When a user sign a request what steps are taken before the the service provider use the other key to perform the request? Is there any extra "safety net" in place in case somebody has lost his private key and somebody else is trying to empty the account with it?