DigiCert Battles AI Fraud with Unified, Secure Document Signing

DigiCert has announced updates to its Document Trust Manager to deal with AI Fraud. Document fraud is on the rise, driven by generative AI. It has exposed the vulnerability of digital documents and signing solutions. While enterprise adoption of eSignatures is up 400% since 2019, global fraud has risen faster. DigiCert says that this has to change, which is underpinning the updates to its DTM.

Deepika Chauhan, Chief Product Officer at DigiCert, said, “AI is making document fraud faster, cheaper, and harder to detect.

“Organizations can’t rely on visual trust anymore. They need cryptographic proof of who signed a document and that it hasn’t been altered. That’s what Document Trust Manager delivers at scale.”

How is DigiCert changing this?

One of the problems contributing to fraud is the way traditional signing tools work. To meet the requirements of standards such as AATL and eIDAS, they use distributed infrastructures. That creates fragmented processes across business units and regulatory environments. Those silos create risks, including lost keys and unmonitored activity.

The DigiCert Document Trust Manager is changing that. It is a single secure platform combining signing workflows and signing key management. As a single platform, it removed the problem of fragmentation and makes it easier to meet compliance requirements.

• Unified Workflow & Centralised Visibility: Enterprise-wide monitoring of signing activity through a single view. Managers and auditors can now track who signed what and when, and see any potential unauthorised document-signing activity.
• Secure Certificate and Private Key Repository: Centralised, protected storage for document signing certificates and private keys, eliminating reliance on physical USB tokens and reducing risk of loss or misuse. In line with security best practices, Multi Factor Authentication is required to log on and sign documents.
• Pre-Integrated Signing: Seamless integration with DocuSign, Adobe Sign, Adobe Acrobat, and desktop signing tools, enabling organisations to maintain existing processes while upgrading security.
• Online counter signing: DigiCert Secure Sign offers users the ability to counter-sign with multiple orders in the signing process without using an external signing flow.

Many of these features can be found, in part, in other solutions. But the key is the integration of everything into a single platform, and with digital signing tools. It creates simplicity and reduces the risk surface.

A boost for EMEA customers

DigiCert is specifically targeting heavily regulated industries, especially in EMEA. There are two drivers for this, digital identity and electronic signing requirements. The first is regulators who are increasingly adding these requirements into legislation that must be complied with. The second is the growth in AI-driven fraud. This ranges from invoices to deepfakes.

The Document Trust Manager addresses these with multiple features. Verify Signer Identity has web-based and mobile capabilities to provide secure, remote authentication. With people continuing to work-from-home, this is a key feature to prevent deepfakes.

There is support for PKI-backed signatures across multiple regulations. The first is eIDAS2, which introduces a European Digital Identity (EUDI) wallet for every citizen. This will make it easier for them to share digital credentials.

The second is support for the Swiss Federal law, ZertES. It is similar to the EU eIDAS regulation and sets out a framework for the provision of certification services.

The third is AATL, the Adobe Approved Trust List. This maintains a list of trustworthy digital certificate issuers for Adobe Acrobat and Adobe Reader. A key provision of this list is that is has to be refreshed every 90 days.

As a centralised platform, Document Trust Manager creates a single source of truth. It logs every signature and protects every key. It also provides secure, compliant workflows that cover office, remote and hybrid environments. That reduces the risk of an attacker attempting to inject a fake document or signature via endpoints.

Enterprise Times: What does this mean?

Digital identity and signatures are under constant attack. Each successful attack erodes trust and impacts businesses. Without the right tools to detect fraud, insurers are less likely to cover losses. Additionally, the reputational damage to organisations grows, bringing the risk of significant financial damage.

DigiCert is looking to remove the problem of fragmented infrastructures that introduce risk. It is also increasing its support for global standards, especially eIDAS2, which is a major regulatory push inside Europe.

Early adopters of these features are more likely to be customers operating in Europe or with significant business units in Europe. What will be interesting is what is added next? eIDAS2 is not the only digital wallet plan worldwide. Will DigiCert now look to support all of those that are beginning to emerge?

The post DigiCert Battles AI Fraud with Unified, Secure Document Signing appeared first on Enterprise Times.