Home / Blog / Are documents signed with an electronic signature secure?
Are documents signed with an electronic signature secure?
Electronic signature is a tool that speeds up the flow of documents and facilitates remote contracting. However, many people are concerned with this way of signing documents. We explain why the electronic signature is a secure solution.
Is an electronic document as valid and credible as a paper document? How can I verify the identity of the person who places the electronic signature on the document? Is there a risk that the other party will change the content of the electronic document? These are the most common questions asked by clients who are considering using an electronic signature. Let us clarify those concerns and doubts.
Electronic signature – legal regulations
In the case of electronic documents and signatures the domestic and European laws quickly adapted to the changing reality. This area is mainly regulated by Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, also known as eIDAS. This Act provides the definition of an electronic signature: "electronic signature is defined as data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”. eIDAS, which entered into force throughout the EU in 2016, also defines an electronic document as follows: "electronic document means any content stored in electronic form, in particular text or sound, visual or audiovisual recording". Even an email containing the sender's name and surname meets the definition of an electronic signature, but in order to benefit from legal effects, the signature should be an operation of the trust service.
A very important provision is found in Article 43 of this regulation - "Data sent and received using an electronic registered delivery service shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form [...]". The fact that a document is in electronic form does not affect whether it is valid and binding. Its content and the type of signature placed on it are of major importance. Most documents can be signed with an ordinary electronic signature - it is an electronic signature consciously used by an individual, attached or associated with the signed content. The electronic signature may be the name and surname combined with an email address and an IP address. It's important to note that the provisions of eIDAS show that the court cannot refuse to use such a signature in evidence proceedings only because it is in an electronic form.
Documents that require a written form (e.g. employment contract, contract for specific work with the transfer of copyright) may also be signed electronically, but for this purpose only with a qualified electronic signature, which has the same legal effects as a handwritten signature.
Verification of the identity of the person signing the electronic signature
There are many questions whether the sent electronic document will be signed by an authorized person. In the case of concluding a contract face-to-face, identity verification consists of comparing identifying data (e.g. PESEL number, name and surname) contained in the contract with the data contained in a document confirming the identity (e.g. personal ID or passport). Signing documents remotely can raise some security concerns. Is it possible to effectively verify the identity of the person placing the electronic signature?
A user who sends a document via the Autenti platform can be sure that it will reach the correct recipient and that he/she will sign them with an electronic signature. Autenti uses several methods to verify the signing person.
The most popular and easiest way to verify the signing person is to use the email address assigned to them. The person who uses the Autenti platform to send a document for signature, provides the address used by the recipient. A unique link is sent to this address, which directs the recipient to the signature panel. There, the recipient confirms their identity and at the same time places an electronic signature on the document. At this point, the email address is linked to the name of the signing person and the IP address of the device that was used to place the signature. This set of information is attached to the document and makes it possible to identify who placed the signature.
Verification by text message code
The second method of verifying the person who places the electronic signature on the sent document is to use a one-time link sent by email and a code sent in a text message. In addition to the link, which is sent by email, the recipient also receives a text message code, which is sent to their telephone number. The code is known only to the person using this number and is required for placing the signature. This way, information about the telephone number is also attached to the first name, surname, email address and IP address.
Using a qualified signature
Another way is to use a qualified electronic signature that will provide direct information about the signing person. Companies that provide qualified certificates perform detailed verification of the client's identity. Before issuing the certificate, an employee of such a company compares the data provided by the client with the data from their personal ID or passport - such verification is carried out in person or remotely, via a webcam. As a result, a qualified signature is closely related to the person who uses it. A qualified signature is equivalent to a handwritten signature - therefore it can be used to sign documents that require a written form. Today, the Autenti platform makes it possible to use mobile versions of qualified electronic signatures in the processes of signing documents that must meet such requirements.
What does an electronic signature look like?
An electronic signature has the form of electronic data or a string of bits that is attached to an electronic document. The signature in this form can be read and verified by a computer, but not by the people who received the signed document. Autenti has developed a solution for this inconvenience - each electronic document sent via the platform is accompanied by a Signature Card, i.e. a page in the document with the submitted electronic signatures and information on the method of verification of the people who signed them.
How is the content of an electronic document secured?
The use of electronic documents raises concerns as to whether their content will not change "along the way" - as a result of carelessness or deliberate action. Autenti users do not have to worry about document security. Each document that has been sent and signed via the platform is secured with an electronic seal based on a qualified certificate. It guarantees the integrity of the document and makes it impossible to introduce changes from the moment of signing it by the sender. The seal also confirms the authenticity of the document, i.e. the fact that it was sent using a trusted platform. Furthermore, each Autenti document is secured with a qualified time stamp, which guarantees that the document has not changed since it was marked with the time stamp. Autenti also ensures the availability of documents - each party has the ability to retrieve information at any time, without the participation of other parties. Accessibility combined with integrity means that each document signed using the Autenti platform is a permanent medium under the law, which allows future access to information in an unchanged form. Thanks to this, the electronic document can be used, during proceedings before a court or other state authority, if such a need arises.