How do I know that the recipient is the intended recipient?

Every DocuSign document is sent to the recipient's email account, which requires a password for logging in. Other details such as the time and date of signing and sequence of signing are also captured in audit trial. A DocuSign administrator or can choose to impose stricter requirements and require all recipients to pass an authentication check before they can access and sign on any document sent from the account. If customer's business case requires a higher threshold for recipients to prove their identity, then use authentication. The additional methods are:

  1. Access code - Access code can be requested, which can be delivered over SMS, phone call or another secure method by the sender before the recipient can sign the document (More info). The signer can enter the incorrect code up to three times before the document needs to be resent. Only this method is available in ANZ and SEA.
  2. ID check - which requires the signer to enter a series of personal question, such as the previous home address that is available through public domain (US only)
  3. Knowledge-Based (KBA), which requires the recipient to answer detailed questions about themselves, based on data available in public records. (US only)