Blog Post

Case Study: How Sysmosoft Uses PSPDFKit to Offer Qualified Electronic Signatures

Illustration: Case Study: How Sysmosoft Uses PSPDFKit to Offer Qualified Electronic Signatures

Sysmosoft is a company based in Switzerland that develops digital signature solutions primarily for the financial sector. Because of the sensitive nature of what financial institutions do, and because of the level of security required, it’s necessary for Sysmosoft to meet high standards of use, confidentiality, security, compliance, and integration.

Sysmosoft relies on the remote signature services of Swisscom to offer qualified electronic signatures to its customers via its app, Let’s Sign. Additionally, the company provides custom development by installing and maintaining on-premises solutions for its customers.

And since 2014, Sysmosoft has used PSPDFKit’s Android, iOS, and Web SDKs in its app to let users view, annotate, sign, and search. This allows its customers to sign banking documents including:

  • Mortgages

  • Investment proposals

  • General terms and conditions

  • Wire transfers

  • ACH transfers

  • Documents required for the lifecycle of customer accounts

“Our product integrates deeply with our customers’ infrastructure, allowing them to leverage the banking system, and resulting in a fully digital process.”— Mark Vincent, Sysmosoft, Partner & Co-Founder

The Challenge

In 2010, Sysmosoft began developing a secure mobile sandbox for banks on iOS and Android. The biggest priority was to create an application with high security. Though the company initially had a number of successful projects, the advantages of secure mobiles sandboxes have become less and less important as the native security level of smartphones has significantly increased. As such, Sysmosoft was faced with the challenge of figuring out how to offer a product that was more business oriented, as opposed to targeting the security of IT departments.

Not long after, the ZertES (CH) and eIDAS (EU) regulations for digital signatures were introduced and instituted. While ZertES applies to Switzerland and eIDAS applies to the EU, both agreements define what an electronic digital signature is and specify how they can be used safely and securely in business transactions.

In Switzerland, the law states that electronic signatures that comply with the following points are recognized as advanced electronic signatures (AES). They:

  • Are uniquely related to their signer

  • Allow the identification of the signatory or holder

  • Were created or generated with resources that are under the sole control of the signatory

  • Are linked to the related data in such a way that any subsequent changes to the data can be recognized

In Switzerland, a QES — which stands for qualified electronic signature — is required for any credit-related documents (e.g. credit card applications, loans, mortgage paperwork), employment contracts, paperwork for medical studies, and financial audits.

To be considered a qualified signature, the following points must also be met:

  • The signing key must be unique and kept confidential.

  • The signing key cannot be guessed, corrupted, or used by a different holder.

  • The signature must use a qualified certificate.

QES offers the highest level of assurance and is recognized as the legal equivalent of a handwritten signature. To ensure a correct implementation of this level of signature, the ETSI has defined standards that EIDAS and ZertES follow.

There are four things that set a QES apart from an AES:

  • It’s the only level of electronic signature that’s equivalent to a handwritten signature.

  • Someone who wants to use a QES must verify their identity in person with an ID and phone number.

  • A person must use two-factor authentication (SCAL2) to provide and confirm their signature.

  • Only companies that have been officially recognized and audited by their respective governments can provide qualified electronic signatures.

However, only five percent of the documents a bank would have to sign require QES. The rest of the time, an AES is sufficient. Because the security of it is a step below QES, it is less expensive and more convenient for the end user.

The complexity involved in balancing the above concerns led Sysmosoft to begin exploring building out its preexisting sandbox into a full application.

Screenshot of a signature request within the Let’s Sign app

The Solution

Sysmosoft needed an SDK solution that would make it easy and frictionless to integrate digital signatures into its app.

“We started to look for an SDK that would ease the integration of digital signatures,” said Partner & Co-Founder Mark Vincent. “We used to develop a legacy product that’s no longer on the market with PSPDFKit, and as we had experience with the company, it made sense to continue working together.”

The main selling points of PSPDFKit for Sysmosoft are:

  • Easy-to-use APIs

  • A reliable product

  • A flexible business product

  • First-class support

Additionally, the company wanted something that offered the same user experience across every platform, along with a highly configurable UI that would allow their customers to set up colors and visual components with ease.

Screenshot of a signed document in the Let’s Sign app

“The consistency of APIs across the platform is without a doubt a great advantage. It allows all our developers to help one another, even if the language is not the same. This results in improved productivity. We also appreciate the dedicated work done to help our use case and facilitate the integration of Switzerland’s biggest QES provider.”— Mark Vincent, Sysmosoft, Partner & Co-Founder

The Results

With its digital signature solutions that comply with QES ZertES and eIDAS regulations, Sysmosoft has been able to help financial institutions automate processes that, in turn, save them time. No longer do they need to print, scan, and mail documents for signatures.

Additionally, enforcing compliance by digitizing these processes saves time that might otherwise be spent on auditing or fixing human errors. According to Vincent, “Customers who have deployed our solution are moving to a paperless philosophy as much as they can — and digital signatures are a big part of that.”

As to the collaboration with PSPDFKit, Sysmosoft is glad to rely on a trusted partner to take care of the implementation of PDF capabilities.

“PDF is not our core business, as our solution targets signatures across various document types,” Vincent said. “As a result, investing so much time in a specific use case would not have made sense, and relying on PSPDFKit’s SDKs makes it easy for us to deliver. And the wonderful support — sometimes even from the Founder himself — has helped us fulfill our customers’ requirements in an efficient manner.”

Related Products
Share Post
Free 60-Day Trial Try PSPDFKit in your app today.
Free Trial

Related Articles

Explore more
CUSTOMER STORIES  |  Security • Case Study

Case Study: How Govenda Uses PSPDFKit to Optimize Board Member Experience and Efficiency

TUTORIALS  |  Android • Kotlin • Security • Signing • PDF • How To

Digital Signing on Android

DEVELOPMENT  |  C++ • Security • Insights

The C++ Lifetime Profile: How It Plans to Make C++ Code Safer