Highlighted

Dubious security on esign return documents

New Here ,
Feb 19, 2016

Copy link to clipboard

Copied

I'd love to get some feedback on what I assume is a case of bad admin.

I received an eSign email for a document from my tax preparer. Hit the link, filled it out and sent it. It went to my wife next and that's when I noticed something amiss. ANYONE could hit the link and see the half filled doc (ss#'s and lots of personal details.) I had her finish it and once it was complete the link was dead. My thought was 'great at info least that leak is dead, but I should probably say something to our tax preparer.'

Two minutes later we both received a confirmation email that the doc was "Signed and Filed!" In that email was a link to the completed document and an attached PDF of it, BOTH without any kind of password protection (meaning the link and the pdf could be opened anywhere.)

MY QUESTION: Am I missing something regarding the security or is this a mistake on their part? Is there a way to send eSign docs that don't have any kind of security authorization requirements? I consider myself moderately well informed on the tech front and feel I would have heard about something that didn't require the received to input some kind of authorization info.

Please reply! Your feedback is VERY much appreciated.

J

Hello Jonathan,

Thanks for sharing your experience. As per the default workflow, the document is sent to the email address(s) involved in transaction. Now, if there are form fields which needed sensitive information, then the sender can mask the fields and when the signer fill such fields, they would be replaced with '*******' characters. The sender can retrieve the information masked by logging into his E-Sign account.

Now, regarding signed and filed email having copy of signed document, the sender can further more protect it by applying password to open it. Only the person involved in transaction receives the email for accessing it.

Let me know if you need more help.

Regards,

-Rijul

Topics

Questions Need Help

Views

253

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Dubious security on esign return documents

New Here ,
Feb 19, 2016

Copy link to clipboard

Copied

I'd love to get some feedback on what I assume is a case of bad admin.

I received an eSign email for a document from my tax preparer. Hit the link, filled it out and sent it. It went to my wife next and that's when I noticed something amiss. ANYONE could hit the link and see the half filled doc (ss#'s and lots of personal details.) I had her finish it and once it was complete the link was dead. My thought was 'great at info least that leak is dead, but I should probably say something to our tax preparer.'

Two minutes later we both received a confirmation email that the doc was "Signed and Filed!" In that email was a link to the completed document and an attached PDF of it, BOTH without any kind of password protection (meaning the link and the pdf could be opened anywhere.)

MY QUESTION: Am I missing something regarding the security or is this a mistake on their part? Is there a way to send eSign docs that don't have any kind of security authorization requirements? I consider myself moderately well informed on the tech front and feel I would have heard about something that didn't require the received to input some kind of authorization info.

Please reply! Your feedback is VERY much appreciated.

J

Hello Jonathan,

Thanks for sharing your experience. As per the default workflow, the document is sent to the email address(s) involved in transaction. Now, if there are form fields which needed sensitive information, then the sender can mask the fields and when the signer fill such fields, they would be replaced with '*******' characters. The sender can retrieve the information masked by logging into his E-Sign account.

Now, regarding signed and filed email having copy of signed document, the sender can further more protect it by applying password to open it. Only the person involved in transaction receives the email for accessing it.

Let me know if you need more help.

Regards,

-Rijul

Topics

Questions Need Help

Views

254

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Feb 19, 2016 0
Adobe Employee ,
Feb 21, 2016

Copy link to clipboard

Copied

Hello Jonathan,

Thanks for sharing your experience. As per the default workflow, the document is sent to the email address(s) involved in transaction. Now, if there are form fields which needed sensitive information, then the sender can mask the fields and when the signer fill such fields, they would be replaced with '*******' characters. The sender can retrieve the information masked by logging into his E-Sign account.

Now, regarding signed and filed email having copy of signed document, the sender can further more protect it by applying password to open it. Only the person involved in transaction receives the email for accessing it.

Let me know if you need more help.

Regards,

-Rijul

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Feb 21, 2016 2
KCCat LATEST
Community Beginner ,
May 18, 2017

Copy link to clipboard

Copied

So i masked certain fields, but when I sign into my Adobe Sign account to retrieve the document that was sent back to me, I can only see XXXX's. How do I retrieve the information?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 18, 2017 0