How to Detect Tampering in a Digitally Signed Document

Posted by Emily Maxie

If you’ve been given a document that has been digitally signed, you might wonder how you can find out if it has been tampered with. While the signatures may look the same no matter what, there’s a lot going on under the hood that you need to be aware of before you accept a digitally signed document.

electronically signed document tampering

Going from Paper to Electronic

When you receive a traditional signed document, what are you usually looking for? First, you may check if it was signed at all. Then, you’re probably looking for the right person’s name. You might also check to see that the document was filled out correctly and that there are no obvious changes to the document. Putting all of this together can be a time-consuming process, but it’s also a well-understood process.

When you receive a digitally signed document, you can still look for these items, but digital signature software also gives you tools to better understand the document. Digital signature evidence can include information about the signing process, whether the document changed and much more. But of course, you have to know what to look for. 

Rely on the PDF

Here at SIGNiX, we produce digitally signed PDF documents. The PDF file format is well-known and is an international standard (ISO 32000-1). We chose to use the PDF format because it is the most mature platform that supports digital signatures. The PDF first supported digital signatures way back in 1999. Since then there have been a lot of powerful new functions added that we take full advantage of.

When you receive a digitally signed document, first be sure you’re looking at a PDF file on your computer or mobile device, not a paper copy. While a paper copy can be useful as a reference, the PDF file has many features and functions to give you even more evidence. If you’ve been given a paper copy and asked to trust it, be sure to ask for the electronic version and look for all of the elements described below.

To open the PDF, we recommend you use a standards-compliant PDF viewer like the free Adobe Reader (downloadable here). Adobe Reader on Windows or Mac OS X provides the best experience when it comes to viewing digitally signed documents.

You can also use the free PDF viewer applications from Nitro and Fox-It, though some of the icons may look different than what we're presenting here. If you’re using a mobile device, we strongly recommend that you use the free Adobe Reader app available on the App Store or the Google Play store.

green checkmark

 

Trust the Green Checkmark

Now that you’re looking at a PDF file, what’s next? If you’ve opened the file with the free Adobe Reader software, look for the green checkmark at the top of the screen.

This immediately lets you know that nothing has changed since the last signature was applied to the document. (NOTE: This icon will look different in other PDF viewers and is not available on mobile devices as of September 2013.)

When should you be concerned? When you see any of the following icons:

Yellow Exclaimation Point

This icon lets you know that something may have changed after the last signature was applied. Perhaps the change was intentional, but the software is making sure you're on alert.

If you click the pen icon on the left side, you will see an in-document change tracker showing you each of the signatures applied, and in this case, changes made after the last signature.

pdf verification4

Magnifying Glass

This icon lets you know that something was just changed in the document you are looking at. You will need to validate the signatures for Adobe Reader to let you know what changed.

To validate the signatures, simply click the pen icon and then the "Validate All" button. The icon should then change.

pdf verification3

Red X

If you see the red X, you should not trust the document. This means that substantial changes have been made to the document that have compromised the integrity of the original PDF. Get in touch with the organization or individual that sent you the document and ask for an original.

pdf verification2

What Should the Signature Look Like?

A digitally signed document might have one signature or twenty. What do you need to look for in the signatures themselves?

signatures groupDigital signatures can look very different. Here at SIGNiX, signers can choose from one of several signature fonts or they can use their finger or a stylus to draw their signature on a tablet device.

These signatures aren’t just pictures of a signature with a link to some third party website. Each of our signatures and initials creates a tamper-evident seal on the document and embeds critical information about the signature into the document itself. If you’re viewing a digitally signed document in Adobe Reader or another PDF viewer on Windows or Mac, you can click on each signature to view this information. Here are some highlights.

signature properties

1) Reason Code should include name of signer.

2) Has the document been tampered with?

3) Embedded time stamp should show time of actual signature. 

Get Even More Evidence with Signature History™

On top of creating embedded signatures, we also embed a history of the document with each signature—we call this the Signature History™. With this feature, you can easily show what the document looked like when each signer signed the document. This is especially useful in multiple signature and party workflows where one signer may question the content of a document at the time of signature. The Signature History is available within the document, even if you're offline.

If you have received a document with more than one signature, you can take a look at the embedded Signature History within compliant PDF viewers on Windows and Mac computers. Follow these steps:

1) Right-click (command+click) on the signature, and choose "View Signed Version."signature history

3) The PDF viewer will create a new window displaying what the document looked like when that signer signed the document.

 

What to Look for in an Audit Trail

Now that you understand what you need to be looking for with the digitally signed document, be sure that you also are able to view or access a copy of the audit trail or event history behind the transaction. We recommend that signers download not only the PDF versions of their signed documents but also the PDF version of the audit trail.

This audit trail traces every single event from the initiation of the transaction to its final steps. It captures key legal points, including transaction start, email delivery, site entry, consent, authentication result, document presentation, each signature or initial, agree/acknowledge tasks, transaction end, document presentation post-transaction and many other events. The audit trail also stores all opt out and comment activity.

If you'd like to learn more about how to detect tampering in digitally signed documents, please feel free to contact us

ROI of Digital Signatures Calculator

Get a Digital Signature Quote Now

GET A QUOTE

Posts by Topic

see all

Subscribe for updates