How banks can guard against e-signature fraud in the digital landscape

E-signatures make signing easy but they also bring a challenge—fraud risks.

In a striking case of signature fraud, a woman from Karnataka successfully won a claim against the State Bank of India last year after Rs 3 lakh was fraudulently withdrawn from her account using a forged physical signature. This incident highlights the vulnerabilities inherent in the paperwork process at banks in India today.

Banks and other businesses are rapidly switching to digital paperwork and e-signatures to combat such issues. But how secure is this alternative?

Stakes of document fraud

Imagine the fallout from the signature forgery case above. More than financial losses, it led to legal chaos, regulatory investigations, and a dent in customer trust—and will probably result in some regulatory scrutiny down the line. Such real-world consequences emphasise the critical importance of businesses fortifying their paperwork and signature processes.

Just switching to digital processes is not enough. Even your digital paperwork process needs to be fortified against fraud.

Solving through digitisation

At a preliminary level, the use of electronic signings like Aadhaar eSign and DSC tokens prevent one layer of fraud—that of physical impression forgery. You cannot “mimic” an Aadhaar eSign with clever handwork; someone needs to actually do the authentication process to affix an Aadhaar eSign.

Sometimes there’s an apprehension that even with digital modes: “What if someone borrows my DSC Token and knows my PIN?” or “What if someone knows my Aadhaar number and has access to my phone to enter the OTP?”

These apprehensions can be alleviated easily with other additional digital authentication methods like face-matching technology and geolocation.

Beyond this, there are four primary areas of fraud that even digital processes must safeguard against:

• Wrong Aadhaar/DSC being used for eSigning
• Blank form signing
• Unauthorised location signing
• Unauthorised mobile phone access during signing

Also Read

How AI helps detect and prevent fraudulent activities on ecommerce platforms

Wrong Aadhaar/DSC being used for e-sign

There’s another problem with eSignatures: how do you know that someone is using the “correct” e-signature? Let’s say Bank A agrees to disburse a loan to Customer X. But at the time of signing, Customer X forgot their Aadhaar and so used their wife’s Aadhaar to e-sign.

The signature on the loan agreement is not of the borrower in this case—creating enforcement issues down the line.

To overcome this uniquely digital problem, businesses need to adopt verification features like smart name verification and parameter verification. This type of technology matches the name on the signature certificate with the name on the agreement along with other parameters and rejects signatures where there is a mismatch.

To account for the inevitability of minor name variations (a big problem in India), such technology needs to incorporate machine learning and AI to avoid unnecessary rejections.

Solving blank form signing

Agent or field officer fraud is a big risk in India. In consumer forums, there are dedicated court halls dealing with cases where a customer signed a blank policy—only to find that its terms had changed later.

To mitigate this, businesses need to adopt auto-population of documents directly from their data pools (CRMs, ERPs, LOS, LMS etc). This approach can also include a maker-checker process where a second entity within the business approves the document before it is sent out. By limiting e-signing to pre-approved templates, businesses successfully minimise the risk of unauthorised or incorrect document signing.

E-signing outside authorised locations

Businesses, especially those operating via a network of branches, often try to prevent fraud by mandating that signing can only happen at the branch. The thinking is—“more eyes, less fraud.”

But a digital process wherein signing can happen remotely breaks this rule.

To prevent violation of this rule in a digital process, businesses need to start implementing geo-fencing for digital paperwork. With geo-fencing, any signatures that take place outside an authorised location get blocked immediately.

Preventing unauthorised mobile access

In many high-value use cases, e-signatures are collected remotely. This is because the signatories are often travelling. How do you ensure that the phone of the signer is not compromised?

To solve this, businesses can implement two-factor authentication for digital document access. Here, the signer needs to enter an OTP sent to their phone and their email to even access a document for e-sign.

Building a fortified future for e-signatures

As our lives seamlessly intertwine with digital innovations, the significance of fraud prevention for digital paperwork and e-signing cannot be overstated. The real-world examples illustrate the imperative need for proactive measures to secure e-signatures. Whether it's smart name verification, pre-population of documents, or implementing advanced technologies like geo-fencing and face capturing, each strategy contributes to a fortified future for e-signing.

In today's tech-driven world, staying vigilant against fraud is crucial for using e-signatures with confidence. Learning from past experiences, both individuals and organisations can ensure a safe and reliable journey through the digital landscape.

(Shivam Singla is CEO and Founder of Leegality.)