What Is The Digital Signature and How To Verify It

Created by Roxanne Fourie, Modified on Wed, 25 Feb at 6:14 PM by Amy Sara Price

Verify Digital Signature and POPI Consent for Credit Applications (Fabric)

Summary

This article explains how to verify whether a credit application was digitally signed and whether POPI consent was accepted in Fabric.

Prerequisites

Before starting, ensure you have:

•Access to the relevant Fabric workflow/application

•The Digital Signature Verification link (or QR code link)

•The POPI Consent link (if required)

•The applicant/buyer name and the signatory details (if available)

What a digital signature is

A digital signature is a secure digital code attached to an electronic document that verifies:

•the identity of the signer, and

•that the document content has not been changed after signing.

Legal foundation (South Africa)

The document aligns digital signatures to South Africa’s Electronic Communications and Transactions Act (ECTA), which recognizes electronic signatures and electronic agreements.

What the digital signature process proves

The signing process is designed to demonstrate:

•clear intention to sign through an explicit signing action, and

•that the agreement content and supporting reference documents are shown to the user before signing, and then embedded into the signature at the time of signing.

OTP verification (email access + confirmation step)

Identity verification is done through access to the signatory’s email account, including an OTP (one-time pin) step.

This confirms the signer had access to the email address at the time of signing and supports non-repudiation.

Contract types that are not supported

Some agreement types still require a wet signature (physical signature), including:

•sale/transfer of immovable property

•wills and codicils

•bills of exchange

•long-term leases (over 20 years)

•surety agreements

•certain intellectual property agreements and transfers

International expectations the solution supports

The digital signature solution is built to meet key requirements such as:

•the signatory being uniquely identified and linked to the signature

•the signer being the only party able to apply the signature using their

•private key

•tampering being detectable

•any change to signed content invalidating the signatureI

Independent verification via link / QR code

Each signature includes a verification link (often also accessible via a

QR code).

This link performs a deep validation by re-checking the signed content

and referenced files to confirm the signature remains valid.

Technical security methods used

The document describes standard cryptographic methods such as:

•hashing using SHA-256

•encryption using AES 256

•asymmetric encryption using RSA (2048-bit keys)

What is captured in the signature audit trail (“envelope”)

The digital signature record includes key signing details such as:

•hashes of content blocks and referenced files

•selected agreements

•IP address of the signatory

•email address of the signatory

•date/time of signing

•the signature implementation version

Extra security safeguards

Additional safeguards include:

•OTP delivery via secure real-time services

•protection of private keys against misuse

•tamper detection at both overall and item level

•encryption in transit and encryption at rest

Steps to verifying the Digital Signature

1. Open the Digital Signature Verification link by navigating to the Confirmation and Agreements section in the application workflow.

•Copy the Digital Signature Verification link from the application record.

•Open the link in your browser.

This will display:

•1. Signatory Selection: The name selected as signatory from a dropdown (linked to CIPC data).

•2. Signing Email Address: The email address that was used to sign the application.

•3. Last Re-assignment: Who the application was last re-assigned to.

2. Confirm the signature is valid

•Check that the verification page confirms a valid digital signature.

•Confirm the signing record reflects that the application was signed successfully.

•Use this page as independent evidence that the document was signed.

3. Confirm the signed content was not changed

•Review the verification details to ensure the signed content is still valid.

•Confirm that the signature remains valid, which indicates the signed content has not been tampered with after signing.

Steps

4. Confirm the signatory details

•Identify the person who signed on behalf of the company.

•Use this as supporting evidence if the applicant disputes who signed.

5. Confirm POPI Consent (if required)

•Copy the POPI Consent link from the workflow record.

•Open the link in your browser.

6. Document the outcome for dispute resolution

•Save screenshots of the verification page(s), or export to PDF if needed.

•Attach the evidence to the support ticket or dispute response.

•Summarize the findings clearly (example below):

Outcome statement (copy/paste):

“The application was digitally signed and the signature is verifiable via the digital signature verification link. The POPI consent acceptance is also verifiable via the consent link. The verification confirms the signing event and indicates the signed content remained unchanged after signing.”

Troubleshooting

Symptom: The customer says they did not sign the application

Cause: The signer may have been a different internal user within the customer’s organisation, or they may be disputing authority after signing

Resolution: Provide the digital signature verification link and POPI consent link as independent evidence of signing and consent acceptance.

Symptom: The verification link does not load

Cause: The link may be incomplete, expired, or copied incorrectly

Resolution: Re-copy the link directly from the workflow record and try again

What the Application Validation Issue looks like

What the Confirmation and Agreements Section looks like

What the What The Fabric Digital Signing looks like

FAQs

Q: Can the terms and conditions be changed after signing without detection?

A:No. If signed content is changed after signing, the digital signature validation will fail or reflect an invalid signature status.

Q: What does POPI consent confirmation prove?

A:It confirms that the user accepted the POPI consent clause as part of the workflow.

Q: What if the wrong director was selected during signing?

A:If the signing process was completed despite warnings, the digital signature record still reflects who completed the signing action. Any internal authority dispute is the applicant’s internal governance matter

Tags & Metadata

Digital Signature, POPI Consent, Fabric

Supporting documents

Click here for more information

https://www.canva.com/design/DAG_I04C1Lw/FlOp2eBRDHBV3D-0FkPRWg/view?utm_content=DAG_I04C1Lw&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h259f9c2784