Scanned copy of signatures included in email.

It seems the technology has moved on significantly since I was learning about smtp and pop3.  I did not know the current state of email that most messages are encrypted in transit these days.  I wonder how the big hacks we hear about are occurring then.  Is it that the whole network or mail server has been compromised?  Wondering with the frequency of attacks if it is a good idea to rely solely on the in transit encryption to protect our inboxes.

Maybe I'm overthinking this?  Wonder how many criminals have used public records access to signatures combined with other info to steal identities?

Thanks for the info.

Public records have real signatures, scanned signatures and faxed signatures so the risks (low) at similar

Hi John,

So do you think I am overthinking the risk at this time then?

Yes. Electronic signatures have been common for years.

Hi Barry,

It is a very real concern - hence as I mentioned, the banks no longer accepting faxed / emailed scanned documents like they were twenty years ago.

However, I do not know of any specific cases myself of where it has happened (to me or anyone I know such as accounting or business consulting clients), so the overall risk might be low today, or I might just have been lucky as have the people I know.

Alan.

That depends on the bank . One of the big Five banks here accept scanned signed documents. So the method goes on and may change for some other method in future

Hi John,

I guess different countries will have different systems - not all countries have the same level of regulations for banks too.

I was working with a client last week, and they had made a payment from their bank overseas to another bank (same country and not third world) and it took two days for it to show in the recipient's account - haven't seen that in a long time either.

Alan.

It depends on institutions and practices. The risk in a secured business environment (which i think was the subject) is not high.

Hi John,

I agree - it is probably a low risk of the email being intercepted, but very easy for scanned copies of signatures to be lifted from public records.

Also, I would always *assume* all email to be sent in the clear.  Much (probably most) is not nowadays, but always best to assume the worst case, and handle accordingly if you are concerned about security.


Alan.

We may be getting into differing grounds here. Public records are just that and signatures (real, signed signatures) exist there.

That is different from non-public records (which I was speaking to above). So we agree on some ground here, but public records are subject to risk on any kind of signature.

Could be :-)

BTW, I nominated you for MVE - Excellent job here on EE Mr Hurst!

Alan.

Thank you.

If it's just a physical signature that's scanned, those are not legal enough for some of the things you're worried about.  You frequently need an original signature, not a copy for things to be accepted.  Some documents need a notary.  Some documents need a digital signature, such as those from Docusign.com, docmagic.com, or the Adobe Digital signatures.

The actual signature is not sufficient in all cases.  It's an artifact of a previous era, and not entirely sufficient on its own as a verification.  It's basically a rubber stamp.

Barry - some of the comments about the deficiencies of real signatures and public documents may be true to some lesser or greater extent.  

But your question was about sending signatures by email. As noted, if the sender and receiver are both secure (normal business practice) then there is no substantially greater risk this way than sending a real signature by mail or courier.

Wow.  Thanks some really great input.  John,  my question has actually morphed into 3 areas from this discussion and I think the discussion has answered much of them.   1.  Public record access to signed signatures and whether or not those documents leave us vulnerable to attack.  2. access to emailed document signature scans in email systems and in transit.  3.  Would it be considered a best practice to keep scanned signatures out of emails, due to reducing your overall exposure to theft, i.e.  Does increasing the number of access points to this kind of info increase the chance that it can be used for fraud?  As someone pointed out the signature itself is not enough to lift an identity, but from my understanding of how identity thieves work the more information they can get on you, the easier it becomes for them to steal an identity.  

thanks again.

On 2 and 3, Most email in transit is encrypted and you can use such an email system, so not much vulnerability to attack.

Increasing the number of access points could increase the risk, but if access points are secured in a normal business way, then again not much increase in risk.

Also remember, relatively new, is that you can now deposit cheques in your bank account by taking a photo of it on your smart phone. This is a growing practice.

Thanks everyone.  I wish I could vote several answers.  I think this question was really answered by a team and not just one individual.

You can select multiple answers when you close a question . Please try and you will see.

Hi Barry,

Just allocate points however you feel is right.

I think John deserves at least a point or two :-)

Alan.

Author indicated they are happy with answers.