Are Electronic Signatures Secure? Will my eSignature Hold Up In Court?

People like the speed and convenience of electronic signatures but often have questions about security and validity.

More people would be willing to use electronic signature services (like Signeato) if they had some of their questions answered. Here, I’ll describe some of the ways Signeato addresses these objections and how you can better protect the validity of your eSigned documents.

Confused about Electronic Signature Security?

Common E-Sign Questions/Objections

“How Easy Can You Fake An E-Signature?”

“Can Someone Change My Document After Signing?”

“Will My E-Signed Document Hold Up In Court?”

What is a Signature?

Before we get into the nitty-gritty about e-signatures, let’s review the definition of a signature…

John Hancock Electronic Signature

“A signature is a handwritten (and often stylized) depiction of someone’s name, nickname, or even a simple “X” or other mark that a person writes on documents as a proof of identity and intent.”

Source: Wikipedia

So, your signature doesn’t have to be legible, or even be your name. A signature is some sort of mark or notation that represents that person’s identity and intent. Identity and intent don’t change because the mark was made on a sheet of paper, the back of a napkin or on the screen of a computer.

Are Signeato Electronic Signatures Legally Binding?

Yes.

Signeato complies with the requirements described in the Electronic Signatures in Global and National Commerce Act of 2000 (ESIGN), the Uniform Electronic Transactions Act (UETA), and the European Union eIDAS (EU N°910/2014) regarding electronic signatures and transmissions.

Once your document is signed:

  • Securely Stored
  • Unaltered
  • Sent (via email) To Everyone Who Signed

Our audit trail is detailed and comprehensive. The log uses a mathematical proof to show it is tamper-free. This verification process takes a few seconds.

Court

Will It Hold Up In Court?

Yes.

In the United States, eSignatures have been legally permissible in court since 2000.

If the validity of your Signeato document or electronic signature gets legally challenged, you can rest easy knowing you have a detailed document timeline.

You should still check with your local attorney to verify the Signeato audit trail will protect you in court.

Signeato creates a detailed audit trail between for each document. Each Signeato document is accompanied with a timeline. Here, we track and timestamp a number of events related to your document, including:

  • Document Creation
  • Each time a “Please Review & Sign” Email gets Sent
  • Acceptance of “Terms of Use”
  • Document is Viewed
  • Each time your recipient adds their Signature, Initials or any other data field
  • When all fields have been completed

Each transaction event gets time-stamped and stored with information about the device used (also known as UserAgent information). We can 100% guarantee if any of your logs, timelines or documents have been altered in any way. Our extensive use of 128-bit hashing algorithms ensures our permanent record of your document (and every transaction related to it) are permanently stored and unchanged. We call the result of this algorithm an “electronic fingerprint.”

What About Security & Encryption?

Documents at Signeato are stored behind an adaptive security appliance firewall. Communication with our servers is performed using 256-bit AES SSL transfer protocol. Within the web server, data files (i.e., PDFs and signatures) are stored in a private directory inaccessible by the public.

Our servers are stored in a multi-tenant cloud environment utilizing Xen-based hypervisors and a set of proprietary logistics and middleware nodes. This cloud environment has acquired and adheres to the following certifications:

To protect your data from natural disaster, our data-redundancy policy ensures multiple copies of your documents are stored in geographically disparate locations. Your documents, signatures and timeline information is stored on traditional computer hard drives as well as WORM (i.e., Write Once, Read Many) media. This protects your data from viruses, computer malfunction and even natural disasters.

In English Please…

So what does this mean? We keep your data super-secure. To make sure we never lose anything, we keep copies of your document in different parts of the country. We make backups of your documents on special discs that can’t get updated.

Verify Authenticity

To protect the validity of your signatures in the courtroom, you want to be sure the signature on your document was made by the person you intended.

Anyone who signs a document on Signeato must have either logged in through Signeato, or received an email invitation to sign. To protect Signeato accounts, we transfer all site data using 256-bit SSL-encrypted packets.

To prevent others from accessing your account, Signeato utilizes a number of additional security measures:

  • Automated Session Time-outs – When signing a document, you can’t leave your computer along for too long. If you do, we’ll automatically navigate you to a new page.
  • Email Notifications – We send you an email each time your document is viewed or signed.
  • Encryption – We use 256-bit SSL encryption (the strongest) for all uploads, signatures, usernames and passwords. So even if you’re using Signeato in a public place (like a coffee shop), nobody else can see what you’re signing.
  • Secure Email – We default to TLS protocols to encrypt SMTP messages and message metadata. Not every email server supports secure email. However, we send encrypted email whenever we can.

How Easy Can You Fake An eSignature?

While it’s possible to create a document that looks like a Signeato document. That document would appear authentic, but it wouldn’t have a valid electronic signature. It’s a fake.

Unfortunately, it is very easy to fake an eSignature. A simple Google search for “How to Fake a Signature” yields hundreds of articles, videos and step-by-step guides for recreating the signature of someone else.

Fortunately, Signeato has anti-forgery countermeasures in place. Forgery is easy to spot with these tools.

We create an “electronic fingerprint” each time your document is uploaded or signed. You and Signeato staff have tools to match that fingerprint against our database. The only way to find a match is by uploading an exact copy of a signed document. If there is no match, you’re looking at a fake document.

Can Change My Document After Signing?

A change to your document changes its associated electronic fingerprint and invalidates the validity of any signatures. Passing this document on as an original is against the law in nearly every part of the world.

Any change will invalidate the entire document. Even a tiny, little speck of a change results in a huge difference in the electronic fingerprint.

Experiment: Change One Punctuation Mark in a 500-Page Document

We took the electronic signature of a 500-page document. At the end of a random paragraph on a random page, we changed a period to a comma. So we changed “…on earth.” to “…on earth,” In other words, we changed a single punctuation mark in a 248, 127-word document.

Electronic Signature Fingerprint

Here are the resulting electronic fingerprints:

Before:

EDDC1A74076902E01BEE5E5A0A26ECB2

After:

D41D8CD98F40B204E9800998ECF8427E

As you can see, even the slightest change in any part of the document results in a dramatic change in the electronic fingerprint. Not even close.

Signeato saves the electronic fingerprint of every signed document. If someone shows you a signed Signeato document, you can verify it. To verify, visit signeato.com/verify. Once there, you can upload a signed document or just copy & paste an electronic fingerprint.

Security Best Practices: What You Can Do

As you now know, Signeato goes above and beyond in protecting the integrity of your signature. With that in mind, it’s a good idea to follow security best practices:

  • Always Use Signeato  – Other eSign services offer a number of security features. That said, I haven’t seen another service that makes it so easy to verify the authenticity of signed documents. So if a document ever comes into question, you can easily verify the validity of the document in seconds.
  • Use Different Passwords – Data breaches happen all the time. As a result, your overall online security is safer if your password hacked from one site isn’t used elsewhere. Protip: integrate the name of the site into your password. For example, you could use the password, “ItSi110%A!” You can remember the password by remembering the phrase, “I think Signeato is 110% Awesome!” This way, your password is much more unique and easy to remember.
  • Don’t Share Devices – Don’t use public computers. You never know what kind of software is installed. Someone could be capturing screenshots, credit card numbers or all of your keystrokes. Additionally, someone could bypass software altogether and stick a special plug (called a keylogger) into the computer and record every key you press. Stay in the safe lane and avoid these situations.
  • Always Lock Your Phone and Computer – To access your phone or computer, make sure you use a PIN, password, input pattern or fingerprint/facial/retina scan for a security challenge. The more unique the input, the better the security. Remember, most credit cards, sites and services will reset your password with a link sent to your email. Having security to access your phone and computer locks others out from your home or office. Worse, imagine who has access to your personal data if your unprotected phone or computer get stolen?

Conclusion

Use Signeato for all of your electronic document eSignature needs. You can rest easy knowing a team of security experts are in your corner.

The Signeato timeline keeps track of every action taken against your document. You’ll know who did what and from where they did it. Signeato logs can’t be faked or changed.

Every document has its own bulletproof timeline of events you can bring to court. We home you never need it.

Full Disclosure

I am an employee of ThinkUp Technologies. One of the services offered by ThinkUp Technologies is the Signeato electronic signature service. I am not an attorney. If you need legal advice, consult an attorney.

Leave a Reply

Your email address will not be published. Required fields are marked *