11. What formats are acceptable for electronic documents?The eUCP does not specify formats. This is left to the parties to decide. The format chosen must be one that the Beneficiary or other originating party can create and that at least the Nominated Bank, but probably also the Issuing Bank and the Applicant, can read.
Logical candidates, especially if e-mail will be the means of presentation, are Windows versions of Microsoft Word 97 (*.doc), ASCII text (*.txt), and Adobe Acrobat 5.0 (*.pdf). Possibilities for scanned images include graphic image format (*.gif) and bitmaps (*.bmp), but this raises the question of whether or not the Applicant will permit payment against scanned images.
(Note that the banks don’t care and the eUCP does not contain any rule about scanned images, but scanning indicates there is a paper original still in the hands of the Beneficiary and this may raise concerns for the Applicant.) This is just a starting point as any format the parties can agree on is allowed.
12. Can documents be presented as e-mail attachments?
Like formats, the means of presentation must be agreed to by the parties. If e-mail is to be used as the means of presentation, concerns may arise about security. If either the Beneficiary or the Applicant wishes to use secure file transfers, they must be set up with IDs, passwords, etc. in advance. Some banks also offer hosted document creation, at a website, based on purchase order data transmitted to them by the Applicant and then communicated to the Beneficiary - —this also requires set-up in advance.
13. Do faxes qualify as electronic documents?
Faxes fall within the eUCP definition of electronic records. Nonetheless, they are not automatically acceptable. All eUCP credits must specify the format, means of presentation, and means of authentication for each document. Fax is both a format and a means of presentation. Applicant will have to specify fax as an acceptable format and the bank nominated to receive presentation by fax is expected to provide a fax number for the Beneficiary to use. The means of authentication will also have to be specified and can be complex .
14. The eUCP says all electronic documents must be authenticated. Is this equivalent to signing a paper document? How can electronic documents be signed/authenticated?
The eUCP requires that all electronic documents be authenticated in a means that verifies the identity of the signer and, furthermore, that the content of the document is complete and unaltered. The first is proprietary and the second is open.
The proprietary means requires the party creating the documents to use a Website hosted by a bank. In order for this to be allowed, this party must have been set up by the Bank in advance with passwords, smart cards, or other secure means of determining who they are.
When they have completed a document, they would tell the bank, so they can "lock down" the content to make it unalterable. Other banks will probably create competing document creation systems.
The open means involves Identrus digital signatures. As you may be aware, it is now possible to sign documents using electronic certificates that calculate a unique digital signature for a document that is being signed.
This is very similar to how SWIFT authenticators are calculated. Documents can be any data file, including Word documents, Acrobat files, Excel spreadsheets, graphics files, etc. If a single character in a data file that has been signed gets changed, the signature is no longer valid (although you can still open and read the data file).
Quiet a few international banks these days issue Identrus certificates. The certificates are issued on smart cards. As every signer has his own Identrus certificate, you can also tell whose signature has been applied. Any Identrus cardholder, including companies, can verify signatures applied by any other Identrus cardholder. All Identrus cards are issued by Identrus banks—the Identrus rules require the banks to be responsible for the use or misuse of the cards.
More information can be obtained through the Identrus Website,http://www.identrus.com/.
15. From a data integrity and authentication perspective, is it sufficient for an Applicant to simply request that an electronic document be signed without further elaboration?
Theoretically, a PIN code or password included in an electronic document will suffice as an electronic signature. While this may identify the signer, the document is "unsecured" and this means of signing provides no assurance that the document has not been intercepted and changed.
Unless otherwise instructed, the Nominated Bank is responsible for verifying not just the identity of the signer, but also whether the document is complete and unaltered. It is recommended that the Applicant specify means of authentication desired, so the Nominated Bank knows exactly what to do. An Identrus digital signature, for example, identifies the signer and also ensures data integrity (unaltered data) and enforceability (non-repudiation).
eUCP - Anwers to FAQ - Part 1
eUCP - Anwers to FAQ - Part 2
eUCP - Anwers to FAQ - Part 3
eUCP - Anwers to FAQ - Part 4
eUCP - Anwers to FAQ - Part 5 (Final Part)
No comments:
Post a Comment