Six Steps to Securely Use eSignatures in the Hospitality Industry
Two decades ago, Congress enacted the ESIGN Act which recognized electronic signatures with the same legal status as physical signatures. However, businesses were still wary of their validity. Today, sentiments toward electronic signatures and digital documents have changed, thanks in part to their conveniences and benefits.
In 2020, electronic signatures needed more than ever for companies to conduct business remotely. Adapting compliance standards allow businesses in any industry to use eSignature platforms to stay effective. The hospitality industry is no exception to following compliance standards and laws. Some of those include the Fair Labor Standards Act (FLSA) for human resources, PCI DSS for customer payment information and The General Data Protection Regulation (GDPR) for companies that do business overseas.
eSignature capability can be a great benefit to hospitality service providers that are looking for new and better ways of doing business. eSignatures are easier and more convenient than ever, allowing you to send documents to get business documents signed immediately. This can have a positive impact on your customer service and satisfaction, which is the number one priority for hospitality businesses. Having digital signatures in a mostly digital business environment can also have a positive effect on overhead, not only reducing costs for paper and other equipment, but saving you time.
While electronic signature capabilities are available in a wide-range of business software, including in PDF readers, there are several factors that need to be considered when choosing a platform for a fully compliant electronic signature.
When determining whether or not an electronic signature is legitimate, ask six questions:
- Do I know who signed the document? (Signer Authentication)
- Do I know they intended to? (Affirmative Act)
- Has there been proper disclosure and consent? (Compliance)
- Has the document been altered in any way? (Document Authentication)
- Is the document electronically accessible to all signers? (Access)
- Can I prove all of this? (Evidence)
Your electronic signature method needs to meet all of these standards to give your signatures authenticity and transparency. Signer authentication allows you to verify signers through multiple identifiers, including IP address. When a signature request is sent, a consent form follows in addition to the documents, to confirm it is an affirmative act and compliant.
The most secure forms of electronic signature utilizes several safety measures to ensure authenticity including digital hashing, encryption, and public key infrastructure. This makes it impossible for a signed document to be unknowingly altered.
Continuous access to the signed document can be provided to all parties involved through a portal, or digital copies can automatically be provided.
Can You Prove It?
This is one of the most important aspects of electronic signatures. In order to prove that an electronic signature is legitimate and that all standards have been met, users need to provide proof and verify the non-repudiation of the signature.
Every time a signature is created, an audit trail for that document needs to be generated, which tells a complete history of that document. This electronic transaction should include information such as the time and date of each relevant activity and the IP address of every computer utilized.
Furthermore, this audit trail document needs to be saved in a form which prevents it from being edited or deleted, whether it’s stored in the same system or with a third-party. In a “write once, read many” format, this makes your electronic signatures compliant to most major standards including the ones enforced by the SEC and FINRA.
Going the Extra Mile With Compliance
Many compliance standards and regulatory bodies require multi-factor authentication methods for electronic signatures, including the IRS. Not only that, but authentication methods that are accepted as indisputable are needed.
Knowledge-Based Authentication (KBA) utilizes information from a third-party to generate a set of questions based on the recipient’s personal identifying information that they must answer before fulfilling the eSignature request. Answers about the recipient are pulled from public information databases. For example, it will require the recipient to identify an address where they previously lived. This means the signer must willingly share personal information with the sender of the signature to generate the questions.
One Time Passcode (OTP) generates a random code that the recipient receives via text message that they must input before fulfilling the eSignature request. A code will be sent to the recipient’s phone which they use to sign the document.
eSignature platforms are proven to be efficient and compliant methods for getting your business’s essential documents signed. However, the rules of digital documents and signatures are different and require steps to ensure their legitimacy. It’s important to know your industry’s specific compliance requirements for eSignatures. Many industries that handle finances and private customer information require more than a simple application that stamps a signature onto the PDF without proper compliance tracking and audit capabilities.
About the Author
Andreas Rivera is a technology writer with experience in both reviewing and marketing tech services and products. His areas of expertise include writing about B2B, SaaS companies and how they best address the pain points of businesses. Since early 2019, he has been the Marketing Content Writer for eFileCabinet and has become well versed in how document management software helps businesses reinvent their manual processes and spur growth.