Products

This M’sian Company Wants To Make The Document You Signed Online Tamper-Proof, Here’s How

In business, a legal document could make or break the company. Contracts, Non-Disclosure Agreements (NDA) and even rights to Intellectual Properties (IP) require signatures from key persons in the company.

With the looming concerns of COVID-19 and an emphasis on social distancing, meeting up with the relevant people and getting them to sign the documents might not be as convenient and safe.

And one way to go about it is to introduce electronic document signatures within the company. While this method of simply signing online is convenient, did you know that electronic signatures (e-signatures) can be tampered with after signing?

“E-signature cannot provide tamper-proof security, meaning if someone hijacks your email and changes the content in the signed document, you cannot detect it at all,” said Edward Law, the CEO, Co-Founder and Director of Securemetric.

Example Scenario #1: You just signed a contract via e-signature. But, the other party suddenly decides to go back on their word. They argue that the e-signature is not actually yours and draw up a new contract, as there is no evidence that you personally signed the contract.

Example Scenario #2: You have an e-signature app with your signature saved on your phone. Someone with malicious intent could open up the app and sign a vital document without your consent. By the time you find out, the damage has been done. How can you argue that the signature is not yours when ‘you’ signed it?

These scenarios are examples of why digital signatures exist. It is a convenient and safer way to sign important documents online without wasting time and materials compared to traditional signatures.

Securemetric, a Malaysian company with a laser focus on digital security, wants to introduce SigningCloud, a new platform for companies to digitally sign documents online.

Digital Signature VS Electronic Signature

While both of the terms are used interchangeably, they do have some differences between them in terms of security.

E-signature can be thought of as a simple image pasted over the original document. But as mentioned, it could be tampered with.

Note: In e-signatures, even a simple ‘x’ over the dotted line will do, but can it carry any legal value when disputes happen?

As for a digital signature, it is equipped with more security features that prevent it from being tampered with after signing.

Forging a digital signature is almost impossible as the entire cryptography operations are performed inside a secured environment. Forging a handwritten signature is easier compared to this.

Edward Law, CEO, Co-Founder and Director of Securemetric
Edward Law, the CEO, Co-Founder and Director of Securemetric / Image Credit: Securemetric

But What Exactly Makes Digital Signature Secure?

A digital signature is supported by four key pillars of security:

  1. Authentication

Before the person even signs, they have to be authenticated first, to show that they are the intended signer. This is usually done through two-factor authentication (2FA) or biometric scans, like codes sent through SMS, fingerprint or facial recognition on a mobile phone.

When signing a legal document, the person must complete an eKYC beforehand, which will perform MyKad and facial verification.

  1. Confidentiality

The documents and communication between the parties are all encrypted so only the owners and authorised signers can view it.

  1. Integrity

A digitally signed document will be cryptography fingerprinted which is tamper-proof. If someone does try to change the document after signing, it can be detected by any tools that can verify the PDF signature, such as Adobe Acrobat Reader and Foxit Reader.

  1. Non-Repudiation 

This means that after all parties have signed a legal document, they can’t deny that they’ve signed it.

When signing a document through SigningCloud, the document will be issued a digital ID by a trusted neutral party known as Certificate Authority (CA) who is licensed by MCMC under Malaysian Digital Signature Act 1997.

The CA also holds all the evidence of the signing and if the case is taken to court, the CA can be called upon as a witness.

To use SigningCloud, all you have to do is register your account and download the app (available on Google Play Store and Apple App Store) onto your mobile device or tablet.

This will allow you to sign anywhere and anytime without any worries. Aside from that, SigningCloud also offers a few additional features that make them stand out from the rest.

Why Use SigningCloud?

For one, Edward claims that SigningCloud is the first publicly available digital signing platform in Malaysia to support multiple licensed CA. They have integrated support to Raffcom and Trustgate, with the 3rd CA coming soon.

Raffcom is a local company providing tech and IT services and they’ve obtained their CA license back in 2018. As for Trustgate, they are a company providing products and services related to internet security and they’ve obtained their CA license back in 2000.

“Imagine before SigningCloud, one can only digitally sign using one chosen CA because the vendors lock their option only with one CA.”

As to why having multiple CA is important, Edward said that it allows the customers to choose the CA they prefer based on their services and pricing.

SigningCloud also runs on a pay-per-use basis for legal documents. But if you’re just signing internal company documents, they have a monthly subscription plan.

Depending on your company size and how much you value tamper-proof internal company documents, you can opt for plans with varying monthly subscription fees.

The pricing plans for SigningCloud / Image Credit: SigningCloud

Unlike the other online sites or apps that you’ve used in the past to sign documents, SigningCloud supports and complies with the Malaysian Digital Signature Act 1997 (DSA 1997). 

The DSA 1997 is overseen by the Malaysian Communications and Multimedia Commission (MCMC) and the act ensures that digital signatures in Malaysia are regulated. 

Last but not least, with digital signatures, your company will not have to waste resources to print, manage or store documents as everything is stored on a secure cloud server.

A Company With A Proven Track Record

Securemetric was incorporated back in 2007 and since then, they have expanded across SEA, with offices in Indonesia, Singapore, Vietnam and the Philippines.

The company is also one of the key players in digital security offering services such as Software Licensing Protection, Public Key Infrastructure (PKI System) and Cryptography.

They’ve implemented PKI systems nationally for over 4 countries in SEA.

And they’ve also handled some big clients such as Lazada and implemented authentication solutions for MyEG, PLCs, Banks and government agencies.

The Securemetric team at one of their previous launches / Image Credit: Securemetric

The company also won many awards in the past. One of their latest awards is the Best of Security award for their Authentication and Public Key Infrastructure products from Cybersecurity Malaysia and MSC APICTA.

As to why they’re focusing on digital signatures, Edward revealed that this has been in their roadmap and one of the key reasons they decided to go for IPO. The IPO then allowed them to raise funds and invest in R&D.

With the additional engineering capacity allowed to them via IPO, they managed to shorten the development timeframe in the creation of SigningCloud.

Featured Image Credit: Securemetric

Subscribe to Vulcan Post Newsletter

Stay updated with our weekly curated news and updates.
 
Read more about our privacy policy here.