Qu’est-ce que EIDAS ?

EIDAS (pour Electronic IDentification And trust Service) est le nom du règlement européen sur l’identification électronique et les services de confiance visant à créer un marché unique des échanges numériques. Depuis le 1er Juillet 2016, ce nouveau règlement vient abroger la Directive 1999/93/CE en y apportant de nombreuses nouveautés. Ce règlement couvre deux axes.

Le premier axe lié à la reconnaissance mutuelle des identités numériques, a pour objectif de supprimer les barrières qui existent entre les pays au niveau de l’identification électronique. Certains pays ont déjà déployé des systèmes d’identification nationaux (comme la carte d’identité électronique) qui sont pour la plupart du temps limités au territoire national. En conséquence et grâce à ce nouvel axe, il sera dès lors possible d’utiliser une carte d’identité d’un pays pour s’authentifier sur un système d’un Etat membre.

Le deuxième axe est lié à la création d’un nouveau marché intérieur des services électroniques de confiance via l’introduction des Services de Confiance – TSP (Trusted Service Provider) en veillant à ce qu’ils puissent être utilisés au-delà des frontières nationales et avoir le même statut juridique d’un pays à l’autre. Un TSP étant une entité apportant des services tels que les signatures électroniques (e-Signatures), les sceaux électroniques (e-Seals), l’horodatage (e-Timestamping), les envois recommandés (e-registry) et l’authentification des sites web. Ces TSP pourront être Qualifiés (QTSP) ou non (TSP). La qualification apportant dans la plupart des cas un renversement de la charge de la preuve par rapport au service apporté.

Un règlement pas une directive

Une directive européenne ne s’applique pas de façon directe, mais laisse aux états membres le choix des moyens et de la forme pour atteindre les objectifs dans les délais fixés.

Un règlement (comme eIDAS) s’applique de façon directe il est ainsi directement applicable dans tous ses éléments au niveau national sans mesure de transposition.

Quelles sont les opportunités offertes par EIDAS au niveau de la signature électronique ?

eIDAS définit (comme la directive 1999/93/CE) 3 niveaux de signature électronique : la signature simple, avancée ou qualifiée. Alors que la signature simple est juste un principe juridique sans force probante, la signature électronique avancée permet de prouver qu’une certaine personne a signé un certain document dans un état défini.

Les signatures qualifiées sont quant à elles les seules signatures qui présentent un effet juridique équivalent à une signature manuscrite.

eIDAS introduit également la possibilité de créer à distance une signature avancée ou qualifiée : l’opération doit s’effectuer sous le contrôle exclusif du signataire, sans que celui-ci ne détienne physiquement le moyen technique qui génère la signature. Il n’est donc plus nécessaire de disposer d’une carte d’identité électronique ou d’une smartcard pour générer une signature qualifiée. Les signatures à distance (via les servies d’un QTSP) peuvent recevoir la même reconnaissance légale qu’une signature effectuée dans un environnement ou le certificat est géré par le client lui-même.

eIDAS définit donc les règles communes pour tous les Etats membres de l’UE. Cela signifie d’une part, qu’une signature électronique qualifiée apposée dans un pays de l’UE est valable dans toute l’UE, d’autre part, que les certificats qualifiés émis à partir d’un QTSP sont également valables dans les autres Etats membres de l’UE.

Concrètement, un juge luxembourgeois devra accepter un cachet ou une signature électronique apposé par un signataire français avec une solution italienne.

Des opportunités de Transformation Digitale

Dans un monde où les sociétés sont poussées par des projets de Transformation Digitale, la règlementation eIDAS tombe à point. Elle offre aux entreprises un règlement européen pour offrir des services d’authentification et de signature harmonisés à travers l’ensemble des Etats membres.

Pour certains documents sensibles, il était bien souvent nécessaire d’imprimer le document pour collecter une signature manuelle par manque de moyens de signature non contraignants.  Cette étape d’impression alourdissait énormément les processus et obligeait généralement le client à se présenter physiquement pour apposer sa signature.

De plus, le Luxembourg, de par son positionnement géographique s’est toujours trouvé limité dans la possibilité d’offrir des services de signature online à des clients géographiquement proches (Belgique, Allemagne, France).

Il n’y a dorénavant plus de flou juridique. La signature électronique qualifiée à distance fournie par les services d’un QTSP a désormais une valeur juridique équivalente à la signature manuscrite.

Dans ce cas, la signature électronique accélère donc les processus, réduit le temps de traitement des transactions et limite les risques d’abandon de processus de contractualisation.

Avantages pour les entreprises

Les banques et les assurances sont les premières entités à bénéficier des avantages offerts par ce nouveau règlement. Grâce à la reconnaissance européenne des moyens d’authentification et à l’harmonisation légale de la signature électronique entre Etats membres, de nouveaux services peuvent aujourd’hui être proposés à des clients grâce à des opérations 100% dématérialisées. Un client pourra dès lors souscrire directement à de nouveaux produits sans devoir se déplacer en agence ou même imprimer des documents pour les envoyer ensuite par courrier, tout cela en gardant un haut niveau de sécurité. Ce nouveau règlement ouvre donc la porte à la création de nouveaux services innovants.

Comment Fujitsu peut supporter les entreprises ?

Fujitsu dispose d’une grande expertise et de nombreuses références liées à la mise en œuvre de solutions de signature électronique. Grâce à sa solution de signature multicanal « Sign’it » et à son intégration stratégique avec des QTSP, Fujitsu propose des solutions et services répondant aux opportunités offertes par eIDAS au monde de l’entreprise.

As I wrote in my previous post Enabling Digital Transformation, Digital Transaction Management is often seen as the one-size-fits-all solution to the digitalization of business transactions and to the enablement of digital transformation.

We all know the story of clothing manufactures and the class action lawsuits that occurred by groups of consumer who came together on a united front to say One size does not fit me!. One-size-fits-most was the sequel that forced you to make a decision. Chances are, if you have to think “will this fit me?” , that one-size-fits-most is not for you. And this how we came to one-size-fits-none.

DTM, like Ford model T, was born in one model and one color. But in the new millennium you want to select your preferred model, size and color. You want a solution to perfectly fit your needs; you don’t want to adapt your needs to the solution provided. From this perspective, there are a number of features you should look at when evaluating a DTM solution:

The specific context and use case; what documents have to be signed; what is the degree of digital literacy of the signer; what country or countries are you in; are you in shop, remote or mobile? These are all questions whose answer can dramatically change the proposed solution.

  • What kind of e-signature you are looking for and what is the legal strength you expect. This may vary by country and is influenced by the type of document to be sig ned.
  • What user experience do you want you have. Would you like the user to sign with a pen on a tablet, to use a local client, to simply click to sign or to enter credentials for a digital certificate?
  • Finally, how do you need the solution to be deployed? Do you want it on the cloud (public or private), fully on premises or a hybrid solution is the right model?

I will look in depth at the points above over the next few weeks.

by Antonio Taurisano – Director, Digital Transaction Management (DTM)

The Swedish Handelsbanken is one of the largest banks in Sweden. 436 branches all across the country take care of private and business clients. The bank puts a high focus on its customer satisfaction. In every day banking, this means that the client should always have the choice in which way he gets in touch with the bank: via phone, online or personally in a branch. In order to get rid of paper-bound processes, Handelsbanken decided to integrate electronic handwritten signatures as part of a fully digital work ow.

Paper-bound processes consume time and money – and have major disadvantages

Mikael From is a Business Architect at Handelsbanken, which acts decentralized, so each branch acts as an independent unit. He has an important job when it comes to standardizing business processes. His job is to overlook the existing processes and make sure that new ones work for the bank as a whole. The target is that Handelsbanken is able to give a unique, consistent customer experience – which should at the same time be user-friendly and efficient. No easy task when faced with a variety of different processes and authorizations, which all imply using paper. Depending on the kind of process, up to 150 pages of paper for the client, 50 pages for archiving were involved and 46 client signatures were needed. For the bank, this meant a lot of time and money. In addition, paper processes are prone to mistakes. As Mikael From puts it: “Our job is to make sure that the right information gets to the right person. If you put a piece of paper in the wrong place, it is as bad as putting it in the bin. You don’t have any chance of finding it later on.”

This situation was the starting point of the search for a solution, which was more efficient, was able to create the right customer experience and fulfill legal requirements at the same time. From day one, it was clear that the new processes had to be digital. Thus, the team looked into different solutions: Iris scan, fingerprint or facial recognition and started with a logon card, which customers could use in the branch to sign certain transactions. All solutions where rated not only from the practical and legal aspect, but also included the question of “Would our customer accept this solution?” The logon card was the first step into the digital world. But soon it proved that it had two major downsides: Firstly, it was not able to become completely paper-free with the card. Secondly, the solution depends on the customer bringing a device with him to the branch.

As the personal signature is a crucial part in all banking processes, Mikael From also checked solutions, which would integrate the personal, handwritten signature into the digital workflow. Soon, the advantage of the signature became clear: Using one’s signature for authorization has been existing for thousands of years, regardless of age or culture. Thus, customer acceptance would not be a problem. In the same way, the handwritten signature has the important benefit that it can be done with a flexible signing device. There is no need for a fixed setup, which could limit the use as for example with the logon card.

Another factor added on to the decision to use the electronic signatures: If somebody signs electronically with his own handwriting, the confirmation of intent is clear. Afterwards, there is no chance of any repudiation or deniability. This makes the electronic signature legally binding in authorization processes. In order to ensure this legal security, it is important that the system not only takes an image of the signature, but also records biometric data such as pressure or speed of writing. This is also important from the IT-security side: The signature is stored together with important data such as the time and date of processing. This means that it is safe against fraud.

Step-by-step project to ensure the highest possible success

Based on its high usability and security, Handelsbanken drew up a list of criteria, which an electronic signature solution needed to fulfill. First on its list was the reliability of the solution. As there are thousands of signatures, which need to be done day by day, the robustness of the hardware is an important asset. Also, the solution should have an international, preferably bank-related track record and finally, it should stick to an ISO-standardization on how the signature is written.

Rather soon, Handelsbanken came across Wacom signature pads with SIGNificant software which allow an easy and seamless integration while ensuring standard conformity. Banks such as Unicredit in Italy, Savings banks in Germany, or Bred in France are already successfully using signature solutions based on Wacom hardware. A Wacom signature pad with the SIGNificant integration layer became the solution of choice. The tablet is small and robust. It features a hard surface, which was an important feature for Handelsbanken. The product has a long product lifetime and a low return rate, guaranteeing a fast return-on-invest. The SIGNificant software layer allows not only a fast, secure and seamless integration into Handelsbanken’s own Web applications, but also ensure full compliancy to the biometric signature data exchange standard ISO/IEC 19794-7.

As Handelsbanken is a decentral organization, the IT team needed the branches’ buy-in to the new solution. Thus, the team went for a step-by-step approach.

First of all, they conducted a workshop with the central question of how an approval process should generally look like. Based on the findings, a prototype was programmed. The software integration layer was provided by Wacom’s partner Xyzmo, recently bought by Namiral GmbH. This solution prototype was taken on a roadshow to branches in all regions of Sweden. Mikael From: “It was important for us that the branches accepted our solution. But it was easy to convince them, we got a very good feedback.” Handelsbanken also integrated some customers into their roadshow. The prototype was slightly adapted after the roadshow based on the feedback from the branches.

Today, about 3,600 signature pads have been installed all across Sweden. 80 per cent of all processes where you can sign electronically are done by using the Wacom signature pads instead of pen and paper. The digitalization of the rest is part of the future planning of Handelsbanken. The signing process is very transparent for the customer. The Handelsbanken employee first shows the customer what he is going in today’s meeting. Then, the customer signs everything. Instead of printing and handing over a lot of paper, all documents are sent to the customer’s electronic mailbox, which every Handelsbanken customer has.

For Mikael From, the project has been a complete success: “Integrating the electronic signature has not been an isolated process. Instead, the electronic signature is a integrated process, which works together with all other processes within the bank.” Besides creating this generic process, Wacom’s signature pads have had significant effects on Handelsbanken’s business.

The most obvious effect is the savings that Handelsbanken managed to make – savings in time as well as money. As Mikael From puts it: “Saving time in a customer meeting is a crucial part. If 20 minutes of a one-hour customer meeting are taken up by administration, this is too much. With the electronic signature, we have gained time for our customers.” Financial savings are closely linked to saving paper, printers and printing materials. It is hard to give an exact calculation, but Mikael From is sure that these savings will quickly pay for the investments done into the electronic signature solution.

Also, Wacom’s signature pads have contributed largely to a fast change in behavior of Handelsbanken’s customers. Most of them make use of the electronic handwritten signature and its possibilities rather than signing the traditional way.

Page 5 of 217« First...34567...Last »