Familiar w/ DocuSign? Secure?
Familiar w/ DocuSign? Secure?
I asked CU for a letter documenting beneficiary on account. Instead they told me I hadn't signed application card (even tho account has been open
for 6 mos.) They said they would e-mail me copy of application which had beneficiary listed and to sign it using DocuSign. Then I could keep a copy of the finalized form as documentation of beneficiary.
I was quite surprised and a bit shocked when I opened the e-mail. A simple click of a "View Document" revealed everything you don't want
in a e-mail: SSN/DOB/password to acct. I thought having such info in an e-mail (even via a attached link) was not considered good practice.
What is different about DocuSign that makes CU think things are fine this way?
for 6 mos.) They said they would e-mail me copy of application which had beneficiary listed and to sign it using DocuSign. Then I could keep a copy of the finalized form as documentation of beneficiary.
I was quite surprised and a bit shocked when I opened the e-mail. A simple click of a "View Document" revealed everything you don't want
in a e-mail: SSN/DOB/password to acct. I thought having such info in an e-mail (even via a attached link) was not considered good practice.
What is different about DocuSign that makes CU think things are fine this way?
Re: Familiar w/ DocuSign? Secure?
That was a link to a website where the document is hosted. It may be one of DocuSign's servers, or the company that uses their product may host their own internal DocuSign server. If you really wanted to prove it to yourself, you could install something like Fiddler or a packet sniffer on your PC and see that they open a HTTPS request when you click on the link.
Re: Familiar w/ DocuSign? Secure?
As 2retire said, I would verify that you're on a secure connection to an actual DocuSign server, but once you are sure of that, I would readily trust DocuSign with a document containing confidential information. We use it for highly confidential and multi-million dollar contracts.
I can see your concern with a link in an open email to a document containing pre-populated confidential information. I would prefer that they leave that for me to complete.
I can see your concern with a link in an open email to a document containing pre-populated confidential information. I would prefer that they leave that for me to complete.
Re: Familiar w/ DocuSign? Secure?
Clicking on view document opened it up in your browser on the Docusign server. As others mentioned above it should have been over an HTTPS connection. That information was almost certainly NOT in the email itself.kaneohe wrote:I A simple click of a "View Document" revealed everything you don't want
Electronic verification systems like this are going to become more and more prevalent in t future. If done right they are theoretically more secure than paper docs and easily forged pen signatures.
Re: Familiar w/ DocuSign? Secure?
As others have said, Docusign itself is very secure. They way the CU is using it, not so much. Best practice is that you would be prompted for some additional information after you clicked the link - for example last 4 of SSN and your birthdate or last name. Only then would the document be shown. Docusign supports this but it is up to the CU exactly how they implement it.
Re: Familiar w/ DocuSign? Secure?
Thanks to all for your comments. . I am thinking now that the comments above summarize things........that although the process may be very secure, the CU actual process degrades things. The sequence was I was sent e-mail w/ attached document; after I signed on DocuSign, e-mail w/ my signature went to spouse for 2nd signature. After 2nd signature, it was returned to CU, and then I was sent a copy of the finished document w/ both signatures. This final copy had 2 layers of security: the e-mail log in and then when I clicked on the link to view document, another password was required.Kenkat wrote:As others have said, Docusign itself is very secure. They way the CU is using it, not so much. Best practice is that you would be prompted for some additional information after you clicked the link - for example last 4 of SSN and your birthdate or last name. Only then would the document be shown. Docusign supports this but it is up to the CU exactly how they implement it.
However, in the initial stages when I was signing and when spouse was signing, the document w/ all the sensitive info could be seen using only
the e-mail log in info.
Re: Familiar w/ DocuSign? Secure?
but if someone hacked into my e-mail,wouldn't they have able to view the document just as I did?jharkin wrote:Clicking on view document opened it up in your browser on the Docusign server. As others mentioned above it should have been over an HTTPS connection. That information was almost certainly NOT in the email itself.kaneohe wrote:I A simple click of a "View Document" revealed everything you don't want
Electronic verification systems like this are going to become more and more prevalent in t future. If done right they are theoretically more secure than paper docs and easily forged pen signatures.
Re: Familiar w/ DocuSign? Secure?
They could, but didnt the bank give you a code to enter when you clicked that view document link?kaneohe wrote:but if someone hacked into my e-mail,wouldn't they have able to view the document just as I did?jharkin wrote:Clicking on view document opened it up in your browser on the Docusign server. As others mentioned above it should have been over an HTTPS connection. That information was almost certainly NOT in the email itself.kaneohe wrote:I A simple click of a "View Document" revealed everything you don't want
Electronic verification systems like this are going to become more and more prevalent in t future. If done right they are theoretically more secure than paper docs and easily forged pen signatures.
When I have had DocuSign documents, the bank emailed me the link, but provided me the code verbally over the phone. Both were needed to get in to see the sensitive information.
If there was not code or password then you are absolutely right - big vulnerability.
Re: Familiar w/ DocuSign? Secure?
Yeah we used docusign for our most recent home sale and purchase. No code, just clicked the link. Not great.
- Clever_Username
- Posts: 1915
- Joined: Sun Jul 15, 2012 12:24 am
- Location: Southern California
Re: Familiar w/ DocuSign? Secure?
Same. I also used it for a lease on my previous apartment and for leasing out my previous condo.mega317 wrote:Yeah we used docusign for our most recent home sale and purchase. No code, just clicked the link. Not great.
"What was true then is true now. Have a plan. Stick to it." -- XXXX, _Layer Cake_ |
|
I survived my first downturn and all I got was this signature line.
Re: Familiar w/ DocuSign? Secure?
Nope , no code to view document before signing In the process of signing I was asked to provide a password to be used in the future.jharkin wrote:They could, but didnt the bank give you a code to enter when you clicked that view document link?kaneohe wrote:but if someone hacked into my e-mail,wouldn't they have able to view the document just as I did?jharkin wrote:Clicking on view document opened it up in your browser on the Docusign server. As others mentioned above it should have been over an HTTPS connection. That information was almost certainly NOT in the email itself.kaneohe wrote:I A simple click of a "View Document" revealed everything you don't want
Electronic verification systems like this are going to become more and more prevalent in t future. If done right they are theoretically more secure than paper docs and easily forged pen signatures.
When I have had DocuSign documents, the bank emailed me the link, but provided me the code verbally over the phone. Both were needed to get in to see the sensitive information.
If there was not code or password then you are absolutely right - big vulnerability.
So once the process was complete with both signatures, I got another e-mail with a similar looking link but this time I had to provide that
password to view. So final result seemed ok but the initial interim steps didn't sound very secure.
Re: Familiar w/ DocuSign? Secure?
ditto. used it to sign some mortgage documents some time ago
Long is the way and hard, that out of Hell leads up to light.
-
- Posts: 1446
- Joined: Wed Apr 17, 2013 12:05 pm
Re: Familiar w/ DocuSign? Secure?
I completed every document for new construction except final closing via Docusign. I also sold my last property via Docusign (also minus closing). I believe they are trustworthy.
Re: Familiar w/ DocuSign? Secure?
Perhaps this is the explanation..........I do remember the rep saying they would send something to my cellphone. Perhaps that was the code.kaneohe wrote:Nope , no code to view document before signing In the process of signing I was asked to provide a password to be used in the future.jharkin wrote:They could, but didnt the bank give you a code to enter when you clicked that view document link?kaneohe wrote:but if someone hacked into my e-mail,wouldn't they have able to view the document just as I did?jharkin wrote:Clicking on view document opened it up in your browser on the Docusign server. As others mentioned above it should have been over an HTTPS connection. That information was almost certainly NOT in the email itself.kaneohe wrote:I A simple click of a "View Document" revealed everything you don't want
Electronic verification systems like this are going to become more and more prevalent in t future. If done right they are theoretically more secure than paper docs and easily forged pen signatures.
When I have had DocuSign documents, the bank emailed me the link, but provided me the code verbally over the phone. Both were needed to get in to see the sensitive information.
If there was not code or password then you are absolutely right - big vulnerability.
So once the process was complete with both signatures, I got another e-mail with a similar looking link but this time I had to provide that
password to view. So final result seemed ok but the initial interim steps didn't sound very secure.
I told her I didn't have a cellphone so they sent the e-mail anyway with the contents easily visible w/o code. So as some said, perhaps theDocuSign
process is fine, but the CU cut corners and used a fast & cheap method .......but non-secure.........to avoid a longer & more costly process of US mail.