« Back to all Questions

How do I verify an Electronic Signature?

When a signature is submitted to a document, a Cover Page is generated containing the signature, with information about the signatory. Most of the time you will not need to verify the signatory, as you and the signatory were in contact during the signing process, but what if you weren’t involved?

You might be given a hard copy of a document where you weren’t party to the signing and you want to verify that the signature(s) on the cover page are valid. You can do that by the following:

  1. Scan or Click (if viewing PDF on a device) the QR Code on the cover page of the document. Your Computer/Phone/Tablet will take you too the document on E-Sign and show a box with the relevant signature information.
  2. First, make sure that you have been taken to the E-Sign website. You can do this by checking the first part of the URL in your web address bar reads: ‘https://app.e-sign.co.uk/…’. It will be followed by a series of random digits/letters, but the important part is to make sure you are on our domain.
  3. 'SSL Security Lock'{.pull-right} Next, check that your web address bar is displaying a green lock icon next to the above URL. This ensures that you are on the E-Sign website and using our secure data encryption certificate (the same security that banks use to encrypt user data while using the site). Depending on your web browser, you can click the green lock icon to show informations about E-Sign’s SSL security certificate - It should state a 256-bit encryption, verified by RapidSSL.
  4. Finally check all the information in the signature verification, in particular the email address associated with the signature. The email should match the persons email who the signature belongs too. You can also close the verification box to double check the preview of the document to ensure it exactly matches the one you have to hand.

What do I do if I’m unsure about the verification?

In the unlikely event that someone tried to forge an E-Sign signature it is quite straightforward to identify it.

Unlike a hand signature, where forgery is as simple as copying the persons signature mark, forging an electronic signature is a lot more difficult.

First, the forgerer would attempt to replicate a signed E-Sign document. Then, they would have to embed links within each signature on the cover page to a website online that resembled the E-Sign website. If you follow the instructions above, it would be easy to identify when a signature is forged - the domain name would not match ‘https://app.e-sign.co.uk’ and therefore any SSL security (the green lock) would not match.

Other things to remember

As we identify users/signatories via email, it is important to make sure you and other acquaintances you interact with on E-Sign keep their emails secure. It’s extremely important to keep your email safe in general (think of all the personal data you keep stored in emails!), so here’s some tips to keep in mind:

  • Always use a secure password. Include letters and numbers and make it as long as possible.
  • Make sure you access emails over a secure connection. If you regularly access emails over shared WIFI (such as in a coffee shop) check that your communication is encrypted. Without going into too much technical detail, your email should always be securely encrypted with an SSL certificate (that’s the green lock you see in a web address bar). Gmail uses SSL encryption when you access your webmail.
  • Don’t use the same password for different online accounts. It’s generally a bad idea to use the same password for all your online accounts. Social networks can be particularly liable to be hacked and if you use the same password for them as you do for your email then it’s trivial for someone who’s hacked your social network account to access your emails where we might send secure signature links.
  • Don’t forward your secure private links to anyone. If someone requests a signature from you, we will send you a secure private link to access the document and add your signature. Make sure you don’t include these private links in any messages you forward/send to your contacts. Doing so will give them access to that particular document.