Skip to main content
Participant
February 20, 2016
Answered

Dubious security on esign return documents

  • February 20, 2016
  • 1 reply
  • 754 views

I'd love to get some feedback on what I assume is a case of bad admin.

I received an eSign email for a document from my tax preparer. Hit the link, filled it out and sent it. It went to my wife next and that's when I noticed something amiss. ANYONE could hit the link and see the half filled doc (ss#'s and lots of personal details.) I had her finish it and once it was complete the link was dead. My thought was 'great at info least that leak is dead, but I should probably say something to our tax preparer.'

Two minutes later we both received a confirmation email that the doc was "Signed and Filed!" In that email was a link to the completed document and an attached PDF of it, BOTH without any kind of password protection (meaning the link and the pdf could be opened anywhere.)

MY QUESTION: Am I missing something regarding the security or is this a mistake on their part? Is there a way to send eSign docs that don't have any kind of security authorization requirements? I consider myself moderately well informed on the tech front and feel I would have heard about something that didn't require the received to input some kind of authorization info.

Please reply! Your feedback is VERY much appreciated.

J

This topic has been closed for replies.
Correct answer Rijul Raj Khurana

Hello Jonathan,

Thanks for sharing your experience. As per the default workflow, the document is sent to the email address(s) involved in transaction. Now, if there are form fields which needed sensitive information, then the sender can mask the fields and when the signer fill such fields, they would be replaced with '*******' characters. The sender can retrieve the information masked by logging into his E-Sign account.

Now, regarding signed and filed email having copy of signed document, the sender can further more protect it by applying password to open it. Only the person involved in transaction receives the email for accessing it.

Let me know if you need more help.

Regards,

-Rijul

1 reply

Rijul Raj KhuranaCorrect answer
Inspiring
February 21, 2016

Hello Jonathan,

Thanks for sharing your experience. As per the default workflow, the document is sent to the email address(s) involved in transaction. Now, if there are form fields which needed sensitive information, then the sender can mask the fields and when the signer fill such fields, they would be replaced with '*******' characters. The sender can retrieve the information masked by logging into his E-Sign account.

Now, regarding signed and filed email having copy of signed document, the sender can further more protect it by applying password to open it. Only the person involved in transaction receives the email for accessing it.

Let me know if you need more help.

Regards,

-Rijul

Participating Frequently
May 18, 2017

So i masked certain fields, but when I sign into my Adobe Sign account to retrieve the document that was sent back to me, I can only see XXXX's. How do I retrieve the information?