Challenges remain before companies can reap the full benefits of E-signatures. Businesses have to decide how to secure such transactions and retool online applications to accept and store them. But no one doubts that in the coming years, more businesses and consumers will be signing legal documents on the digital line.

Online brokerage Ameritrade Inc. welcomes the e-Sign Act, which goes into effect Oct. 1. "This is great for us," says James Ditmore, CIO at the Omaha, Neb., company, which is ready to let customers open accounts without faxing their signatures. That's a big deal--industry observers estimate financial, insurance, and retail companies fail to acquire as customers 35% to 40% of the people who express interest in setting up online accounts because they don't fax or mail back the requisite signed contracts.

"This is a watershed moment," says Frank Prince, a security analyst at Forrester Research. Even though E-signatures are already legally binding in more than 40 states, differences over what constitutes such a signature in each state have kept some companies from supporting digital John Hancocks. That's one reason Ameritrade hasn't introduced E-signatures as an option for opening accounts or requesting checks, though it's been looking at doing so for almost a year.

National City Bank of Cleveland has also shied away from deploying electronic signatures for anything other than internal applications--despite the fact that using E-signatures in new customer-relationship management and workflow procedures has increased efficiency, cut labor and supply costs, and improved client service by 50%, says Libby Lewis, senior VP of National City's Private Investment Advisors Resource Center. "Employees used to spend about half their time either finding files or filling out forms," she says.

The e-Sign Act clears things up--to an extent. It states that an electronic signature is whatever two entities agree it is: The signature may be "an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record."

An E-signature can simply be a typed name individuals attach to an E-mail message. Or it can be more sophisticated, such as a digitized image of a signature that's linked to a mathematical algorithm that verifies the authenticity of an online document; if the document is altered after signing, the signature is broken and invalid. For now, such sophisticated capability likely will be pushed to customers by the companies they do business with. But mass-market technology may be on the way. Last week, Silanis Technology Inc., a provider of enterprise electronic-signature software, spun off onSign.com, a division to distribute E-signature software to consumers and small businesses.

Companies could also let passwords or PINs serve as E-signatures. For example, after customers place an order, they would be asked for an ID or password; once that's been entered, the document would be legally "signed."

But while the e-Sign Act opens the door for more companies to adopt E-signatures, not all businesses are planning broad implementations. Williams Communications Group Inc. has seen substantial savings from using E-signatures internally, but the telecommunications vendor isn't ready to rely on them for business-to-business transactions. The Tulsa, Okla., company uses Silanis' ApproveIT E-signature software and electronic forms in Microsoft Office to create a paperless environment for documents that need approval, such as expense forms. One division slashed 80% in overnight delivery costs.

But using the system with clients and business partners--and getting them to agree on E-signature policies--is another matter. "The possibility is there," says Alan Creekmore, Williams' senior manager of operational integrity. "It's the procedures and policies you have to put in place when dealing with multiple partners that get tricky."

Most observers say that a signature text block in an E-mail will serve for only the simplest transactions between individuals. "Among large businesses, it's generally agreed that digital certificates used with electronic signatures offer the appropriate security threshold," says Bob Pratt, director of product marketing for public key encryption provider VeriSign Inc. Digital certificates are "envelopes" within which E-signatures can be embedded.

Ameritrade may be counted among this group. In preparation for adopting E-signatures, it struck a deal with VeriSign to issue digital certificates to clients to verify that a document's sender is who he says he is.

As digital certificates take on a bigger role in online transactions, the need for a third-party clearinghouse to track the validity of the certificates will increase, says Peter Osborne, partner-in-charge for E-business at Deloitte & Touche LLC. "If you just received an order from someone electronically, with their signature wrapped in a digital certificate, how do you know the certificate is still valid?" he asks. "That person may have left their job and no longer have authority to purchase."

DCH Health, a startup application service provider that offers back-office support for the online and brick-and-mortar retail pharmacy industry, already uses E-signatures and digital certificates on pharmacy-related documents. The Plano, Texas, company began developing its PharmaLinx pharmacy administration system more than a year ago; it's used by 10 pharmacies nationwide, and the company expects to sign 1,700 more soon. "We moved forward with faith that the laws would catch up with the technology," says Chris Blackley, the company's president and CEO.

It wasn't difficult to set up PharmaLinx to support E-signatures, Blackley says, although making software ready is a time-consuming, programming-intensive process. DCH is looking at the next opportunity--letting patients use E-signatures at pharmacies linked to PharmaLinx. "This new law helps push the whole signature concept forward," he says.

Still, extra precautions must be taken when medical and other sensitive data is handled using E-signatures. Blackley says smart cards--electronic ID cards that fit into a smart-card reader--are the way to go, possibly combined with PINs. "Smart cards allow you to authenticate and execute the time stamp," he says. Pharmacies or insurance providers could issue the smart cards to consumers, since both stand to save a considerable amount in paperwork and fraud reduction, Blackley says.

Widespread smart-card adoption may indeed happen. Microsoft CEO Steve Ballmer said last week that smart cards will play a critical role for authentication and security in the company's .NET plans and predicted that during the next 18 months all new PCs will be equipped to support them.

But even smart cards pose problems. "Suppose you make a purchase with your personal smart card from your computer at work, and you leave your card in the machine and step away," says analyst Prince. "Someone else makes a transaction as you. Who is responsible? You or your employer?"

And while there's little doubt E-signatures will prove a boon to online business, hackers are always looking for new challenges. Conducting fraudulent business may get easier before it gets harder. Says Prince, "It's naive to not expect sharks in the water."