Continuing with our risk series, we focus our attention this week on authentication, the purpose of which is to keep unauthorized people from signing in your name or gaining access to your executed documents. When you neglect authentication, you are leaving yourself vulnerable to a cyber attack.
Take for example the attack on the US Office of Personnel Management (OPM) –arguably one of the largest cyber attacks ever. Affecting 22 million people, including millions of federal employees with security clearances, this hack put a spotlight on the need to protect personal information like name and address, even fingerprints—not just credit card numbers.
According to the New York Times, OPM did not have two-factor authentication, which left the agency fairly indefensible against a high tech security breach.
Because cyber attacks are on the rise, some people may be skeptical about transitioning from paper documents to digital documents, but think about this: When you sign documents and fax or mail them, you can’t control who picks them up on the receiving end, which can leave your sensitive material vulnerable. Authentication ensures that the eyes viewing the documents have been approved by you.
Authentication isn’t a one-size-fits-all solution. There are several different options based on customer and industry needs, including:
- Email verification
With this method, the signer clicks on a link in an email to be authenticated. This approach is typically best for in low-risk transactions. However, it can be paired with another form of authentication to further mitigate risks.
- Shared questions
With shared questions, the signer is asked to answer more personal questions chosen by the sender, such as the last four digits of an account number or the signer’s mother’s maiden name. The answers to such questions are usually not found in your wallet, which can be stolen.
- Text Message
One of our most popular and user friendly options is text message. With this method, the signer receives a text message on their cell with a random, one-time password to enter before signing.
- Know Your Customer (KYC)
For industries looking to fulfill certain compliance regulations, this is a great option. Signers are prompted to supply their social security number and date of birth. If the SSN is valid and matches with the DOB, the user is verified. This can also be used in conjunction with shared questions to add extra protection
- Knowledge-Based Authentication (KBA)
This is the highest level of authentication, so it’s one of the best solutions for highly sensitive documents where you need to be absolutely certain the correct person is signing it.
With KBA authentication, the signer will have to identify their social security number or date of birth. Once that is verified, the signer will have to answer four multiple choice questions based on 30 years of public records information. An example could be “where did you buy property in 1997?” Once the signer provides the correct answers to all four questions, he is authenticated.
While these options can stand alone, you can further mitigate risk by opting for multi-step authentication, or using a combination of two or more authentication measures. Just like two locks on your door are better than one, two-factor authentication is better than one method. Don’t make the same mistake as OPM and fail to properly protect your sensitive information.