IDnow Trust Services AB has become the first QTSP to implement SMS-free remote signing. Discover why that’s important and why IDnow is perfectly placed to deliver the most secure and agile digital signature solution in the market.

Is it any wonder the digital signature market was valued at $7.61 billion in 2024?

Digital signatures offer a raft of business and customer benefits, across multiple industries. For example, in financial services, they’re used to facilitate compliant and legally binding cross-border digital transactions, while in telecommunications, digital signatures are used to agree terms and conditions and conclude contracts.

Often completed in a matter of minutes, without needing to visit stores or schedule appointments, digital signatures couldn’t be simpler to use, or more effective or convenient, could they?

Well, yes, they could, at least according to IDnow. To test our hypothesis, Senior Architect, Sebastian Elfors and other members of the team have been working hard behind the scenes to propose an update to the ‘Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for trust service providers’ standard (ETSI TS 119 431) by the European Telecommunications Standards Institute (ETSI).

“In the past, digital signature services would follow ETSI standards to ensure security and compliance. As these standards were typically designed for longevity, qualified certificates would be valid for 2-3 years. While these long-term qualified certificates were ideal for those who regularly need to sign contracts, such as CEOs, it wasn’t for individuals who only need to sign single agreements or contracts as the user had to be authenticated for every signature,” said Sebastian.

Problems with the way signatures were processed.

To align with the aforementioned ETSI standards, a Qualified Trust Service Provider (QTSP) is required to do the following two steps to issue a valid and legally binding signature:

Identify the user before issuing a certificate

Authenticate the user to create the signature.

As mentioned, requiring a second authentication step for one-time certificates, such as signing a single agreement with a bank or telecom provider, is unnecessary, especially considering identification and signing invariably happens in the same session.

One Time Passwords (OTPs) sent via SMS are a common method of conducting that second authentication step. However, although convenient, OTPs via SMS are also susceptible to fraud as they can be intercepted and spoofed.

3 most common SMS scams.

Smishing (SMS phishing): As the name suggests, smishing is a phishing attack conducted via SMS. Here, fraudsters will send fake messages pretending to be from banks or delivery companies and requesting recipients enter log-in details, which would then be used to gain access to victims’ accounts.

SMS swap fraud: Here, attackers trick telecom providers to transfer a victim’s telephone number to a new SIM card that they already control. In doing so, they receive all OTPs sent to that number, thereby bypassing 2FA.

MITM attacks: Man-in-the-middle attacks work when tech-savvy fraudsters infiltrate telecom systems and intercept messages, which they’re able to read, track locations and, of course, steal authentication codes!

SIM swap fraud, SMS spoofing, MITM and other SMS OTP attacks increased by 12% in 2023 compared to 2021, equating to a staggering $38.95 billion lost globally in 2023.

Besides the risk of fraud, OTPs can also cause significant friction in the onboarding process and ultimately lead to user drop-offs. This tends to happen if OTPs aren’t delivered quickly enough. Of course, SMS OTP delivery delays or failures could also simply be a result of network issues.

Exploring the future of digital signatures.

Clearly, existing legacy digital signature processes for signing contracts or onboarding are cumbersome, involve unnecessary friction, cause delays, user drop-offs and can increase the risk of fraud.

Recognizing these inefficiencies and dangers, IDnow has proposed a time-saving and cost-effective cut to the process, which was officially accepted by ETSI and reflected in the December 2024 update to ETSI’s standard on remote signing.

“We are proud of our contribution in pushing for the standard change at CEN and ETSI. This brings us one step closer to offering a truly optimized remote signing workflow for one-time qualified certificates,” said Johannes Leser, Chief Executive Officer of IDnow Trust Services AB.

As IDnow Trust Services AB is the first QTSP to implement the SMS-free signing flow without OTP, our digital signature products like InstantSign are well placed to benefit from the upcoming digital signature revolution. This is great news for the industry as a whole and provides a significantly improved user experience for the end-user.
Johannes Leser, Chief Executive Officer of IDnow Trust Services AB.

Top 5 benefits of digital signatures.

A more streamlined remote one-time signing experience eliminates lengthy, complicated signing processes, helping businesses maximize conversions with faster process times and an enhanced user experience. Plus, by removing OTPs, businesses reduce the likelihood of fraud and operational risk associated with SMS-based authentication. An SMS-free signing process also significantly reduces friction by allowing users to stay within the signing flow without needing to switch between apps or devices to retrieve OTPs.

What’s more, IDnow’s unique role as founding partner of a QTSP (IDnow Trust Services AB) reduces dependency on third-party providers, eliminating unnecessary steps and increasing operational freedom. Here are the top five benefits that companies can expect from integrating an OTP-less digital signature solution.

Efficiency: Digital signatures eliminate the need for physical documents and paperwork, significantly speeding up processes that would otherwise require mailing, printing and manual processing; enabling documents to be signed and exchanged in an instant. The quality of the data is also increased when transmitting electronic documents, as receivers no longer need to scan documents, which is error prone.

Cost savings: Due to the reduced need for physical storage, postal services, and manual processing, digital signatures save on the costs associated with paper-based processes.

Certified, seamless integration: By offering both identity verification services and secure Trust Services, IDnow’s digital signature solutions boost confidence and trust with every certified, trusted transaction.

Regulatory compliance: As qualified digital signatures carry legal equivalency with wet signatures, they ensure businesses remain compliant with complex regulations like AMLD 6 and eIDAS 2.0 when transacting digitally in the EU.