Are eSignatures Safe?

Leor Melamedov

There’s something about the tangibility of wet signatures that gives companies a sense of safety, but the reality is that many eSignatures today are even more safe and secure than the wet signatures they’re starting to replace. That’s because a specific type of eSignature –– digital signatures –– are truly immutable, with many layers of authentication and paper trails. Companies should rest assured that adopting an advanced, certified eSignature solution will be a step forward for their security, not a liability.

Is it safe to use digital signatures?

Digital signatures are extremely safe, which is why they’ve earned the same legal weight as wet signatures across the world. The most current eSignature solutions are fully safe from a security and compliance perspective. Of course, as with all software, companies should be aware of the existence of nonlegal eSignature platforms that enable signers to simply paste a picture of an eSignature into a document, such as Word or PDF. These solutions aren’t safe and may bring about legal difficulties in the future as there is no record that connects the signature to a specific person. Furthermore, such signatures are vulnerable to tampering.

But the good news is that there are plenty of highly secure, certified eSignatures available today. Legitimate eSignature providers are eager to show off their credentials, so it should be easy for companies to find them via a simple Internet search.

What makes an e-signature safe for its user?

Not all eSignatures are created with the same degree of security measures in place. But what distinguishes secure eSignature solutions from riskier ones?

First, companies looking to invest in an eSignature solution should make sure it’s a digital eSignature platform –– a general hallmark of advanced security. To provide users with reassurance and stay compliant, it’s important to choose an eSignature that has the following characteristics:

  • Is associated with a third-party certificate authority that can verify that a signature has been added to the document. Digital certificates don’t hold legal weight forever, though: they expire after two years, after which time they must be renewed.
  • Adds an audit trail to track the chain of custody –– and it’s even better if blockchain technology underlies this.
  • Ensures added layers of identity verification, like having signers use SSO or create an authenticated account before providing a signature.
  • Abides by regulations like HIPAA, GDRP, ISO 27001, and various international, regional, and country-specific laws.

Can a digital signature be forged?

Forging a digital signature is extremely difficult, even more so than a wet signature. Traditional handwritten signatures can be imitated, and the document it was written on can be copied, blotted out, and re-scanned to falsify information.

That simply isn’t possible with a digital signature that is authenticated. When a digital signature is provided, the software scans the document and generates a mathematical formula that represents the signature. This is called a hash. As soon as the receiving party opens the document, the same thing happens. Digital signatures cannot be tampered with and are time-stamped, so it is nearly impossible for forgery to occur after the transaction transpires.

New call-to-action

Can my digital signature be misused?

Digital signatures are very rarely misused because there are so many safeguards preventing that from happening. Misuse is especially unlikely if a company is using a compliant digital signature platform that is certified.

Unfortunately, less advanced eSignatures have occasionally been misused in the past. For example, hackers have stolen code-signing certificates to sign malware, certificate authorities have accidentally issued certificates to illicit organizations that kept up a cover (such as front companies), and other incidents involving malware.

But these kinds of scenarios are unlikely to happen with today’s advanced technology. In today’s world, wet signatures pose the greater relative risk.

What are the legal problems with digital signatures?

While it’s natural for people to have doubts about the legality of (relatively) new technology, there is nothing to worry about when it comes to digital signatures; they are fully legal and have been for some time now.

Since the ESIGN Act in 2000, eSignatures have been officially legal in the U.S., where a document cannot be denied legal status merely because it was signed by electronic means.

Nearly identical eSignature laws were passed that same year in many countries across the globe, including the entire E.U. (it has since been replaced with eDIAS 2014).

Today, there are minor differences in the categorization of eSignatures across the world, with different countries and regions using different terminologies to describe the various categories of eSignatures based on security. And even though eSignatures can generally be used in all situations that warrant a signature, some localities maintain a few circumstances that still require a handwritten signature. For instance, in the EU, wet signatures are still required for real estate transactions, marriage contracts, HR termination letters, and the incorporation of a limited liability company (LLC). But even when it comes to these few exemptions, there tends to be a great deal of overlap across regions.

How should I validate and verify a digital signature?

The exact details of how to validate a digital signature vary among different eSignature software providers. As a general rule, an approved certificate authority (CA) will allow two hash values to be created, and if these values match, it shows that the digital signature is valid.

The bottom line

eSignatures are just as safe as wet signatures, and in the case of highly secure digital signatures, they are even safer. Both companies and the customers they serve should feel very comfortable enjoying the convenience imparted by eSignatures without concern for compliance –– provided they choose the right solution.

Lightico can be that solution for many companies, particularly those that need to quickly serve and sell to high volumes of customers without compromising on security. Companies using Lightico can not only collect eSignatures, but also eForms, eDocuments, payments and verified ID from customers completely remotely and from a secure setting.

New call-to-action

esign