Secure Sign

Is the online signer a real person or a bot?

Comment

Inspiration

Pravin is a manager at Gear Goliaths, Houston's #1 best heavy equipment rental. With many longstanding relationships in the community, an expansive fleet, and outstanding customer service, Gear Goliaths has grown into a mighty machine, and customers have been asking for faster turnaround times with paperwork, because time is money. To save both time and money, Gear Goliaths has transitioned from paper-based agreements to online agreements, using the Dropbox Sign platform.

Pravin, who is specifically responsible for lease agreements, is skeptical: How would he know, whether the online signer is the intended person/party and not another person or a bot? Pravin's concern is well founded! In 2022, Javelin & Research found that identity fraud cost US businesses an estimated total of $43 million. Businesses' lose about $2,100 per victim when thieves solely use a victim's established accounts. Credit card fraud, chargeback fees, and credit card processing fees are types of losses to businesses from identity theft. Fake user accounts can be created from scraped contact information online, and identities can be stolen, costing a business additional revenue.

Secure Sign protects all parties, both the business and the consumer, providing a seamless and secure customer experience for identity proofing and authentication. The Secure Sign process will help Pravin to gain confidence on the authenticity and validity of the signer. The identification verification lifecycle is composed of three parts, verification (the account is created by a person who is the actual person), authentication (the person who created the account is the same one accessing the account), and authorization (the person accessing the account is the person who created it, and is allowed certain permissions).

Meanwhile, Marie Michelle, a new customer, reached out to Gear Goliaths, requesting a water motor pump for a month's lease. Pravin sets up the rental agreement using the Dropbox Sign platform, creates the signature field for Marie's signature, and an additional placeholder for Marie to upload a photo ID. Secure Sign sends Marie Michelle an email, sharing a link to review and sign the rental agreement, and instructions on uploading a photo ID for verification and authentication. Additionally she will take two photos in real time (from her mobile web camera) to authenticate her identity. It is then sent back to Pravin for review.

Pravin receives the returned signed agreement with Marie Michelle's signature and her photo ID embedded in the document itself, along with real time photos. Having seen Marie Michelle's real time photo and photo ID, Pravin is assured that Mary Michelle is a real person, and the authentication bot has successfully matched Mary Michelle's uploaded photo ID to her photos taken in real time. This quick turnaround time saves Marie Michelle time from having to go onsite to Gear Goliaths to verify her identity in person, and assists Gear Goliaths in alleviating identity fraud and saving potential lost revenue. With the artificial intelligence authentication bot built into Secure Sign, it will save Gear Goliath time from having to file additional paperwork, and allow them more time to focus on sending needed equipment to their customers.

What it does

Secure Sign is a web app that helps business owners securely send business agreements to customers in minutes, getting the signer's photo ID and digital signature, embedded in the agreement document itself. Signers also have an additional layer of security, where an authorization bot uses facial recognition software to match the signer's photo in real time to the submitted photo ID. This process will increase revenue for businesses, as they are able to quickly verify customers, and receive their signed documents in a timely manner. It provides convenience for customers, who no longer need to physically go in person to sign documents and be verified, allowing for both parties to save time and improve efficiencies.

The authorization bot uses biometric technology and facial recognition to match the signer's photo in real time to their photo ID. The biometric scan checks for fake webcams and emulators that may have been used. AI-generated deep fakes are becoming more challenging and realistic, and Regula estimates that 91% of organizations in the US believe it to be an escalating danger. CTO of Regula, Ihar Kilashchou has noted that it is currently impossible for deepfakes to be created that display dynamic behavior, verifying the liveliness of an object, in addition to cross-validating user information with biometric checks and recent transactions can ensure a more thorough verification process.

How we built it

We started by exploring the key online signature platforms and solutions, including DocuSign and Dropbox Sign, from the end-user point of view.

Next we explored various resources available for developers, especially sample code provided on Github by Dropbox. We were able to build and run the provided Javascript sample code successfully.

Getting the signer's photo ID embedded in the document along with the signature, was achieved by setting up two signature fields in the document - the first for getting the signature in the usual drawing or typed format.

The second signature field is specifically meant to use the "Upload photo" feature. This feature provided by Dropbox is intended to upload the signature photo. But it can also be used to upload other photos such as photo ID. The uploaded photo needs to be less than 40 MB in size.

For facial recognition from the photo ID embedded in the document, we used the javacript library face-api.js from Github. This library uses machine learning models for real-time face detection.

Challenges we ran into

Initially, putting together a team was the first challenge, as we are in different time zones (India and the US). After teaming up, coming up with the initial piece to improve Dropbox was a challenge.

Accomplishments that we're proud of

We are proud of how much we've learned in a short time! (details below)

What we learned

Prior to this hackathon, we had only a vague notion of online signature solutions. That too, we were mostly aware of DocuSign and Adobe Sign. At that point of time, we didn't even know that Dropbox had an online signature platform, in addition to it's online storage business. Sifting through the Dropbox Sign, resources tab, we were excited to see the many use cases and testimonials from various companies that have used Dropbox Sign, and how it has streamlined their onboarding processes, and signed paperwork within minutes. We learned about the various integrations that Dropbox had, and was quite impressed.

We've learned a lot since then about Dropbox Sign, and feel that the best is yet to come!

What's next for Secure Sign

The future for Secure Sign will be to sign agreements and other documents using biometrics. The specific biometric used for signature will depend on the underlying capabilities of the user device. e.g. On devices with front camera or webcam, Secure Sign will support "face signature". On devices with fingerprint sensor, Secure Sign will support "fingerprint signature".

Secure Sign will use "Secure Vault" a secure storage solution on Dropbox to manage user biometrics such as face, fingerprint, iris, voice and other biometric data used for real-time user identity verification and authentication. This will be in compliance with applicable security, privacy and other laws and standards, as required. The machine learning models that currently work with real-time facial data, would be extended to work with the other supported biometric data, such as fingerprint, iris, voice and so on.

Built With

Share this project:

Updates