What types of authentication are available?
Knowledge Based Authentication is one of the most robust authentication methods supported. This type of authentication is accomplished through either asking known information or conducting a third party records search that accesses public records to validate identity. KBA is typically used for high risk documents.
In scenarios where a signer has already been authenticated and will be receiving their pick-up link for signing away from the agent, additional validation can be provided to ensure the person entering the signing is the same person previously authenticated. CIC can display questions and answer pairs that are specific to the signer but unknown to the agent. This process requires the client question and answers to be gathered at some point outside of the originating system, maybe as part of the recovery process for a client web site and sent to CIC in the eSignature communication. CIC will display these questions and validate the answers before the signer is allowed to enter the signing ceremony. This offers another layer of security for firms that have already met with the client and authenticated their identity.
CIC supports many types of authentication/validation of the signer. We can prompt for an access code prior to entering signing as the form of authentication. That access code can be generated by the client signer and passed to CIC in the XML or we either firm can generate a key and pass it to the client for authentication. If CIC generates the unique pin, CIC can utilize a standard SMS text to send the unique pin to the signer’s cell phone. This process requires the client’s phone number is gathered as part of the up-front authentication and form completion and then sent along in the eSignature communication to CIC. Remember, this is for a scenario where the signer is already authenticated with the agent. The agent will gather that person’s cell number as part of that order entry process. CIC will then trigger a unique pin to be sent to the pre-authenticated signer. Without the pin, the signer will be able to click on their pick-up link but they will not be able to access the forms for signature. This offers another layer of security for firms that have already met with the client and authenticated their identity. This is best for signers that have already been authenticated but simply need validation that the person entering the signing process is the person previously authenticated.
User/Signer authentication and/or validation is the process of authenticating that the individual signing is indeed the person expected to sign. There are varying degrees of user authentication that differ based on the risk of the transaction and if the client is previously known.
When determining the level of authentication needed, it is important to determine if the client (signer) is already known (authenticated) and thus the signature process only needs to validate the person signing or if there are unknown personal identifiers about the signer that require a more complete authentication before the signer is permitted to sign the documentation. CIC supports many different authentication options such as shared Q&A, pin codes, codes via SMS text, multi-factor authentication, Single Sign-on, Pass Through Authentication, Token validation, or full 3rd party knowledge match. All these types are valid approaches to meet eSignature legislation.
The level of complexity in the authentication process is typically driven by the level of risk associated with a given transaction. For instance, it's highly unlikely for someone to fund and purchase an annuity under your identification. However, it's highly likely for an individual to initiate a withdrawal from that same annuity pretending to be you, so the level of risk typically dictates the authentication complexity.