Sure, it’s extremely convenient, cheaper and less time consuming than using a fax or scanner to send signed documents, but sending your personal signature into the unknown internet can feel like gambling away one more piece of your identity.
If it’s possible to potentially bind yourself to any manner of agreement without even picking up a pen, what are the odds that something so effortless can also be exploited?
To begin putting things in perspective, the brief history of the internet has shown us that pretty much anything can be compromised. On the plus side, to ease your fears—signatures have been getting forged since ink and paper were our most advanced forms of mass communication.
Learning the facts about both the potential vulnerabilities and layers of security can help ease the natural anxiety that comes with any uncharted but practical new convenience technology surrounding your online and real-world identity. A practical understanding of how e-signature software functions from a security standpoint can help you determine their appropriate use.
Breaking Down the E-Signature
An e-signature is significantly more complex than, say, someone snapping a picture of your handwriting and then casting it out into cyberspace and the whims of fate. Electronically signing documents, which can be done in typed form or with touch/stylus, is only a few steps from digitally transmitting copies of a physically signed contract. Faxed or scanned copies of a document have become normalized as legitimate, enforceable agreements. As with these practices, useful and cost-effective compared to overnight mail, there are highly specific measures taken to minimize the security risk of the electronic signature.
There are different variations of electronic signatures, digital signatures being the most secure.
The digital signature acts a kind of fingerprint, identifying the signatory as the authentic source of the message by encrypting the signature with the exact content of the agreement at the time of their signature using the signatory’s own private key. Upon transmission of the e-signed document, the recipient receives the signatory’s public key, which will fail to unlock the signed document if e-signed without the correct private key a.k.a. improperly or fraudulently. This also happens if the document was changed in any way after being signed.
Digital signatures are distinguished primarily by regulatory adherence and the security of measure of PKI protocol. The basic sequence of digital signature security is as follows:
- Document signed by the recipient.
- Signature encrypted with exact content of document at time of signing using PKI-encrypted private key.
- Document transmitted/sent via email
- Return recipient message opens signed document automatically with public key
- If either key is inauthentic or the document was changed after signing, the signature is not retained.
In general, e-signature software is a convenient way to sign and transmit documents on any device, but not all fulfill the security standards of digital signature.
The G2Crowd E-Signature software Grid℠ criteria includes encryption and security of communications between users. Within the software reviewed, there are different levels of scalable regulatory adherence, auditing upkeep and PKI encryption protocol. These three elements considered will allow for a number of options well within your standards of security.