Skip to content

E-sign, Web Transactions & Digital Signatures

Answered by: 

Question: 
I understand that E-Sign states that web transactions must be similarly authenticated using a electronic signatures. Electronic signatures include, but are not limited to, digital signatures and security codes. In the case of security codes, will the use of one-time password that is used for the particular user session suffice? The user is prompted to provide a one-time password at the beginning of the session, and once again just before submitting the payment (or debit in the case of NACHA).
Answer: 

As stated in some of the legal writings on the subject, the purpose of a digital signature is to "facilitate commerce by enabling a means of reliable electronic messages, minimizing the incidence of forged digital signatures and fraud in electronic commerce, implementing relevant standards, and establishing uniform rules regarding authentication and reliability of electronic messages."

With the use of a one-time password, you have to look at how you would be authenticating the customer's identity. If you assign a password when a user session commences and the user utilizes it later in the session, all you really know is that there is a high likelihood the person who got the password initially is the one using it now. That does nothing to prove the identity of the person who obtained, and used, the password. You must have something further, in my view.
First published on BankersOnline.com 5/20/02

First published on 05/20/2002

Filed under: 
Filed under security as: 
Filed under technology as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics