I stumbled on a website today that discusses how to handle documents that are suspected to be forged, and I wanted to bring it to the attention of readers here.
This website talks a lot about cases and scenarios in which signatures were forged and how people have had to go to court or hire a forgery forensics specialist to determine if the signature is indeed a fake. This site also has Forgery Prevention Tips for people to avoid having a document forged or their signature forged, and possibly their identity stolen.
Nowhere on the Forgery Prevention Tips page did this person recommend using electronic signatures to prevent signature fraud. I’m not that surprised since it is a signature forgery expert advertising for business.
Nothing against this signature forensics expert; I’m sure they are very good at what they do. But, if you are really concerned about signature fraud, then you should begin using electronic signature tools. E-signature have a higher level of protection because not just anyone can get access to the document; only the person you give electronic access to he document can sign it.
The E-signature tool offered by ConXPoint also requires authorization in the form of a PIN or password in order to sign after you have gained access to the document. This is yet another layer of security.
If two layers of security isn’t enough, an e-signature tool retains user information when the document was signed, such as date/timestamp, IP address, and length of time the document was reviewed before signing the document.
The ConXPoint system retains the original signed document in a secure environment for at least 7 years. Copies of the signed document can be compared to this electronic version to ensure nothing has changed or the document has been tampered with.
I can now see why this website doesn’t recommend the use of e-signatures in it’s Document Forgery Prevention Tips. If you want to avoid ever having to use the services of a document forensics specialist, you may want to check out the e-signature features in ConXPoint’s Business Center.
November 5, 2008 at 6:39 am |
A key point, though, is that the original electronic copy must be maintained in order for underlying digital signatures to work. Many who use electronic signature solutions mistakenly believe they can print the results and maintain the same level of document authenticity. Of course, this cannot be the case, as a printed document, including watermarks or “seals of trust” or even hashes or digital signature values can all be created easily. The same goes for simple PDFs or other “read-only” file types — which can only be verified if also digitally signed.
Forgery is made easier when people simply believe that a document “looks authentic,” as is the basis of all phishing scams and most electronic as well as paper document fraud.
It is easy to make things look good, but as you pointed out, if digitally signed using trusted software, and then having the digital signature re-verified using said trusted software with well documented public keys, such forgery is much harder to accomplish.
Never allow a vendor be the only party who can verify a signature, too, as you never know if that vendor will remain in business. An online service is fine, but be sure such electronic originals can be exported from the system and stored by all parties, lest you find you can’t reproduce or prove a document’s authenticity should they no longer be in business.