Stealing Your Signature Is Easy

In the April issue, our story regarding FNC's AppraisalPort and the AI XML format ("Paying to use your own bathroom", click here) touched off a firestorm of public debate regarding the "chain of custody" of an appraisal report, USPAP mandates of prudent signature security, unlocking and cracking of PDFs, and the alternatives available to appraisers to protect themselves and their work - whether from alteration, data harvesting, or even identity theft. In this article, we're going to look at what we're doing at a la mode to offer appraisers solutions to those problems.

First, let's look at what cannot be done before we talk about what can be done. (pq)

You cannot deliver an appraisal report which fully protects itself through any self-contained means. PDFs can be cracked, even if password protected and encrypted. There's software available for download which will do it. And even if you find some super-duper format you think can't be broken, someone can always go "old school" on you, and use a scanner to just lift your signature off of any report and graft it onto the PDF of a whole new report. If it can be viewed on screen, it can be snatched and replicated sufficiently to get past an underwriter or a quality control firm. It's that simple.

To get past that problem, we have to stop focusing on the PDF of the report itself. The issue is not one of security, since security can be breached. It's one of authentication. Security merely protects a file from being altered, but authentication verifies not only who you are, but which reports are really yours, and what they said when you delivered them. Security is simple to break, but authentication is exceptionally difficult to fake. Someone can break into your house and steal your wallet in seconds, but they can't easily forge your fingerprints, match your voice print, and know your mother's maiden name.

To make authentication work, we first have to dispense with the notion of "digital signatures" as appraisers commonly refer to them today. In the appraisal software on the market thus far, digital signatures are merely pictures of your ink on a blank sheet of paper. Anyone can steal it, no matter what your software vendor tells you, even if they charge you for an "encrypted signature". It's still nothing but a pretty picture. It has no intelligence and no means of being verified.

That's changing however as we move to e-signatures and third-party data escrowing of authentication information. Those are new terms for most appraisers, but they're not just theoretical ideas.

We've actually been doing e-signing and authentication in our SureDocs mortgage product for quite some time now. (You can see it at Since we introduced it in May of 2006, it's been used to apply literally millions of legally binding and accepted e-signatures to mortgage documents by borrowers and lenders worldwide. While it's a mortgage-specific program right now, the core technologies are fully applicable to appraisals, and we're wrapping them up in a proper appraiser-specific interface right now.

Unlike what you're used to, e-signatures have nothing to do with a picture of what your hand makes when you wiggle a pen around on paper. E-signatures are electronic markers containing unique data that indicates that the person doing the signing has proven who they are, and that the signature is valid only in conjunction with the particular document to which it's being attached. An e-signature, if scanned and attached to another report, can be identified as fraudulent in just seconds. Or conversely, a report that's been cracked and had its data modified will no longer match the identifying data embedded in the e-signature.

How do WinTOTAL and SureDocs know you are who you claim to be? In current software, anyone can claim they're you if they have a copy of your signature, and as we've seen, any pre-teen kid can get it from one of your reports in minutes. With our SureDocs technology, you go through a one-time question-and-answer session to prove you're actually you, using data pulled in real time from your credit report and other online databases. Once you pass the challenges, it grants SureDocs a digital key verifying that you've been authenticated. At that point, you can apply a signature to an appraisal using the password that you created during authentication.

WinTotal Signature

This screen shot of our newest "a la mode labs" version of WinTOTAL, code-named "Armstrong" (click here to learn more about it), shows what a SureDocs-signed appraisal report looks like. As you can see, there's a box around a signature, with a serial number. That serial number comes from your digital key together with a digital fingerprint of all of the data in your report. It's completely unique. Each time you sign a report, it's different.

There's also an essential notice - like a short addendum - dynamically inserted into the report, your cover letter, and any other location you specify. That notice tells the reader that the report is matched to the digital serial number and that it can be verified against the appraisal online (we're also adding it into the signature box itself).

That's where the escrowing comes in. When you deliver a report signed with SureDocs, we'll store salient data from the report, a "digital fingerprint" of the whole PDF, and a link to your appraisal credentials (nothing that others can steal), on our secure escrow servers. Anyone can type in the serial number on the escrow website, and compare what it shows against the report they're holding. It can also digitally analyze a PDF and use the stored fingerprint to tell you if it's been altered in any way whatsoever.

If someone stole your signature and made up a fake number, it will say it's fake when they type it in. If they left the number as is and applied it to an altered report, the report the reader sees won't match the data in the website.
And, if you ever wind up in a legal dispute over what was delivered and when, and exactly what it said when it was sent, the escrow servers can produce a fully independent audit trail of who received it, when, and what the exact delivered contents were, as well as the authentication procedures used to generate it. We see that dispute arise all the time on faked reports. If you just e-mail a report, and they alter it, it literally comes down to your word against theirs in court. Not with SureDocs data escrowing.

You can use the current mortgage version of SureDocs right now and see in general how it all works. It's not smoke and mirrors. It's been used for millions of signatures and accepted by the largest lenders in the world, because it addresses the "three A's" exceptionally well: Authentication, Authorization, and Auditing.

As we go to press, WinTOTAL's "Armstrong" version is undergoing Windows Vista certification. You can learn more about it on the a la mode labs website (, and sign up to receive a free copy as soon as it's back from Microsoft's approved testing lab.

Until then, just rest assured that help is on the way.