PDF Security By Joel Rydbeck
recently received an e-mail from PayPal regarding some "questionable activity on my account." The message said that customer service had made multiple attempts to contact me, and if I didn't sign in within 24 hours using the link provided, my account would be suspended.
When I clicked on the link, the page that opened had the look and feel of PayPal, but when I looked closely at the URL, it wasn't PayPal's URL. Why the discrepancy? I was a victim of a cyber crime known as phishing.
In this case of phishing, a disreputable third party tried to gain access to my PayPal username and password. Because I am aware of these unethical practices I always look twice before giving out any confidential information online.
Phishing e-mails like the one I supposedly received from PayPal are only the tip of the iceberg in terms of fraud. Make sure that when you receive an important message, especially one that asks you to provide financial account information, the message really is from whom it says it's from and it wasn't tampered with or altered.
Electronic communication is very valuable to those of us in the financial services industry. It cuts down on a lot of paper, speeds up communication and makes it easy for us to transact business in minutes instead of days.
Business today depends heavily on faxing and e-mailing signed and approved documents. Most of us never see who is really signing the paperwork. At Nubrek Inc. we have a lot of customers we've never met in person. I'm sure that as a merchant level salesperson you do, too.
This is where digital signatures come into play, especially in a Portable Document Format, or PDF. When someone digitally signs a document, the creator can protect the document using the following features:
- Signature Display: Display your signature on the document but only if the document hasn't been altered
- Restrict Changes: Manage who can change the document
- Restrict Viewing: Control who can view the document
- Document Expiration: Control when the document can be viewed
- Restrict Reproduction: Control who can print or reproduce the document
As a viewer, this also protects you because you know that the document came from the sender and hasn't been tampered with.
How Digital Signatures Work
Several months ago, I wrote an article on Web browser security, or HTTPS (see "Understanding Web Site Security," The Green Sheet, June 27, 2005, issue 05:06:02 ). Securing a Web site and a digital document are similar concepts.
When someone digitally signs a document, the contents of the document are encrypted with keys. These keys govern what someone can do to the document, whether they can change it or view it. As the document creator, I create keys that allow recipients to do different things.
PDF is a document type developed by Adobe Systems Inc. I'm sure many of you are familiar with PDFs because they are used all over the Internet. In fact, this very article will be included in a PDF of The Green Sheet that will be published on GS Online ( www.greensheet.com ).
Adobe created the PDF format in the early 1990s to ensure that documents always appear the same no matter where or how they are viewed. For example, PDFs look the same on a Windows computer screen as they do on a Macintosh or as they do when printed.
Later, Adobe added encryption and digital signature capabilities to the PDF specification to enable the transmission and protection of sensitive information. This only furthered the original mission of PDFs by ensuring that information securely appeared the same to each viewer.
How to Tell if a Document Is Digitally Signed
Adobe Reader displays a lock in the lower left hand corner of the document, just as many Web browsers display locks to show that pages are secure. Also, since we all like to see a signature at the bottom of the page, document senders can optionally tie their signature to the encryption in the file. If anyone tries to alter the signature or content, the signature will automatically be invalidated.
By securing a PDF you ensure that what you pass on to employees or customers is exactly what they see. On the flip side, when you open a secure PDF you can be certain that the document hasn't been tampered with.
Securing a Document
If you've never viewed or created a PDF, now is the time to start. This won't take much time, and I assure you that you'll use this skill in everyday work. The following steps show how to preserve the security of documents.
To read and view PDFs:
- Download the free Adobe Reader software at www.adobe.com .
- Click on the Get Adobe Reader icon. This will allow you to view digitally signed or protected documents.
Use a free software application to create PDFs such as PrimoPDF. Go to www.primopdf.com . Select Download Now, and then follow the prompts to install the program.
To create a PDF:
- Open your document.
- Select Print. In the Print dialog box, from the Printer Name drop-down menu, select PrimoPDF and then OK. You'll then be prompted for the PDF file you want to create.
Options enable you to password protect (restrict who sees and makes changes) and secure documents. This is a great first step for securing sensitive information. Although the software is somewhat limited, it is easy to use and adequate for most of what you'll probably need to do for now.
As your document securing needs grow you may need a more sophisticated tool, such as Adobe Acrobat. Acrobat can create almost any type of digitally signed and protected PDF document. Amazon.com sells the software for about $270. Digital signatures are becoming more prevalent in today's electronic society. It is imperative that we know exactly with whom we are communicating and that the information hasn't been tampered with.
It's also important to be able to electronically approve material and ensure that the approval holds up in court. While I'm not a lawyer and I can't make any legal claims here, PDF security is a great first step. It ensures that:
- Document signatures are valid, not forged
- Document wasn't modified or tampered with
- Document wasn't reproduced
- Document is only viewable by certain individuals.
Joel Rydbeck, Chief Executive Officer of Nubrek Inc., brings his strong background in e-commerce and business process automation to the merchant services industry. Nubrek offers eISO, a Web application for ISOs that tracks leads and provides automated residual and commission reports. For more information on eISO or to view a free demo, visit
www.nubrek.com/eiso.html . E-mail Rydbeck at
joel@nubrek.com .
|