICT and Security Risk Assessment will help focus on priority areas, including compliance.

The eIDAS regulation provides both the technical and legal framework for electronic identification and digital signatures that the banking sector needs to fully digitalize its processes and go paperless.

This article looks at 3 alternative deployment options for remote signing, catering for 3 different business models. The choice of the option will depend on the financial institution’s specific situation and strategic goals. This article gives guidance.