Some of the most common questions we’ve faced over the years have been concerned with the use of signatures on forms, both paper and electronic. These questions include the following:

1. How much trust can we place in signatures?
2. Does a signature identify the signer?
3. Does a signature guarantee that the person whose name appears in the signature space filled out the form?
4. Does a signature guarantee that the data entered in the form is correct?
5. Does a signature guarantee that data has not been altered since the form was signed?
6. How much space should be allowed?
7. Where should the signature be placed?  Should it be at the bottom or end of the form?
8. How do we get people to sign the form since so many people seem to leave it unsigned?
9. What is the value of electronic signatures?  Do they overcome the inherent problems of handwritten signatures?

The value of signatures

Electronic digital signatures are different and I’ll discuss them separately.

As a general rule, a signature is intended to imply that the person signing takes responsibility for all the data entered BEFORE (or above) the signature. However, in practice there are two common problems:

1. Data can be altered or entered by another person AFTER the form is signed and this is not always easy to detect.
2. A signature can be forged. It takes a handwriting expert to detect the difference and even then, the expert’s opinion is not an absolute guarantee.

I’ve often asked our clients how they make use of signatures from a legal perspective. It has been very rare to find an organization that goes to the trouble to scientifically check the authenticity of a signature. Even in the organizations that do check them, it is only in VERY rare and exceptional circumstances, usually when the validity of a signature is an issue in court.

Let me give you some real life scenarios:

1. I go into a bank with a signed form and withdraw some cash. The bank teller looks at the form and hands over the cash never even comparing the signature with the one held on file.
2. I purchase something and pay with a credit card. At least 50% of the time, the person serving doesn’t even compare the signature on the docket with the signature on the card. An even smaller number of people actually watch me signing the docket. This is important because a forger has to be really good to write a forged signature quickly, or at normal writing speed.
3. I sign a tax return or similar form and send it in. No one watches me signing and the form is processed without comparing the signature to a sample held on file.
4. A courier delivers a package and asks me to sign for its receipt. In many cases, such signatures are indecipherable and mean nothing unless the person’s name is printed next to it. Even then, it isn’t the signature that is used in any follow-up but the hand printed name.
5. A person applies for a financial loan and fills out a form, signing the space at the end. But then the person handling the processing of the form enters the technical details later, AFTER the form is signed.
6. A person is handed a form and asked to sign the space marked with an “X”. The person does so without reading the rest of the form.

So what does this mean—does it mean that signatures are useless or that we shouldn’t use them? Certainly not!  Signatures are valuable for a variety of reasons including the following:

1. They influence the form fillers to believe that they are taking responsibility for the content and accuracy of the data, especially when part of a declaration stating that the information is correct.  In this case, the primary value of the signature is psychological rather than practical.  Coupled with this is often a limitation on who can sign.
2. They help to prevent forgery when the recipient of the form watches the signature being written, such as on a credit card docket.
3. When compared to a copy held on file, a signature provides a degree of confidence that the form has been signed by the same person, but it is far from a guarantee.

In summary, while a signature does have some value, it is still easy for data to be altered by someone, after the form is signed. Also, it rarely, of itself, identifies the signer or gives a guarantee of who signed the form.  Some of the issues can be solved by the use of electronic signatures, but there is still usually no guarantee of the identity of the signer.

Signature space

Some years ago we had the opportunity to conduct an extensive research project into signature space.  We were able to measure 2000 signatures on a public use form and to collect relevant demographic data such as age, gender, ethnic origin, etc.

This resulted in a significant review of our approach to signature space design.

The most significant finding was that where the signature is to be inside a box, most people do not write within the space provided, but start writing ON the base line of the box. Some write the whole signature on the line while many write at an angle. This is important if you are scanning the forms for electronic imaging with a view to being able to read the signatures on screen at a later date. Modern scanning and computer technology is making this approach much more feasible for such matters as insurance claimant identification. It is for this reason that our preferred method (shown in figure 2) places a dotted line in the box. When this is done, people tend to write on the dotted line. You could also use a very pale screened line if it is to drop out in scanning.

We recommend that, wherever practicable, signature boxes be at least 60 mm (2 1/3”) wide x 22-25 mm (7/8”–1”) high with a fine writing line 15 mm (5/8”) from the top of the box. An even wider box would be preferable.

You should bear in mind that no matter how you draw your box, there will always be the person who, for personal or other reasons, chooses to write larger than the space provided. The people with the greatest difficulty are often aged people whose hand writing is shaky and who can’t see clearly. We’ve also found that some people will deliberately write outside the box boundary just because they object to being constrained, but there’s little you can do about these people.

Figure 1 simulates six typical signatures using the box size on the form we studied.  Most users started writing on the bottom of the box so this didn’t allow for character descenders to be inside the box.

Figure 1

Figure 2 shows the ideal solution, but this is obviously too large for some forms. All I can do is show you what works effectively. You’ll have to adjust the dimensions to suit your needs.

Figure 2

Placement of signature box

It is also common practice to also require the date of signing and the printed name of the signatory. In some cases the form would also have the person’s position in the organisation.

Getting people to sign the form

How you solve the problem will depend on the design of the form. In Australia, many public use forms are questionnaires with sequentially numbered questions. We’ve found this to be generally the best approach and a great asset in reducing user errors. If you design forms this way, then you can easily solve the problem by giving the signature (or declaration) its own question number. This way it is obvious to the form filler that the signature needs to be entered. We do extensive testing of our forms and this approach has had 100% success.

I need to add at this point that although the use of questionnaires is very successful in reducing data entry error, there are principles that need to be followed for them to work successfully. For more information see my book Forms For People, chapters 4 and 23.  You might also find the following papers on our web site of help:

How would you know if your forms were failing?

Reengineering business forms.

Note that this is not talking about digitised scans of handwritten signatures. I’m referring to a piece of electronic data that is unique to the signer. I don’t intend to provide a detailed technical explanation here. There are plenty of sources of such information on the Internet and in other publications.

But in summary, a digital signature is much like what is stored on a credit card. You place the credit card in the slot, enter your PIN, the machine reads the card and identifies you.  In an electronic form, the process is similar. You click in the signature field and it activates the built-in signature software. This will need at least two items of data, the actual digital signature and a PIN to unlock it. There are many ways in which this can be carried out. You could, for example, have your signature on a floppy disk or swipe card that only you have. You could also store the signature on your computer but this means that anyone who has your PIN can use it.

Another method of signing is that used by Shana in their Informed software. While Informed allows access to normal digital signature services, it also allows the user to sign a form by logging on to their email system. They enter their user name and password, the form logs on to the email system and verifies the identity of the person, and then logs off and places the name of the person and date signed on the form.  In this case, the insertion of the signature locks any fields predefined by the forms analyst so that they cannot be overwritten without deleting the signature first.

Note that, as with all digital signatures, this only guarantees the identity of the signer IF the signer’s PIN or password is secure. If other people have access to it, then it doesn’t provide that information.

Its value is that it allows the recipient to verify the signature and ensure that none of the signed fields on the form have been altered since it was signed. If anything has changed, verification returns an error.  In addition, the form template itself can be signed independently of the data to allow the recipient to check the validity of the form and that it hasn’t been altered by anyone wince it was designed.

The way in which digital signatures are implemented varies from program to program but irrespective of the method, they do provide much greater security than is provided with handwritten signatures.  The main value is in detecting fraud rather than identifying the signer, although the latter is possible if there is sufficient signing security.

Note that I’ve been talking about electronic signatures, not encryption.  The latter is a process whereby the data in a document can be hidden to anyone after encryption that doesn’t have the relevant key to decrypt the document. For example, we recently assisted with a trial for a government department that allowed users to submit a highly confidential document over the Internet. The encryption required 2 keys, one to lock the document and a different key to unlock it.  The form was filled out using Informed, and when the data was emailed, an encryption program detected the outgoing data and encrypted it with the Department’s Public Key (available to everyone). Once encrypted, it could only be unlocked with the Department’s Private Key (only available to selected departmental people), thereby preventing the data from being read by anyone who did not have access to the Private Key.

Summary

Hand-written signatures have some value as long as you realise their limitations.

Electronic signatures have greater security, but they generally can’t GUARANTEE the identity of the signer.

©  2002 Robert Barnett

For more information

Contact Robert Barnett and Associates Pty Ltd at:

MAIL: PO Box 95, Belconnen ACT 2616, Australia
PHONE: (02) 6241 9022 or (INTERNATIONAL) + 61 2 6241 9022
FAX: (02) 6241 9023 or (INTERNATIONAL) + 61 2 6241 9023
E-MAIL: rob@RBAinformationdesign.com.au