Financial advisers work with their clients on a large volume of high-value transactions, which generally contain sensitive information, including Social Security numbers, account numbers, personal information and more. As wealth management services have moved to digital platforms, advisers are faced with the added responsibility of protecting their clients' data in an increasingly threatening environment. Clients trust their advisers to not only give them prudent financial advice but to also protect the sensitive data they disclose to them — that's why it's distressing that at least 88% of broker-dealers and 74% of advisers report they have been targeted in cyberattacks, according to the Securities and Exchange Commission.
In an effort to better safeguard clients' data and prevent fraud, many advisers have turned to cloud-based digital signatures — a secure, convenient technology that gives both clients and advisers peace of mind that their data is protected.
(More: 8 ways to protect your advisory firm from cyberattacks)
To effectively defend against fraud and meet industry regulations, the right digital signature for advisers should include the following components:
1. Identity authentication
To protect the integrity of a sensitive document, you must be able to verify the identity of the signer. According to the SEC, 25% of cybersecurity incidents in wealth management that led to losses were a result of employees not following stated identity authentication procedures.
Different identity authentication methods are available, and many firms require signers to utilize two or more authentication methods before accessing private documents, a process known as multi-factor authentication. Some of the most common identity authentication methods include:
•
Email authentication: The signer receives an email with a link to access the document, proving his identity by having access to the email account.
•
Knowledge-based authentication: Before accessing the document, the signer is given multiple questions about information found in 30 years of public records, including credit reports, town hall records and more. The signer must correctly answer a certain number of questions within a designated time frame in order to gain access to the document.
•
Short message service authentication: SMS authentication requires the signer to supply a one-time passcode sent to his mobile phone before he can open the document.
2. Tamper evidence and tamper proofing
Tamper evidence detects any unauthorized change to any part of the document and gives proof that tampering has occurred. Some e-signature technologies provide this once the document is final, but a true digital signature should apply a tamper-evident seal with each and every signature, making every version of the document tamper evident throughout the signing process.
(More: Watch for this new cybersecurity scam, IRS warns)
Additionally, select digital signature technologies can also apply a tamper-proof seal, which turns off all future editing capabilities within the document. This gives you peace of mind that the final document cannot be altered in any way after execution.
3. Legal evidence
If your clients' e-signatures are ever challenged in court, you want to have evidence to support your claim that they are valid and legally binding. With digital signatures, the evidence of the signature is permanently embedded into the signed document—meaning you own the evidence and are not dependent on your relationship with the vendor to prove the validity of a document, even years after the transaction has taken place.
The most legally defensible e-signature products provide a comprehensive audit trail that captures information from the entire signing process, including the date and time a document was submitted for signature, the signer's consent, the IP address of the signer and each step of the entire signing process.
With a versatile and secure digital signature, advisers can strengthen their fraud mitigation efforts and take advantage of the technology in ways that best suit their clients' needs. A standalone, cloud-based digital signature platform can be activated and used immediately. Or for a more automated process, a digital signature can be integrated into existing platforms to create ready-to-sign documents, allowing you to limit manual preparation, incorporate your own branding, take advantage of document workflow features and more.
(More: Adviser's data breach offers cybersecurity lesson)
Pem Guerry is executive vice president of SIGNiX.
