Digital signatures have made signing the reams of transaction paperwork virtually painless. The ease of signing digitally, however, has created a whole set of different issues that agents, brokers and lenders must monitor to keep their documents secure.
Digital signatures have exacerbated a long-standing problem — long before digital signatures, buyers and sellers were executing documents without reading them. Today, the problem has increased exponentially.
This is especially true in heated markets where there is little inventory, and properties are being bid up well over asking price. Buyers rush to write an offer and are more concerned about being in the running for the property than the details of the purchase contract.
In fact, as you look back over the past 12 months, what percentage of your clients actually read their documents before signing them digitally? Chances are the percentage is small.
A second problem is that digital documents are not always secure, not necessarily due to issues with the digital signature platforms themselves, but due to how the people involved in the transaction fail to take the necessary steps to maintain security.
To understand the nature of these problems, it’s important to first understand the underlying processes that make digital signatures possible.
How digital signatures are validated
Digital signature platforms use electronic authentication methods to verify who is signing a document. According to the National Institute of Standards and Technology (NIST):
“MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence — your credentials — when logging in to an account. … Your credentials must come from two different categories to enhance security — so entering two different passwords would not be considered multi-factor.”
These factors fall into three major categories:
- Knowledge: Something only the user knows such as a password, PIN or where the user was born.
- Possession: Something only the user has such as an ATM card or mobile phone.
- Inherent: Biometric factors such as fingerprint, face, voice or iris recognition.
MFA protects the user from an unknown person who is trying to access the person’s financial assets or personal ID details.
A second approach is to use a third-party authenticator app (TPA) that enables two-factor authentication. These apps constantly refresh a randomly-generated code to verify the user’s identity. For example, if you want to change your email address, most ISPs will text you a six-digit code to verify the authenticity of your request.
Of course, if someone has access to your phone and the password where the document is sent, that person may be able to change your password and access financial or other sensitive information without your knowledge.
Who’s really clicking and signing?
Earlier this year, my brother, my husband and I jointly purchased a condominium. During this transaction, there were at least three occasions where I could have digitally signed for my brother or for my husband on the transaction documents.
Please note: The challenge is not with the digital signing platform. It’s how it was used by the people sending us the documents.
Opportunity No. 1
The first opportunity for a breach occurred when the listing agent sent my brother’s documents to be signed digitally. He was having trouble downloading them due to the age of his computer and the extremely slow connection speed where he was living.
I asked him to send me the documents to see if they matched the paper documents that took almost an hour for my husband and I to sign in person. Once I had matched the documents, it took him only a few minutes to click and sign.
When he sent me the email with the signing instructions, they were crystal clear: DON’T SHARE THIS LINK WITH ANYONE.
I now understand why. I already knew the answers to all the verification questions and was also on title to the home where he was living. It would have been easy for me to use that link to sign the documents for him.
Opportunity No. 2
The second opportunity occurred when the lender sent us one of the many sets of documents required to close the transaction. My brother was owner-occupying the property, and my husband and I were acting as co-signers. The lender sent a separate set of documents to my brother but only sent a single set of documents for my husband and me to sign.
As I was signing the documents, I inadvertently clicked on the wrong initial line and my husband’s initials appeared. I could have easily clicked the remaining signature lines and returned it to the lender.
Opportunity No. 3
The third opportunity occurred with a different set of lender disclosures. When I clicked to open my documents, my husband’s documents were linked in the same signing request. When I clicked on his name, I was able to open his digital documents and could have signed on his behalf as well.
Imagine the potential risks inherent in these situations, especially in a nasty divorce or a family dispute over a will or some other matter. A disgruntled spouse or family member could easily sign for another person if they obtain access to the signing app.
Best practices for minimizing the risks for you and your clients
Although agents are limited in what they can do to protect the digital security of their transactions, you can take the following steps to make sure your clients are reading their digital documents and that those documents are being properly executed.
1. Provide a complete document package for clients to review when you first start working with them
For sellers, include the listing agreement, the agency disclosures, required property disclosures, as well as any retrofit or other state and local requirements. Also include a copy of a completed sample purchase agreement, relevant addenda that may apply to the listing and multiple offer forms, if you’re in a heated market.
For buyers, include the agency disclosure, the purchase agreement and any relevant addenda. If multiple offers are common in your area, include a copy of the multiple offer documentation as well.
Strongly urge all your clients to read the documents — even if it means having to sit with them and answer questions as they read through them.
2. If there’s any type of dispute, have escrow, title and mortgage send separate document packages to each party in the transaction
The signing issues noted above resulted from mortgage and title sending only one set of documents to my husband and me.
Although this is generally not an issue if your clients are on the same page, if there’s any chance of a dispute such as in a divorce or a probate, ask for separate document packages.
3. Never, ever sign anything for your clients
This happens more often than you may realize, especially if one of the principals in the transaction is traveling, or is ill or unable to sign for some other reason. It also happens occasionally when there is an unethical client or agent involved in the transaction.
When you give your clients the document package, ask if they each have a current financial power of attorney in place if it becomes necessary for someone else to sign on their behalf. If not, encourage them to obtain one either through their attorney or through a service such as LegalZoom. By the way, you should never be the person who has the power of attorney.
Also, if a client says, “I can email you the digital signature link and my password — take care of it,” never do so. It can cost you your license.
Chances are most clients will continue to sign their documents without reading them. Note the date that you gave clients their document package, that you encouraged them to read all the documents, and send separate packages to each client if there’s a potential dispute. That’s the best way to minimize the risk to you and your brokerage.
Bernice Ross, President and CEO of BrokerageUP and RealEstateCoach.com, is a national speaker, author and trainer with over 1,000 published articles. Learn about her broker/manager training programs designed for women, by women, at BrokerageUp.com and her new agent sales training at RealEstateCoach.com/newagent.
