Digital Signatures
The use of digital signatures is efficient. It is a system you should be adopting.
The Process
- Following all the data verification and reconciliation, produce the document that needs to be authorised.
- Create the PDF (possibly using just the print driver or product from within your software).
- Some digital signature programs then require you to indicate where the digital signature is to be placed on the document.
- Securely send (see below #1) the document to the person authorised to sign on behalf of the business. You may have noticed the rapid development of business portal systems to enable this send and return of documents.
- Business opens and reviews the document and the declaration clauses.
- Business can “digitally sign” the form, (see below #2 re methods of signing).
- Document is securely returned to you for lodgement, (see below #3).
- Ensure it has been signed and not “rejected”, (see below #4).
- Lodge the document, (preferably electronically).
- Store the document with the imbedded digital signature details.
Implications
#1 Secure Delivery of Documents
Privacy law requires you to consider how you provide information to your clients. Emailing anything with a TFN disclosed is not acceptable.
Fortunately, we are also beginning to have access to software that provides a secure communication channel with our businesses. In some cases, it is the “client portal”, in some cases the PDF becomes encrypted or password protected.
We recommend you check the security of your email system. Free email providers may be free because they are interrogating the contents of each email for marketing information. Use of such services would be in breach of privacy and tax laws.
#2 Digital Signing
We are typically moving away, (thankfully), from using the mouse to emulate your normal signature. The better system is where the “Authoriser” has to be identified to the system by pin or password and then is able to “Approve/Sign” the document by hitting the button.
Please note Step 6 above where you need to ensure that the system you adopt causes the business to actually review the document before they can approve it. The system should only allow them to “sign” it when they are aware of what they are signing and the terms of the declaration attached to the form.
It has been argued that why should a digital signature be harder to attach than simply signing paper that the business hasn’t read. Our response: With paper you have a physical signature by the business on the line beside the declaration – the person signing has to take responsibility for applying that signature. In a digital world we have to enable/enforce the business owner to take responsibility for “approving” a form for lodgement. If they are responsible, then we are concerned it will be argued that any fault is more readily attributable to the bookkeeper who provided the form.
#3 Notification Systems
We like the development of practice management systems that provide the communication system between the business owner and yourself. When the document is signed by the client, you receive a notification telling you it is approved and ready for lodgement.
#4 “Reject” or Comments from the Business
We also like the concept of the digital signature program providing the mechanism for the business to easily reject the form but more importantly to easily ask questions or make comments.
Current Systems
Unless you are a person that has been specifically delegated authority to approve forms for lodgement then you must ensure your system obtains deliberate authority from the business person.
We are concerned that some systems may be allowing lodgement of data/forms without specific review of what is being lodged, without any form of declaration being sighted, without any requirement to obtain authorisation to lodge.
It also appears that some systems are not automatically storing the “form” of what has been lodged.
Remember that as a BAS agent, the TASA 2009 requires specific authorisation to be given by the client for every electronic lodgement of a form with the ATO.
Related References
Background - Electronic Record Keeping
The Electronic Transactions Act 1999 contains specific provisions which state that a requirement or permission for a person to provide information or authorisation for a document can be satisfied by electronic communications. There are certain criteria for sharing and storing documents electronically, and there are risks with this, despite the convenience of it. See ICB - Electronic Document Storage for more detail.
What is the difference between a digital signature and electronic signature?
Electronic Signatures
Electronic signatures are legally acceptable but not totally secure in the authentication process. Electronic signatures can have the same legal effect as handwritten signatures, with certain provisos. One of the risks with electronic signatures is that the document could still be altered after being signed. For many documents, an electronic signature may satisfy ordinary requirements; for other documents you need verification and proof of the identity of the signatory.
Digital Signatures
Digital signatures were introduced as a way to increase the security and authentication of a signature. A true digital signature utilises technology that associates the signature with verifiable data, rather than simply capturing a digital image and attaching it to a document. Most digital signatures use “public key cryptography” to verify the identity of the user, by using embedded coding in the signature process. The public key is viewable by the recipient. There may also be an image of a signature attached to the document as another method of verification, although this is not strictly necessary because the coding is the meaningful verification.
The public key shows the name of the person linked to the digital signature and can verify the process, showing if a document has been altered after signing.
The digital signature process still requires you to take care of security and privacy for yourself and your clients, as there are still risks associated with this process. However, the risk would be similar to having a signature forged, which would be considered fraud.
Resource: Obtaining Digital Signatures.
See article on Electronic signatures and their legal validity in Australia for more detail.
Product Review
Digital signatures are becoming adopted as a standard part of efficient business practice. There are many options out there, but we have chosen to list a few of the more popular and known solutions.
Signature App Name | Details | Documents | Price per month |
Secured Signing Digital |
ICB member pricing |
50 per month |
$9.95 first user $7.95 additional users |
GovReports Digital |
Must have GovReports subscription |
Unlimited |
$79/mth normally
ICB member price avail
|
SignEasy Electronic |
Good pricing and easy to use |
10 per month |
USD $5 pay as you need |
Unlimited |
USD $40 per month per user |
Adobe Echosign Digital |
Well known and trusted |
Unlimited |
USD $15 |
RightSignature Electronic |
Also well known and trusted, created by Citrix |
Unlimited |
USD $11 (1 user) |
Unlimited |
USD $39 (multiple users) |
Hellosign Digital |
Works well with Gmail |
3 per month |
Free |
Unlimited |
USD $13 (1 user) |
Unlimited |
USD $40 (multiple users) |
DocuSign Digital |
Has real estate plans also; used by major Australian businesses |
5 per month |
$10 (1 user) |
Unlimited |
$20 (per user) |
DigiSigner Electronic |
Good pricing and easy to use |
5 per month |
Free |
Unlimited |
USD $8 |
MYOB |
Offered as part of the MYOB Portal, currently only for Accountants Office and Accountant Enterprise |
Reckon |
Offered as part of the Document Management and Portal and Virtual Cabinet |
Xero |
Provided through add-on RightSignature |
QBO |
Currently no add-ons offering true digital signatures, but several add-ons allow capture of physical signatures to store electronically |
-
Updated: Originally published October 2015