How Secure Is an Electronic Signature?

Posted 5th August 2020

With the electronic signature market expected to grow around 26% in the next 5 years, your business may now be one of the many considering switching from handwritten to electronic signatures. When businesses consider switching to e-signatures, the issue of security is often cited as an area of reservation. Indeed, a recent study by the University of Virginia shows that most people distrust e-signatures:

“E-signatures evoked markedly different psychological reactions than handwritten signatures. Namely, e-signatures evoked a weaker sense of the signer’s presence and involvement. This weaker sense of social presence, in turn, induced negativity: People were more likely to discount the validity of an e-signed application than that of an identical application signed by hand”- Eileen Y. Chou

It’s important to recognise that even if it feels less valid, electronic signatures are just as legal and valid as their handwritten counterparts, and arguably even more secure.

E-signatures are a lot more than just a digitalised version of your handwritten signature. When you go through an e-signature platform, like E-Sign, every electronically signed document is backed up by enhanced security and ID verification.

 

How Do Electronic Signatures Work?

Electronic signatures link the signer to the document in a recorded transaction via a coded message through Public Key infrastructure protocols. PKI protocol uses a mathematical algorithm that generates a public and private key for each document transaction.

The mathematical algorithm used by E-Sign acts like a cipher, crE-signatures are a lot more than just a digitalised version of your handwritten signature. When you go through an e-signature platform, like E-Sign, every electronically signed document is backed up by enhanced security and ID verification.eating data which matches the signed document, or a ‘hash’, and encrypting that data as an advanced electronic signature.

When a person e-signs a document, the signature is created using the signer’s private key. When a document is sent via a platform like E-Sign, the signer uses the public key to decrypt the signature via a cypher. If the hash values are equal, then the signature is valid.

This process links the electronically signed document to the signer and digitally records the process, providing a level of trust and assurance for these digital transactions.

Electronic signatures must meet the following criteria to be considered secure under eIDAS Article 3 and the Electronic Communication Act 2000.

Electronic signatures must:

  • Uniquely link the signer to the document and be capable of identifying the signer
  • Allow the signatory to retain control of the document
  • Be capable of detecting any subsequent change to the document data

Every document signed with E-Sign is supported by a digital certificate documenting the author, signer, device, IP address and time and date stamp, providing additional information linking the signer to the document.

In addition to this, our platform allows you to track and record your transaction at every stage. All data pertaining to the transaction is retrievable from the advanced audit trail produced for every sent document.

E-Sign provides the following within its digital signature to ensure every signed document is secure and legally admissible:

  • Digital certificate authenticating all data and document interaction
  • Time and date stamping
  • Detailed document audit trail from inception to completion
  • Document integrity maintained and checked throughout the signature process
  • Secure storage of documents and data
  • Identification of users verified
  • Unique digital fingerprint created for every signed document
  • Unique signature fingerprint created for signatory

 

Secure E-Signature Platform

Beyond the security of the electronic signature itself, businesses can also have concerns over the security of the e-signature platform and any data it contains. At E-Sign, our platform and website are 100% secure via 256bit SSL encryption for peace of mind that your data is protected.

To ensure your data is secure, we also provide:

Secure by Default Infrastructure

Using control measures within our PKI policies, only the account holder and their users can access the documents they create.

Secure Platform and Website

All interactions within the E-Sign platform and website are fully secure via 256bit SSL encryption, ensuring your data is protected and safe from hackers. All documents are uploaded to E-Sign platform via secure 256bit SSL encryption endpoints using HTTPS protocols, protecting the privacy and integrity of the exchanged data.

Secure Document Transactions

E-Sign utilises Secure/Multipurpose Internet Mail Extensions (S/MIME) to send digitally encrypted emails. The link to the digitally encrypted document is accessed via PKI and is also SHA encrypted, which is time limited and changes every time the link is accessed.

Secure Storage

E-Sign uses enhanced physical and digital security to protect your data, operating our own state-of-the-art servers within the UK and Isle of Man. Beyond this, we also utilise server-side encryption (SSE), which encrypts the data at rest, twin firewalls to protect our database and a 24/7 monitoring system.

Secure Document Uploads

E-Sign operates an encrypted client library for end-to-end encryption that cannot be reversed once a document passes through it. To access these documents, identity and Access Management policies are embedded in the infrastructure, so only the user and signatories can access and sign documents.

SMS Authentication

To ensure an additional layer of security and identity verification, you can choose to add SMS authentication to the transaction.  This means signers will receive a one-time passcode via text message, which they must enter on their laptop or computer before they can access the document.

 

ID verification

As well as security concerns, many businesses can also see electronic signatures as an increased risk of fraud. While the internet can help us get the most out of our business, it can also pose a threat to our information. With fraudsters, scammers and hackers become increasingly sophisticated and worryingly common, you can never be quite sure who you’re communicating with via email.

Our electronic signature platform ensures the identity of the signer is 100% verifiable. With our embedded iD-Checker, we screen the personal details of your signer against a host of positive and negative datasets from a global ID database, verifying client identity and eliminating the risk of fraud.

This is achieved by checking:

– UK and International passports
– GB Driving Licenses
– Mortality register
– UK credit header
– Age
– Address checks

 

Securely Processing Payments With E-Sign

With E-Sign’s payment processing, you can securely capture payments from customers upon completing a deal or transaction. Using E-Sign’s e-signature platform you can integrate a payment option into your document, allowing your clients to sign and pay in one single process for a faster and more effective way to do business.

Integrating the leading payment gateway Stripe into our platform combines what was once two separate transactions into one simple process. To process payments with the E-Sign Payment Gateway, you’ll need to have an account with both E-Sign and Stripe. When you gather a signature and collect a payment from a signer, E-Sign will submit the transaction to Stripe for routing to the payment networks. You will then receive the payment straight into your account.

At E-Sign, we understand that people can feel uncomfortable with processing payments online due to the risk of fraud or hackers. But rest assured, no payment data is held within E-Sign, all information is encrypted and securely handled by Stripe, so hackers and cybercriminals cannot access your vulnerable payment data.

 

Find out more about the security of E-Sign Electronic Signatures.

 

E-Sign is a leading provider of electronic signature solutions supplying professional Electronic Signatures, Web Form, ID Checker and Personalised Email solutions to businesses across the UK.

To find out more about E-Sign’s secure solutions and how they could transform your business, get in touch with us today.

High Performer