Leaving your eMark

Simple to create and easy to use, digital signatures can save you a lot of time and paper.

If you don’t use an electronic signature — and from what I’ve witnessed, most of you likely don’t — you’re wasting time and money and missing out on the efficiencies of truly going paperless.

For some reason, whenever it comes to digital, people automatically think of fraud — that anyone can pretend to be you. In this case, the assumption is that a written signature is more secure than an electronic signature. It isn’t. Just because a signature is electronic doesn’t mean you have to layer it with additional security, verification or administration. For almost all of your documents, all you need to do is sign them to indicate the content is from you and that it is the final version.

Your electronic mark — a signature or your initials — is simple to achieve. It can be a stock cursive font you’ve selected, a scanned image of your handwritten signature or a truly electronic creation using a mouse/pointer/stylist/finger scroll. You can insert the image into your unpublished document so that it only appears at the time it is published to PDF, or you can have a PDF stamp created that you place and lock directly onto the published document.

How secure your signature should be — and this is equally true in the paper world and the digital world — comes down to the nature of the document you’re signing and what you want to achieve.

On specific occasions when proof is required — typically when the parties are not in the same city and don’t know each other — a witness or, in more formal cases, a notary who is accountable to the law and can provide evidence authenticating you are who you say you are, may be required.

The same standards apply to the digital world. For the most part, we have no need to question the legitimacy of signatures. In cases where an additional level of validation is required, there are two main methods available to you.

The first method is a certificate-based signature. This is used with single-signature documents. It authenticates both the document’s content and your signature. You obtain a digital ID that contains encrypted information that is unique to you. Your signature image contains an encrypted private key and a certificate with a public key (see Safe and Secure, CAmagazine, September 2012). You then lock the document when you apply the digital signature image. A hashing algorithm is embedded using your private key. The signature and contents are verified when the recipient opens the document. (Adobe is a big player in this space.)

The second method is to store the document with a third-party service. This is used for documents requiring multiple signatures. You upload a document to sign, insert your signature, then drag and drop a signature box onto the document. The third-party service will then email the recipients a link to the document and they review and sign it. Once all signatures are collected, all signatories will be emailed a copy of the document and the service provider will maintain a copy in your account for future access. (EchoSign and DocuSign are the major players here, and now so is Wolters Kluwer CCH.)

As CPAs, there are many documents we need to send out that require evidence of our approval, knowledge or acceptance. So from now on, rather than printing, signing, scanning and emailing a document, put down your pen, leave the old paper world behind and sign and send your documents electronically.