Text Message Signature is Coming
I had written year ago that there was nothing like text message signatures. I wrote there were only some authorization methods using text messages, but these were always based on previously concluded framework contracts. Nevertheless, the situation has changed since then.
You can find the above-mentioned article here: Electronic Contract Conclusion Methods – Part 2
The Homecredit company (one of the biggest personal loan providers in the Czech Republic) has offered for some time now the possibility of “signing” loan contracts via a code sent in a text message to an unregistered mobile phone number. The owner of the phone number can be a new unknown client unverified in any way. No supplementary paper signature, payment from a verified bank account or other usual method of verifying identity need be provided in an online loan request. Thus, no operation plausibly proving that some particular identified person wittingly did some action by which s/he confirmed agreement with the terms and the will to conclude the contract. Somebody with some phone number who entered some personal data enters into a contract by entering a code received to the given phone number. Or not? Let’s think about that.
Note: All facts and opinions expressed in this article relate to the Czech environment (market and law). While the definitions of the electronic signature and the advanced electronic signature is contained in the directive 1999/93/EC and thus valid for the whole EU, legal standards regarding the contractual relations, contract conclusions and contract forms generally differ, I presume, even throughout the ‘legally unified’ EU, not to mention the rest of the world.
The first question is the credibility of the provided identity. There is really no way to verify whether the person entering personal data truly is the one s/he declares themselves to be. Only the integrity of the data provided and maybe the existence of the person can be verified, but not that it was just this person who entered the received code and clicked the “Ï agree” button.
There are kinds of contracts where the Czech law does not require the written form. Also, there are kinds of contracts where the Czech law expressly states some alternative ways of entering contracts acceptable besides a regular signature, such as insurance contract conclusion by paying the first payment of the premium. But in most cases, these alternative ways cannot be used and contract entry should stick to the general law requesting “concluding the contract in written form”.
Thus, the question is if the contract concluded online by entering a text message code can be considered to be a contract in written form - especially if no document (even electronic) would be created and only some information would be displayed at a particular moment on the screen and a record into database would be written that in this time the “I agree” button was pressed (maybe with additional data such as the IP address, etc.).
The answer offers Section 562 of Civil Code as Amended (translated by the author):
(1) The legal act is retained in writing also when carried out by electronical or by any other means enabling recording its contents and specifying the acting person.
Let’s suppose that an electronic document containing text information or any other record enabling to register the contents as an analogy of classic paper document is created and stored. The next question is whether entering a code received via text message that comes together with additional information (e.g. phone number, IP address,..), inserted into a document, or linked with a data record, is or can be considered to be a “signature” of that document/record (in connection with personal data that are contained in the document/record).
The Civil Code as Amended Section 561 states the folowing (translated by the author):
(1) To confirm the validity of a legal act in writing is required a signature of the acting person. Such a signature can be replaced by a mechanical means where usual. Additional legal regulations stipulate how a legal act needs to be signed when performed by electronic means.
The additional legal act is the Act of Electronic Signature, which defines the electronic signature the following way (translated by the author): data in electronic form, which are attached to or logically associated with a data message and which serve as a method of unique authentication of signed person in connection with the data message
Note: the definition in the directive 1999/93/ES is: data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication
So is it or is it not an electronic signature? This could be a point of discussion. I think I have read an opinion somewhere that text signatures in emails (i.e. stating of name and other information identifying the sender) can be considered to be an electronic signature according the definition. I personally would imagine something different under the term “unique authentication”.
One way or another, if we are talking about a signature as a “means of proving” that somebody agreed to something - which is vital for a contract - we are interested more in a so-called advanced electronic signature, defined in this way (translated by the author):
an electronic signature which meets the following requirements:
1. it is uniquely linked to the signatory;
2. it is capable of identifying the signatory in connection with the data message;
3. it is created using means that the signatory can maintain under his sole control;
4. it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;
Note: Only the third point differs slightly from the definition in the directive 1999/93/ES where is only: it is capable of identifying the signatory.
In my opinion, point number one is particularly not met because the mobile phone number is not uniquely linked with the signatory, respectively with personal data entered by an unknown person declaring s/he is the signatory. The same problem only from a different point of view constitutes the third point. The signature is not created using something that is maintained under the sole control of the person whose personal data is being used. The mobile phone is maintained under sole control by the person who enters this data (declares to be someone).
The result is that, in my opinion, a client has two ways how to contest a contract concluded this way.
S/he can aver that
a) It was not him/her who entered into it
b) The contract was never rightfully concluded
Point a) is not provable at all and I think that also the argument b) may be successful at court.
The question is: Does it matter?
Those who implemented the text message signature were certainly aware of it.
So the answer is probably: Under some circumstances it does not.
It comes to…
Firstly, under some circumstances the problem of unverified (unverifiable) identities can be at least partially solved. In the case of a loan, the money is sent to a bank account. This bank account has an owner, who is mostly verified (by the bank) and his/her personal data can be compared with data entered online during the loan request. Even if the identity in request is false, the money can be claimed back from the actual account owner who provably received it (illegally).
Secondly, there is a Czech saying which states “where is no plaintiff, there is no judge”. If a client has nothing to gain this way, s/he has no reason to argue against the validity of the contract. Let’s assume that there was no identity fraud and a client wants to aver that s/he did not conclude the contract (someone misused his/her data) or that the contract was not concluded rightfully, so it is invalid. Why would s/he do that in case of a loan? S/he obviously needed the money and this way s/he would only achieve that s/he would have to return it all back immediately...which is probably the last thing s/he wants. Only at the end of repayment could it make sense as a trick to avoid paying interest and other fees. But after months of paying installments and “behaviour according to the contract” is it not possible to successfully claim that you did not agree with it (did not request the loan, nor concluded the contract). The only question is if it is possible to successfully claim that the contract is invalid just because of some formal reasons. The real purpose of this behaviour should be obvious, but I am no lawyer.
However, some lost cases should be expected, but here comes the third point: if the consequences of such a loss are not vital and if there will not be many of them, the gains of text message signatures can outweigh the losses. In the case of loans, it is only about risk management, thus nothing new. Borrowed money can always not be repaid, whatever the reason. Few disputes about interest and fees can be acceptable. Most people are not con artists considering how well the loan providers are. You just have to calculate it all well.
On the other hand, what can make sense in case of (small) loans is not necessary usable for other products or kinds of contracts. It is no coincidence that the text message signature was first used for personal loans. The difference is in the level of risk, but most importantly in the subject who is taking the risk. In the case of loans, the risk is taken by the lender. So there is no reason why they should not have the right to decide to take the risk. Let’s compare it, for example, with insurance, where the risk is taken by the client, who in good will pays premiums for years and when/if something happens and s/he should get the money, somebody says that the contract is invalid… This would be unacceptable. Perhaps not for clients (who often are willing to sign anything, especially if they want something – but this also applies rather to loans than e.g. to insurance), but primarily from the perspective of customer protection and institutions that look after it.
Moreover there is one more problem. Let’s say that we have a product where the risk is taken by the provider of that product and that the circumstances are such that clients are not “motivated” to question the validity of the contract enough to do so in an unacceptable number of cases. There are third parties who are motivated to do so. Let’s put aside business rivals, who can deliberately point out the fact that this is not abide by the law and it is dangerous, etc. aiming to damage the good name and credibility of the company. The example of Fees back “movement” shows there are groups that can try to gain profit just from the legal dispute itself, actuate clients, who would never even consider it otherwise, to sue the company and organize collective plaints with a high degree of medialization. This risk is far more substantial and less predictable than “common” disputes with clients.
Note: “Movement” called “fees back” was created by lawyers trying to make fortune on plaints concerning so called “mortgage account administration” fees, which are usually paid in the Czech Republic and mean additional costs for clients besides interest (without any reasonable explanation what the client actually gets for this fee and why s/he should pay it).
What to say in conclusion? All service providers and substantial part of clients would like to have the option to conclude contracts really online not just order the service online and then sign some papers, or first sign traditional paper frame contract and only then be able to conclude (make authorized operations/requests) online. Only few providers have the nerve to try it, because there is no support for it in the law. Only time will tell if text message signatures become the way or if something else is to become the “final” solution of this issue.