Not with MY signature!
C Emmons said:
... I can tell you what my MIS guy says the plan is.
He is trying to purchase a business card scanner (100.00). If this gets approved we will send blank signature cards out and have the managers sign them. Scan them. Somehow MIS is assigning "PIN" numbers for each signature. You just enter your personalized pin# and your signature prints out.
What you are describing here is actually storing a picture of a person's actual signature in a computer.
[Caution! Strong personal opinions ahead!]
In my opinion, a system such as you describe has a major potential for abuse that can damage the cormpany and the people whose signatures are stored.
Personally, I will not knowingly do anything that will result in my signature being captured in a computer system. There are many companies that do this, but none has ever been able to tell me (a) why they need it, (b) what they do with it, or (c) how they make it any more secure than any other of their records that are regularly stolen electronically. To me, allowing someone else to have my signature is as dangerous -- possibly
more dangerous -- as letting them have my socialist insecurity number. (For one thing, there are a number of biometric identity verification systems that use the person's signature as the authenticator - it's
that personal!)
[End of strong personal opinions.]
There are a number of secure digital signature or digital ID products on the market, all based on the public-key encryption algorithm. They all provide a signature or identification that (1) cannot be forged, (2) provides authentication of who made the signature and when, and (3) authenticates the document by verifying that it has not been changed since
that signature was applied. Note that none of those three things can be provided by a picture of someone's signature, or even by the actual ink on paper.
This technology is not new, and it is available in many products. Every time you use a secure web page you are using a weak form of public-key encryption, because it is built into your web browser software. That is the part which encrypts your passwords and credit card numbers. If you have Microsoft Outlook then you also have digital signature capability for e-mail. (Select Options from the Tools menu, choose the Security tab, and see the "Secure e-mail" and "Digital IDs (Certificates)" sections.) There are also shareware and commercial programs specifically for this functionality, and the capability is built into many other products - Adobe Acrobat and Lotus Notes come to mind instantly.
As for documents in the QMS, using encrypted digital signatures should not be a problem. Our auditor was unfamiliar with it, but after a quick demonstration he accepted it with no problem.
Yet another system, also in the $100 price range, is one that creates an encrypted digital signature or ID based on a person's fingerprint. The user "signs" a document by just placing the correct finger on a small reader, and it verifies the identity and applies the digital signature to the document.
With all of the available alternatives - especially ones that are more secure and provide authentication of both the signer and the signed document - I would suggest seriously resisting using an actual picture of a signature. (
Especially if it means memorizing yet another !@#$%^&* four-digit PIN!)
)
