Tools + Intel.

Banking depends on the foundational principle of Know Your Customer (KYC): a regulatory requirement obligating financial institutions to verify the identities of all depositors and borrowers. Historically, after identities were confirmed, banks and credit unions relied on wet-ink signature cards authorizing transactions; however, inadequate verification protocols have led to significant losses, including fraudulent loans, forgeries, wire transfer fraud, money laundering, and regulatory fines.

FROM SIGNATURE CARDS TO DIGITAL VERIFICATION

The shift toward online banking has driven many financial institutions away from using signature cards, replacing them with secure online banking portals and third-party e-signature platforms for identity verification and transaction processing.

Some within the banking industry question whether banks are truly secure in a digital environment. In contrast, others view the digital environment as more secure than traditional wet signatures. Signature cards can be forged by employees, damaged, lost, misplaced, or tampered with by unauthorized parties. Storing physical signature cards also incurs ongoing costs and administrative and training burdens.⁴

CUSTOMER EXPERIENCE AS A COMPETITIVE ADVANTAGE

In today’s competitive banking market, customer experience is a defining factor in attracting and retaining clients. While some still prefer in-person banking services provided at branch locations, most customers now favor mobile banking for its immediacy, accuracy, authenticity, security, and ease of use. Mobile platforms deliver a frictionless experience: Customers can complete loan applications, transfer funds, and deposit checks instantly, functions that once required in-branch visits.⁹

THE RISE OF E-SIGNATURES IN FINANCIAL SERVICES

E-signatures have largely replaced wet signatures in large commercial bank workflows and many community banks. Historically, signatures were primarily used to authorize deposit account transactions, verify legal authority for check signing, or authenticate withdrawals. They were also valuable for internal fraud investigations when disputes arose over the authenticity of checks, withdrawals, or loan documents. Such disputes often include allegations of “that is not my signature” or “that is not what I signed.”

Today, e-signatures support a much broader set of functions, often including:

• Electronic account openings
• Loan applications
• Trust and estate beneficiary changes
• Contracts and vendor agreements
• Bill payments and wire transfers
• Human resource documentation

Leading providers include DocuSign, Adobe Acrobat Sign, Dropbox Sign, and SignNow. E-signatures frequently employ encryption to ensure the integrity and origin of a signature. Under the Uniform Electronic Transaction Act (UETA) of 1999 and the ESIGN ACT of 2000, they carry the same legal weight as wet signatures, as recognized by regulators and the courts.⁶

E-SIGNATURES VS. DIGITAL SIGNATURES: UNDERSTANDING THE DISTINCTION

Although the terms are often conflated, there is a clear difference between e-signatures and digital signatures.

• Electronic Signature (e-Signature): An e-signature is a digital format of a wet-ink signature. Encryption may be included, but is not a defining feature.¹
• Digital Signature: A specialized form of e-signature (also recognized as legal) using Public Key Infrastructure (PKI) to create a unique cryptographic identifier, or “digital fingerprint,” for each document. This process verifies the signer’s identity and the document’s integrity; it is preferable to a paper record as it generates a tamper-evident audit trail with date/time stamps, chain of custody records, and alteration alerts.²

Digital signatures are considered more secure because they combine authentication with data integrity assurance and can serve as a digital vault to protect documents.⁸

DIGITAL RISKS + REAL-WORLD LOSS SCENARIOS

While digital solutions eliminate some traditional vulnerabilities, they also introduce new risks. Several real-world cases illustrate these challenges:

• Identity Theft in Loan Origination: A threat actor used stolen personal identifiable information (PII) to apply for and receive a loan through an online portal. The fraud was uncovered only when the victim received collection notices for missing payments. The lender’s e-signature verification process failed to detect the false identity.
• Business Email Compromise Using a Fake e-Signature Platform: A bank employee received an email that appeared to originate from senior management authorizing a wire transfer. The email was fraudulent, and the link directed the employee to a spoofed e-signature platform. The transfer was completed before the deception was identified. Threat actors have been known to impersonate, or “spoof” email addresses, phone numbers, or even produce deep fakes of video or voice to execute fraudulent financial transactions.
• Vendor Platform Compromise: In 2024, a major e-signature vendor was compromised. The incident exposed user emails, usernames, phone numbers, MFA tokens, API keys, and hashed passwords. While there was no evidence that the contents of customer documents or payment information were accessed, the theft of authentication credentials posed a serious risk, potentially enabling unauthorized parties to sign legally binding documents or launch attacks using impersonated identities.¹⁰

VENDOR SECURITY + CERTIFICATE AUTHORITY VALIDATIO

Most reputable e-signature platforms rely on third-party certificate authorities (CAs) such as DigiCert and GlobalSign to issue digital certificates that provide proof of identity. To strengthen security, many of these may require:

• Government-issued ID and proof of address (KYC documents)
• Multi-factor authentication (MFA)
• Knowledge-based verification (e.g., past addresses, vehicle ownership)
• Biometric verification (facial scans) with liveness detection to prevent facial spoofing

Top-tier providers also limit document access to secure, direct email invitations, often supplemented with one-time SMS codes.

UNDERWRITING + INSURANCE COVERAGE CONSIDERATIONS

How do insurance carriers respond to e-signature risks? As late as the 1990s, insurance carriers required the implementation of signature verification protocols as a condition of underwriting acceptance. Underwriting questionnaires are silent on signature cards, online portals, or other digital platforms today. However, they do pay close attention to cybersecurity controls and callback procedures.

The Financial Institution Bond crime policy’s forgery coverage excludes losses from using digital signatures/e-signatures. This exposure can be insured by purchasing an Electronic Loan Forgery or Alteration Endorsement. It carves back coverage for a loss in which the insured relies in good faith on a document bearing an electronic signature that is either a forgery or has been altered. Coverage is usually contingent upon the insured demonstrating authentication of the e-signature’s security and the signer’s identity using PINs, public keys, cryptographic hashes, or smart card technology. Other financial institution bond policies in today’s market are silent.

ADDITIONAL CRIME + FRAUD EXPOSURES

Digital banking introduces other potential loss exposures for which underwriters can offer coverage solutions:

• Computer Crime Coverage: Threat actors may gain access to the bank’s computer system directly, often via phishing, and alter loan documents, payment instructions, or account records, causing the financial institution to lose money.

• Fraudulent Transfer Instruction Coverage: Malicious wire transfer instructions are commonly received via fax, telephone, or electronic email, purportedly originating from a customer or employee acting on behalf of a customer. Underwriters often require documented callbacks to verified numbers in conjunction with password or PIN authentication and dual authorization for high-value transfers. Most crime policies limit coverage to customer funds, and alternative coverage can be purchased by endorsement covering the fraudulent transfer of the insured’s funds.
  
  These coverages may or may not be available on standalone cyber policies. Primary coverage should be placed on a crime policy as it is generally written on an every-claim basis, with no aggregate limit per insuring agreement. In contrast, most cyber policies impose an aggregate limit. As such, standalone cyber policies are better suited for excess placements over a financial institution's crime policy. In addition, many cyber carriers’ standard wording does not cover loss of client funds concerning fraudulent instruction losses, so it needs to be amended.
• Unauthorized Signature Coverage: Coverage is conditional upon maintaining a customer signature on file, either wet or electronic. It provides protection if someone other than someone whose name and signature are on file as an authorized signer cashes checks drawn on a customer’s deposit account. The signature is authentic, but the circumstances in which it was obtained are fraudulent because the bank customer was somehow tricked into signing a document. It’s important to note that defective signatures should not be confused with fraudulent real property mortgages.

BEST PRACTICES FOR DIGITAL BANKING SECURITY

Even if a financial institution has embraced digital signatures in some form, any bank or credit union should further mitigate this risk by implementing many of the following measures:

• Unique user IDs and strong passwords for all system access
• Multi-factor authentication (MFA) for sensitive activities
• Dual authorization and recorded callbacks requiring PINs and passwords for wire transfers
• Encryption of data at rest and in transit, as well as in all mobile devices and backup storage
• Communicating with clients about how the bank will contact them to thwart phishing attacks
• Ongoing employee fraud prevention and cybersecurity training
• Rigorous vetting of all third-party e-signature platforms and cybersecurity vendors⁷

BOTTOM LINE

Banks and credit unions offering the best user experience will continue to gain and retain clients. Improvements in online banking portals and digital signatures will continue to drive customer satisfaction. While their use may create unique risks, strong security protections using the latest technological advances and following best practices by financial institutions and their vendors can mitigate risk, combined with purchasing the appropriate crime insurance coverage. There is little guidance from regulators or the insurance community, making strong risk management controls necessary. As e-signature solutions evolve, all physical identities may someday be replaced with digital signatures, making any discussion of the continued use of wet signatures less relevant.

A knowledgeable wholesale broker can help retail agents guide financial institution clients through the complexities of digital risk management and crime coverage placement. CRC Specialty’s experienced brokers work with a broad network of carriers, offering insight into pricing, financial strength, coverage forms, and claims handling capabilities. Reach out today for assistance.

CONTRIBUTORS

• Mark Waldeck is an Executive Vice President and Professional Lines Broker with CRC Chicago.

END NOTES

1. What is an Electronic Signature? Adobe https://www.adobe.com/acrobat/business/electronic-signatures.html#:~:text=Upload%20your%20document%2C%20type%20in,downloads%20or%20sign%2Dups%20needed
2. Understanding Digital Signatures, CISA, February 1, 2021. https://www.cisa.gov/news-events/news/understanding-digital-signatures
3. Top eSignature Statistics in 2025, Certinal. June 2025. https://www.certinal.com/blog/top-esignature-statistics-in-2025#:~:text=Cyberattacks%20targeting%20SaaS%20applications%2C%20including,compliance%20risks%2C%20but%20challenges%20remain
4. 7 Things to Look Out for When Using e-Signatures for Banking: 2025 Threat Update, emsigner, January 21, 2025. https://blogs.emsigner.com/how-esignature-management-innovations-drive-business-success
5. Unlocking the Power of Digital Signing: How Banks are Revolutionizing Security and Efficiency, eSignly, July 28, 2025. http://esignly.com/electronic-signature/what-is-the-purpose-of-using-digital-signing-in-the-banking-sector.html#:~:text=Furthermore%2C%20secure%20digital%20signature%20transactions,Increased%20transparency%20and%20efficiency
6. Funds Transfer Fraud: How Coverage Responds. https://www.wisbank.com/the-rise-of-e-signatures-safety-and-legality/
7. Understanding Today’s Wire Transfer Risks, ACI Worldwide. https://www.aciworldwide.com/blog/understanding-todays-wire-transfer-risks
8. Why Digital Signatures Are More Secure Than Wet, Legittai.com. https://legittai.com/blog/digital-signatures-vs-wet-signatures
9. Wet Signature vs. Electronic Signature: Understanding the Differences, DocuWare, November 27, 202 https://start.docuware.com/blog/document-management/wet-signature-vs.-electronic-signature-understanding-the-differences
10. Dropbox Sees Breach of Legally Binding E-Signature Service, Drop Box Sign, June 21, 2024. https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign
11. Largest U.S. Credit Unions by Asset Size (2025), MX Technologies, July 30, 2025. https://www.mx.com/blog/biggest-us-credit-unions-by-asset-size/
12. Largest U.S. Banks by Asset Size (2025), MX Technologies, July 30, 2025. https://www.mx.com/blog/biggest-banks-by-asset-size-united-states/
13. FBI Releases Annual Internet Crime Report, FBI, April 23, 2025. https://www.fbi.gov/news/press-releases/fbi-releases-annual-internet-crime-report#:~:text=The%202024%20Internet%20Crime%20Report,increase%20in%20losses%20from%202023