Signed, sealed, delivered with Securemetric

Securemetric Bhd CEO Edward Law Seeh Key. Photo by Sam Fong

-A +A

The Covid-19 lockdown measures enforced over the last few months have presented an unprecedented challenge for small businesses in Malaysia. In this regard, companies that lack a cohesive digitalisation strategy are likely to have suffered far more than their more digital-native counterparts.

However, getting to that all-important final stage of a sales funnel - signing on the dotted line - could be an expensive hurdle for even the most sophisticated digital adopter.

This prompted Securemetric Bhd CEO Edward Law Seeh Key and his team to develop SigningCloud, Malaysia’s first cloud-hosted, pay-per-use digital signing platform. According to Law, the ability to digitally sign a contract - thereby, securing the contract - could mean the difference between staying afloat and suffering potentially irreparable cash flow problems.

"Even the best-laid digital plans will be wasted if you can't get your clients to put pen to paper in a timely fashion, and this is particularly true in the current operating environment.

"Suppose you had a customer at the contract signing stage in March, just as the Movement Control Order (MCO) came into force. With all the financial uncertainty over the last few months, a seemingly confirmed client would have probably reprioritised, and moved away from your product or service.

"But with SigningCloud, all you need to do is to upload the document and take simple steps to set up the required signatures. The automated process will prompt the signatories via email and/or mobile app and they can perform the signing of the contract on SigningCloud's portal or mobile app, at which point they would be able to create a highly secure but convenient and easy-to-execute digital signature on the document," says Law.

The potential cost savings alone justify a second look at SigningCloud, adds Law. "By migrating this final part of a business' operations to the digital space, one gets to save on printing costs; travel time to get physical signatures is now drastically reduced; courier services are no longer as important; and there is much less need for physical storage space. Quite simply, SigningCloud is able to automate the signature workflow, while cutting down on the cost and time required to close that big deal."

Two types of digital signatures are offered by SigningCloud:

  1. For Internal Documents, where the digital signature is performed using SigningCloud's digital certificate, which is not compliant with the Malaysia Digital Signature Act 1997 (DSA). This is usually sufficient for an organisation's internal approval process.
  2. DSA-compliant, where the digital signature is performed using a digital certificate issued by one of the Certification Authorities (CAs) licensed by Malaysian Communications and Multimedia Commission (MCMC). This is mandatory for official business transactions such as agreements and contracts.

The DSA-compliant signature means that a contract entered into via SigningCloud is recognised and can be litigated in a Malaysian court in the event of a dispute, according to DSA.

The advantage of a digital signature

A contract entered into via SigningCloud's digital signature capability - unlike the much less secure "electronic signature" (e-signature) or a handwritten variant - is tamper-proof.

An e-signature describes any electronic symbol, process or sound attached to a document used by a person to represent his assent to the agreement.

However, the digital image of a handwritten signature could just as easily be captured on a tablet or smartphone and subsequently pasted onto a document. In fact, an e-signature could be considered valid by merely clicking on a checkbox or typing one's name into a signature box at the end of a soft copy contract.

Unfortunately, this seeming convenience comes at the expense of security, as e-signatures are notoriously prone to misuse and fraud. Without a secure and encrypted authentication process (such as that employed by SigningCloud), there is no way to accurately determine the identity of the human operator who last used the e-signature.

A digital signature, meanwhile, is distinguished by its much higher levels of security and assurance. Digital signatures are built based on Public Key Infrastructure (PKI), which use mathematical algorithms to generate a unique "digital fingerprint" that is embedded in a document.

The signer is required to perform a 2-Factor Authentication (SMS One-Time Password, Mobile OTP, or Push Notification) in order to confirm they are the legitimate signers with the right to perform digital signing on the document using their digital IDs. These unique digital IDs can be issued only by an accredited CA.

CAs are authorised bodies empowered by a government to issue these digital IDs to qualifying individuals. These individuals are then legally permitted to use these digital signatures. CAs in Malaysia fall under the purview of the MCMC.

Generally, an individual user is required to purchase a digital certificate from a licensed CA. There is a recurring annual fee involved, regardless of how often or rarely one uses the signature.

Law explains: "Depending on which CA you choose to sign up with, the annual fees vary accordingly, and can be expensive if all you need to do is sign just a few digital documents a year. This is why digital signatures have not been very popular in the Malaysian market so far.

"However, this is a key competitive advantage that we have at Securemetric. Our SigningCloud product is the first publicly available pay-per-use digital signing platform to support multiple licensed CAs in Malaysia. At present, we have Raffcomm Sdn Bhd and MSC Trustgate.com Sdn Bhd on board, and are set to unveil our third CA partner in the near future."

This means customers do not necessarily have to choose one CA over another. With SigningCloud and, in particular, with its pay-per-use model, a user can decide which CA to go with for that one document, and simply pay for that one digital signing service.

Digital signatures the way forward

Past unpopularity notwithstanding, Law believes he has unlocked the value of the digital signing service for the wider Malaysian business community, thanks to both the choice of CAs and the pay-per-use model.

In addition to this more flexible and cost-effective business model, there are four key elements that characterise a well-built digital signature service such as SigningCloud.

"The first is authenticity: We have in place systems that can immediately authenticate your identity, that you are the person who is required to sign the contract," says Law.

"The second ingredient is confidentiality, thanks to the very strong encryption capabilities afforded by the PKI back end.

"Next is integrity: Documents signed via SigningCloud based on PKI simply cannot be tampered without being noticed. In the event someone tries to surreptitiously alter the document after it is signed, those alterations will cause the signed document to be invalid, thanks to how PKI works. Anyone can simply check the validity of a digitally signed document using any PDF viewer tools such as Adobe Acrobat Reader and Foxit Reader.

"Finally, these contracts are secured against attempts by a party to repudiate or otherwise deny that they are bound by the agreement. In the event of disputes in connection with a legal document signed using digital IDs issued by a licensed CA, they can be heard in a Malaysian court, and the CA can be a forensic witness with supporting evidence for the transaction,” says Law.

The fundamental technology behind SigningCloud's digital signature service is known as PKI. This is a back-end security and encryption system that underpins some of the world's most ubiquitous digital systems.

PKI systems are incredibly effective at facilitating the security fundamental across digital IDs, ePassports, EMV credit cards, e-commerce, internet banking as well as email channels, among others. 

"For example, Apple and Tesla are very dependent on PKI to protect their IT ecosystems. Also, every single Apple device comes pre-installed with a digital ID, which is then able to leverage on PKI security to achieve strong mutual authentication and encryption/decryption when it 'communicates' with the App Store.

"There is a lot of complex cryptography working on the back end to keep your online interactions secure, which is why Apple has a reputation of being a much more secure device manufacturer," Law concludes.

To find out more click here