The Green Sheet Online Edition
October 26, 2009 • Issue 09:10:02
Fortifying e-commerce with signatures
Payment cards were invented decades ago without any real foreknowledge of e-commerce, and many say such cards lack adequate controls for the online medium. But e-commerce platforms have themselves made some changes to make virtual payments safer.
Often those changes involve identifying what features in physical POS environments are absent from e-commerce platforms and figuring out ways to bridge the divide. A product called SignatureLink, from a company of the same name, is designed to do just that.
SignatureLink has taken a long-time hallmark of brick-and-mortar card payments and enhanced it. The service allows online merchants to require that purchasers sign, with a mouse, at the bottom of every transaction. Everything else stays the same - the service is not meant as a replacement to other security features but rather an add-on to existing ones.
"It's analogous to a brick-and-mortar store: You're buying something, you have a point of sale terminal, you swipe your credit card and sign your name," said SignatureLink Inc. Chief Technology Officer Jason Napsky. "We're taking that offline process and enabling companies that sell products online to use our virtual signature pad as the last step in the checkout process.
"You sign your name and click submit, and basically we create an actual image of that signature that you provided. We store it in our system and return a response back to the checkout cart, and the normal payment processing routine prevails from there."
Multiple features of signature captured
According to the company, the electronic signature SignatureLink captures is more complex and less imitable than a conventional signature.
For starters, a certain level of complexity is required: a signature made of a simple dash or a couple straight lines will be rejected by the program, and the user has to sign again. Also, the program captures not only the image of a signature, but also properties relating to the way it is drawn.
"With signatures now it's really just an image," said Napsky. "With SignatureLink, there are other biometric features we capture that make signature comparison of an electronic signature actually stronger than a signature comparison on a piece of paper. We capture other information like the speed of signing, the velocity and the acceleration."
Tracking those properties makes it impossible to forge an online signature by cutting and pasting a stolen one, Napsky added.
Checks signed online in the future?
Surprisingly, SignatureLink cannot, as yet, be used on the payment medium to which it would seem especially well-suited: online checks.
According to Chito Collins, Lead Sales and Marketing Consultant for SignatureLink, Check 21 laws still require that digital checks originate as physical documents, but expansion of Check 21 to allow checks to originate as digital images is coming.
"It's a major enhancement on the functionality of the Check 21 law," she said. "[Its deployment] will be a year-and-a-half to two years, depending on how fast the government works."
Napsky added that while the service was currently being used only to authenticate at the back-end of transactions, it could also be used as a blocker that prevents fraud. Consumers would have their digital signatures stored on file, and online transactions would require that new signatures roughly match existing ones.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.