Deported signature on a remote server in the name of the customer is based on a prior identification of the person who signs it. These pieces of information have to be collected and archived in a secure place.
Creation of the Evidence
During all the mandate signature process, elements corresponding to the user interaction with the platform are collected in order to create the “evidence document”. This collection is done at every step. It begins with the creditor’s request to the init web service and ends with the technical validation of the OTU signature that was created.
After the signature of the mandate, the evidence is committed, time-stamped to ensure its integrity and sent to the Worldline Archiving Platform (a legal archiving solution). It will then be possible to retrieve this evidence months or years later with a preserved value.
Content of the Evidence
The evidence is PREMIS-compliant and contains the following information:
-
Signed Request sent by the creditor:
- Identification of the end-user;
- Method and details to get the end-user’s agreement.
-
Technical details on the end-user:
- IP address, browser and accepted languages;
- Date of the different requests.
-
Technical details over the agreement process:
- For a SMS type:
- Text and OTP value sent;
- SMS request id;
- Telephone number;
- OTP value entered by the user;
- Date of each interaction.
- For a EMAIL type:
- Text and OTP value sent;
- Email request id;
- Email address;
- OTP value entered by the user;
- Date of each interaction.
- For a Credit Card type:
- Authorization identifier;
- Masked PAN;
- Amount of the transaction request;
- Date of the authorization.
- For a SMS type:
-
Technical details over the OTU Signature:
- Certificate produced;
- validation of the signed document:
- Digital Signature of the hash of the document;
- Algorithms used.
Litigation
In case of an issue on the mandate signature, the Creditor can retrieve the evidence. As it will have been stored in a legal archiving solution, its validity and integrity will be guaranteed. To retrieve the evidence, the Creditor has to contact the SPS Signature Platform support with a transaction identifier.