Did you know that copying and pasting an image of a signature is neither safe nor legally valid in Indonesia? Copy-pasting a signature image works the same way as scanning a signature, meaning both methods are insecure.
So why is using a scanned signature online unsafe? What is a more reliable solution for digitally signing documents? Read on to find out!
Why Are Scanned Signatures Unsafe?
Using a scanned signature to sign digital documents poses several major risks to data security and document authenticity. Here are the key reasons:
1. Easily Forged
A scanned signature is just an image that can be easily edited, copied, or used without the owner’s knowledge. Someone could take an image of your signature from an old document and paste it onto another document without your consent.
2. Cannot Be Verified
How can you ensure that a scanned signature was actually placed by the authorized person? The answer is you can’t. This is why scanned signatures lack security features that allow verification of who signed the document and when the signature was made.
3. Not Legally Valid
Many companies, institutions, and legal regulations do not recognize scanned signatures as legally valid. Because they lack strong authentication mechanisms, documents signed with scanned signatures can be rejected in official transactions.
4. Prone to Misuse
The ease of scanning a signature also makes it easy to store and access. Imagine if someone gained access to a file containing your signature saved on a computer, email, or social media. They could use it to sign contracts, agreements, or other important documents without your knowledge.
Scanned Signatures Are Not Digital Signatures
A scanned signature cannot be considered a digital signature. In Indonesia, the correct term for non-ink-based signatures is an Electronic Signature. According to Kominfo (now Komdigi), an Electronic Signature is a signature consisting of electronic information that is attached to, associated with, or linked to other electronic information used for verification and authentication purposes.
This means that digital or electronic signatures are legally regulated and recognized as a valid signing method with legal authority.
Some of the legal foundations governing digital signatures in Indonesia include:
1. Law No. 11 of 2008 on Electronic Information and Transactions (ITE Law)
According to Komdigi’s official website, an Electronic Signature has legal force and valid legal consequences as long as it meets the following requirements:
- The electronic signature creation data is uniquely linked to the signer.
- The electronic signature creation data is under the exclusive control of the signer at the time of signing.
- Any modifications to the electronic signature after signing can be detected.
- Any modifications to the electronic information linked to the electronic signature after signing can be detected.
- There is a method to identify the signer.
- There is a method to demonstrate that the signer has given consent to the associated electronic information.
2. Government Regulation No. 71 of 2019 on Electronic System and Transaction Management
This regulation emphasizes that electronic signatures must be verifiable and cannot be altered once applied to an electronic document.
3. Minister of Communication and Information Technology Regulation No. 11 of 2018
This regulation establishes the framework for Electronic Certification Providers (Certificate Authorities – CA) responsible for issuing legally recognized digital signature certificates.
Key Elements of a Digital Signature
Several fundamental aspects differentiate a digital signature from a scanned signature:
1. Digital Signatures Cannot Be Created Randomly
Legally valid digital signatures in Indonesia can only be issued by authorized institutions. Electronic Certification Providers (PSrE) are government-regulated entities under Kominfo that manage digital signatures and protect online transactions from forgery.
PSrEs issue Electronic Certificates to each user. These certificates are embedded within digital signatures, linking them to verified personal data. This ensures that every digital signature issued through a PSrE automatically includes an Electronic Certificate, making it far more secure than a scanned signature.
2. Digital Signatures Require ID Verification (KTP)
To ensure that an electronic signature holds the same legal standing as a handwritten signature, users must verify their identity using their National ID (KTP).
Here’s how the process works:
- Users upload their KTP as proof of identity when registering with a PSrE-certified application like VIDA.
- The system performs biometric verification, matching the user’s face with the KTP data.
- Once verified, the user receives an Electronic Certificate, which is securely linked to their personal identity.
This means that every digital signature made with VIDA cannot be forged, as it is tied to a verified identity.
3. Authentication Process for Every Signature
Every time a user signs a document with VIDA Sign, the system requires authentication, such as face verification or an OTP code.
The purpose of this authentication step is to:- Ensure that only the rightful owner can sign documents.
- Guarantee the legal integrity and validity of the digital signature.
- Prevent unauthorized use of the signature by others.
Using a scanned signature for documents may seem easy, but the risks are too high. Documents can be easily forged, they are not legally valid, and they are vulnerable to misuse.
With VIDA Sign, you can sign documents securely, easily, and legally. You no longer have to worry about your signature being misused, as every digital signature undergoes strict authentication and verification.
So, do you still want to use scanned signatures? It’s time to switch to a secure, easy, and legally recognized digital signature!