HAVING built itself as a regional IT security player catering to banks and governments, Securemetric Bhd has set its eyes on a new growth area – digital signatures.
While the concept is not new, the need for an easy to use and affordable application that complies with existing laws for digital signatures is what Securemetric is aiming to fulfil.
Edward Law, the founder and CEO of Securemetric tells StarBizWeek that digital signatures are like a missing puzzle for corporations embarking on their digital transformation journey, a journey that had been hastened globally due to the coronavirus pandemic.
“As companies and even individuals embrace the usage of digital technology, a missing link is on how one gets to remotely and legally authorise business transactions or sign legal documents?” Law points out.
On the onset, Law explains the need to distinguish between electronic signatures and digital signatures.
Electronic signatures typically take the form of using your smartphone to capture the image of your handwritten signature and pasting it into the soft copy of a document.
“So you can imagine how basic and unsecure it is. Digital signatures are quite a different thing. They have a much higher level of security. It entails using mathematical algorithms to generate a unique digital fingerprint embedded into a document. The signer is required to have a digital ID that is issued by a licensed Certification Authority or CA in compliance with local laws, which in Malaysia’s case is the Digital Signature Act 1997 (DSA). A digital signature is far more secure than an electronic signature as the latter has characteristics of authenticity, integrity, confidentiality and non-repudiation. It is much easier to prove who had signed the document, when they signed and that their credentials were valid at the time of signing, even many years later.”
So if one can already use services provided by licensed CAs in Malaysia – there are four in Malaysia and Securemetric is not one of them – what exactly is the latter’s value proposition?
“We have painstakingly built an application that brings digital signatures to the market in an easy to use and affordable way. We could only do this because of our history as an IT security provider for major corporations and regional governments. We live and breathe security technology and innovation, which puts us in a unique position to bring digital signatures to the market as a trusted intermediary. And our pricing for the service is like the icing on the cake as we are making it affordable, ” quips Law.
The soon-to-be-launched SigningCloud service has embedded the necessary partners from CAs to electronic know your customer (eKYC) providers into the application, in order to give the user a seamless experience.
“Users just need to upload the documents that need signing, state who the signatories are to be and go through a few settings. After that, SigningCloud takes over the role of ‘chasing for signatures’ as signers will be notified by email and will need to click the given link to perform their registration and signing. That’s why our pitch goes like this: No more paper printing, no more physical dispatching of documents, no more calls to remind bosses to sign, and no more filing cabinets, ” says Law.
He adds that the value proposition lies in the ease at which users can sign their documents from their PCs or mobile devices, anytime, anywhere. “Now everyone can sign” is another tagline Securemetric is using in promoting their service.
Law says SigningCloud has a huge use case across various industries.
“Some basic examples are company secretarial firms who often need their director clients to sign forms. All professional services firms providing accounting and legal services will enjoy significant efficiencies and competitive advantages if they use our service. At the consumer level, think of how your children’s school and university forms that you need to sign.
“Or having to go to the hospital to pick up a signed prescription from your parent’s physician. All this can be done securely using SigningCloud and emails. The usefulness of digital signatures is made more clear during these difficult times of the pandemic, ” notes Law.
He adds that the service costs as low as RM2 per DSA compliant document. “In addition, we are offering the service for free for up to five internal documents which do not have to be DSA compliant, but which will be using the digital ID issued by SigningCloud.”
Law says that Securemetric has over the last few years implemented a number of Public Key Infrastructure (PKI) projects for governments, banks and multinational companies and lays claim to being one of the leading PKI solution providers in the region.
This includes building projects for the governments of the Philippines, Indonesia, Vietnam, Tunisia, Egypt and Hong Kong.
Going forward, Securemetric aims to replicate its SigningCloud model in other South-East Asian countries by working with the licensed agencies there to fulfil local legal requirements.
“The ultimate goal is to make SigningCloud a cross-border digital signing platform that complies with all the respective regulations. This way, a user in Malaysia can digitally sign a document with his counterparty in a regional country, all within the perimeters of both countries’ laws.”
One of the globally leading names in digital signatures is US based DocuSign Inc, which has seen a significant rise in its take-up rate during the pandemic. Analysts in the US point out that DocuSign has been enjoying robust demand amid the Covid-19 pandemic, which has accelerated many companies’ shift to digital strategies. DocuSign has been instrumental in helping businesses maintain contactless agreement processes while practising social distancing. Listed on Nasdaq since April 2018, DocuSign has seen its share price rise significantly since the onset of the coronavirus, to command a market capitalisation of US$36.4bil (RM155bil).
While DocuSign has users all over the world, including Malaysia, the one key difference between its service and Securemetric’s SigningCloud is that the latter is fully locally integrated in the sense that it is in full compliance with Malaysia’s DSA.
“In order to do that, SigningCloud has had to integrate with licensed CAs in Malaysia. Our system supports remote encrypted key generation and storage and doing all this within the protected environment of the said CAs’ data centre, as stipulated by the law.”