Whether electronic or wet ink signature – make sure to mitigate the risk of fraud in the execution of your contract

With the explosion in e-signing over the last four months, organisations have been grappling with the practical issues in shifting to electronic execution of documents – and the potential for fraud. The recent judgment in Marketlend Pty Ltd v Blackburn [2020] NSWDC 358 underscores the potential for fraud, and the need for tight protocols for e-signatures for significant transactions.

A DocuSign account is used

Between November 2017 and January 2018, Marketlend Pty Ltd advanced credit of about $610,000 to Blackburn Caravans Pty Ltd. The company directors were Matthew and Sarah Blackburn, who were married but separated in October 2017.

Marketlend advanced the credit on the basis that the funds would be guaranteed by Matthew and Sarah. The company went into liquidation and Matthew was declared bankrupt, with no significant repayments made to Marketlend. The issue that was determined in the proceedings was whether Sarah used her DocuSign account to execute a particular agreement.

After consideration of the evidence which included DocuSign metadata and mobile phone evidence, Judge Scotting held that Matthew had used Sarah's DocuSign account to sign the agreement.

The first documents and Guarantee were signed on 2 November 2017 by Matthew using Sarah's DocuSign account. Although the documents had not been executed in accordance with Marketlend's compliance procedures, it nonetheless advanced funds on 8 November. Thereafter, Marketlend accepted a series of documents executed by Matthew, who used DocuSign to apply a PDF version or a typescript of Sarah's signature to the documents.

Marketlend's compliance failures

Marketlend failed to ensure compliance with its own procedures in a number of significant respects:

• it accepted the application form despite no identification documents or contact details being provided for Sarah, and no signatures being witnessed;
• it failed to make contact with Sarah as part of the credit check;
• it did not require Sarah to provide a voice sample; and
• after discovering the first documents were not executed in accordance with its compliance procedures, Marketlend did not require re-execution before the loan was settled.

Lessons learnt: eliminate potential pathways to fraud

This case demonstrates that the electronic execution of documents carries a similar risk of fraud as executing documents with wet ink signatures. The more significant the transaction, the more an organisation should be conscious of the possibility of fraud and consider whether to take steps to mitigate this risk.

In particular, organisations should consider upgrading the security protocols involved in personal authentication to use a two-factor authentication method. However, if an organisation has never dealt with a particular signatory before, a fraudster would still be able to circumvent two-factor authentication through controlling both factors being used. For example, a fraudster could specify both a false email address and a false mobile number in order to meet two factor authentication requirements. Organisations should, in respect of significant transactions, where they have never previously dealt with a signatory, consider implementing verification of identity requirements similar to those used for real estate transactions or Anti-Money Laundering "know your customer" checks.