Signer ID: How to Verify Who Signed a Document
Understanding Signer Identification in e-Signing
When a document is signed electronically, the most important question is not whether it was signed — it is who signed it. Signer ID is the combination of methods and evidence used to identify and verify the person who applied a signature. Without reliable signer identification, an electronic signature is just a drawing on a screen.
What is a Signer ID?
A signer ID is the set of information that links an electronic signature to a specific individual. This includes:
- Identifying information — the signer's name, email address, and phone number
- Verification evidence — how the signer's identity was confirmed (email delivery, SMS code, biometric check)
- Contextual data — IP address, device information, browser, operating system, timestamp, and geographic location
- Behavioural evidence — the signer's actions: when they opened the document, how long they reviewed it, when they signed
Together, these elements create a unique profile for each signer that can be used to prove who signed a document if it is ever disputed.
Why Signer ID Matters
Legal enforceability. For an electronic signature to be legally binding, you must be able to demonstrate that a specific person signed the document. Courts and arbitrators look for evidence that the signer was identified and that the identification was reliable.
Fraud prevention. Without signer verification, anyone with access to a signing link could sign on behalf of someone else. Signer ID methods make impersonation significantly harder.
Non-repudiation. A signer should not be able to credibly deny signing a document. Strong signer ID evidence — a verified email address, an SMS code sent to their phone, a biometric check — makes denial implausible.
Regulatory compliance. Industries like healthcare, finance, and legal services have specific requirements for signer identification. Meeting these requirements protects your business from regulatory penalties.
Signer Identification Methods
Different situations call for different levels of identification. The key is matching the method to the risk:
Email-based identification. The signer receives the document at their email address. Accessing the document proves they have access to that email account. This is sufficient for most business documents where the parties know each other — you send a contract to a known client's email, and the fact that they accessed and signed from that email is reasonable proof of identity.
SMS one-time password (OTP). The signer must enter a code sent to their mobile phone before they can sign. This adds a second factor: the signer must have access to both their email (to receive the document) and their phone (to enter the code). SMS OTP is appropriate when the document is higher value or when the signer is not someone you interact with regularly.
Biometric passkeys. The signer verifies their identity using Face ID, Touch ID, or a fingerprint reader. This ties the signature to the signer's physical characteristics — a strong form of identification that is extremely difficult to forge. Passkeys are particularly useful for high-value documents or situations where you need maximum confidence in signer identity.
Knowledge-based authentication. Asking the signer to answer questions that only they would know (date of birth, last four digits of a reference number, etc.). This can supplement other methods but is weaker on its own because the answers may be guessable or available from public sources.
IP and device logging. Recording the signer's IP address, browser, operating system, and device type. This does not verify identity by itself but creates a forensic trail that can corroborate other identification evidence.
How Much Identification Do You Need?
The answer depends on the document and the relationship:
| Scenario | Recommended Identification |
|---|---|
| Internal document between known employees | Email delivery + audit trail |
| Standard business contract with known client | Email delivery + audit trail |
| Agreement with a new or unknown party | Email + SMS verification |
| High-value contract or legal agreement | Email + SMS + audit trail |
| Regulated industry (healthcare, finance) | Email + SMS or biometric passkey |
| One-off transaction with no prior relationship | Maximum verification available |
Over-identifying is a waste of time and creates friction for signers. Under-identifying creates legal risk. The goal is proportionate identification — enough to prove who signed, without making the signing process unnecessarily complicated.
How GoodSign Handles Signer ID
GoodSign provides multiple identification methods that you can mix and match based on the document's requirements.
Email verification. Every signer receives a unique, secure link to their email address. The link is tied to that specific signer and that specific document — it cannot be reused or transferred. The fact that the signer accessed the document from this link is recorded in the audit trail.
SMS verification. Enable SMS one-time passwords for any or all signers. Before they can access the document, they must enter a code sent to their registered phone number. You can require SMS verification for some signers (e.g., external parties) and not others (e.g., internal team members signing the same document).
Biometric passkeys. GoodSign supports WebAuthn passkey authentication — signers can verify their identity with Face ID, Touch ID, or a fingerprint on their device. This provides hardware-backed identity verification without requiring the signer to manage certificates or remember passwords.
Comprehensive audit trail. Every document records each signer's complete identification data: email address, IP address, device and browser information, timestamp of every action (opened, viewed, signed), and the verification method used. This audit trail is permanently attached to the signed document.
Per-signer configuration. Different signers on the same document can have different verification requirements. Require SMS verification for the external client but not for your internal countersigner. This flexibility lets you apply the right level of identification to each signer without over-burdening anyone.
No signer accounts. Signers do not need to create a GoodSign account to prove their identity. Verification happens through the methods you configure — email links, SMS codes, or passkeys — without asking signers to register for yet another service.
All signer identification features are included at $1.50 per envelope sent. There is no extra charge for SMS verification or passkey authentication, and no per-user fees for your team.
Best Practices for Signer Identification
- Match the method to the risk. A routine internal approval does not need the same identification as a multi-million dollar contract.
- Be consistent. Apply the same identification requirements to the same type of document every time. Inconsistency creates legal uncertainty.
- Document your policy. Write down which identification methods you require for which document types. If a signature is ever challenged, your consistent application of identification standards strengthens your position.
- Keep signers informed. Tell signers in advance if they will need to enter an SMS code or use a passkey. Surprises during signing cause delays and confusion.
- Review periodically. As your business grows and your document types evolve, revisit your identification requirements. What was appropriate for a five-person company may need updating when you have fifty employees and hundreds of external signers.