APPENDIX 2: DRAFT SOCIAL SECURITY (ELECTRONIC
COMMUNICATIONS) ORDER 2011: FURTHER INFORMATION |
Further information from the Department for Work
The references to reducing paper, preventing errors
and fraud in paragraph 7.4 are specific to the software and hardware
being introduced by Jobcentre Plus that will replace certain paper-based
forms and signatures.
How will people provide an electronic signature?
A number of electronic signatures will be taken from
the customer as sample signatures on an electronic signing pad.
The software will store characteristics of that customer signature
such as angle of the pen, pressure applied, speed (including pauses)
etc. When the customer attends the Jobcentre to provide a declaration
of unemployment on a regular basis the electronic signature will
be compared to the sample electronic signatures held. The software
will compare if the customer signature matches.
There will be a reduction in paper because people
in receipt of Jobseeker's Allowance (JSA) will be able to provide
signed declarations that they meet the conditions of entitlement,
and confirm their jobseeker's agreement by means of an electronic
signature (as opposed to a traditional signature on a paper form
as happens now).
The new technology will assist Jobcentre Plus to
confirm that a customer's signature matches specimens previously
given. Basic identification checks will continue to be carried
out ahead of taking a signature. The current process of confirming
a signature is carried out by staff visually comparing two clerical
signatures. The new technology will compare a number of factors
such as the speed at which the signature is written, the pressure
applied, the angle of the pen etc. This makes it virtually impossible
for a customer to be impersonated as the signature will not be
accepted if the factors do not fall within the set boundaries.
On occasions, payments of JSA are made late due to
staff error (confirmation by staff to the IT system to release
a payment is sometimes missed). The error is only picked up when
the customer notices they have not received their payment and
make contact with Jobcentre Plus. Electronic signing aims to eradicate
this type of payment delay by automating the link to the payment
system to release a payment (where one is due), following electronic
confirmation of the customer's signature.
Fraud and security
Officials responsible for delivering the new online
service have been working closely with the private sector, senior
security experts within the Department and the Communications
Electronic Security Group (the Government's national technical
authority) to assess the levels of risk the new online service
might face and introduce appropriate countermeasures. This includes
working to achieve security accreditation in line with the Department's
Information Systems Security Standards to provide assurance that
information and data will be protected and secure. As part of
this work, fraud risk assessments have been carried out to highlight
potential threats to the online service and put in place suitable
tactical and strategic solutions. Accreditation is on course to
be achieved before implementation is due to begin in June 2011.
In addition, advice will be provided to customers on how to protect
themselves and transact securely online with the Department.
Has it been successfully trialled elsewhere -
We are working on refining the technical solution
for Electronic signing. However, there is some precedent on this
'type' of technology.
Similar technology was initially developed and used
in Israel in two banks - Bank Hapoalim and Bank Leumi - they
were the first to use both a biometric and paperless solution
together. The Court of Sao Paolo (Brazil) is currently the biggest
user worldwide and they use the technology to sign off bench warrants
on some 16,000 stations. T- Mobile in the United States has now
started using it to sign contracts from retail locations.
In the UK this technology is not prevalent as banks
have moved significantly toward chip and PIN technology. However,
digital signature pads without biometrics are being used by telecommunications
companies to sign contracts. Some retail companies in the car
industry are also using them for customers to sign Financial Services
Authority (FSA) documents that are periodically audited to ensure
How robust is it - will the machines break
Key to the selection of the final technical solution
for Electronic Signing will be scaleability and robustness of
operation. This is a high volume and critical business process
for customers and staff users. The governance process the project
will need to pass through at each stage of development will ensure
that the design is as robust as possible (in the context of this
being a front line business critical service) Governance will
also ensure that full business continuity and disaster recovery
processes are in place from day one to minimise business risk.
A small scale Proof Of Concept has already been successfully completed,
and during the three month period the technology proved reliable
and no breakdowns were reported. Lessons learned from this POC
have been carried forward to the national project. Additionally,
we would expect suppliers to make use of their previous lessons
learned and industry best practice during the design, deployment
and live running of the solution.
What is the failure rate for the signatures -
how many false results does it produce - e.g. when you know it
is the correct person but the machine fails to recognise the signature
against the initial sample?
The biometric validation of signatures is based on
a number of variables. Sensitivity on the application of the verification
engine can, and will, be set according to agreed business
requirements to strike the right balance between security/fraud
prevention and business practicalities. It is worth remembering
that even if the biometric validation is set within the lowest
set of parameters, this still represents a significant increase
in fraud prevention over the current system which is essentially
clerical. It is also envisaged that within clearly defined and
fully audited boundaries, staff will be able to intervene manually
on the system to accept a signature during the face to face interview
where failure has occurred - for example, perhaps due to temporary
or permanent loss/reduction of hand function.