Securing E-Documents: How Electronic Signatures Protect Against Fraud In India's Digital Ecosystem

Bengaluru: As banking, insurance, business agreements and government services move online, electronic paperwork or e-documents have become part of everyday life. From e-receipts, e-way bills, and e-invoices to contracts and official filings, e-documents now play a central role in everyday transactions.

An e-document is a structured digital file that is created, processed, and stored electronically. Unlike a simple PDF, an e-document is generally machine-readable and is often exchanged through online platforms or software. These documents are widely used for record-keeping, communication, contracting and other routine transactions.

While e-documents are convenient for saving time and speeding up processes, they have also created a new risk. With the growing use of e-documents, the risks of forgery, tampering, and identity theft have also increased. This is where digital signatures come to the rescue, providing a safety layer to protect individuals and businesses from the misuse of electronic records.

Digital signatures are legally binding, encrypted alternatives to handwritten signatures (Getty Images)

These are widely used for filing income tax returns, making submissions to the Ministry of Corporate Affairs, participating in e-tenders, and signing personal legal documents such as rental agreements and employment contracts.

How Digital Signatures Work

A digital signature, or an e-sign, is a legally binding, digital alternative to handwritten signatures that allows users to sign documents online. However, it is much more than just an electronic mark. It is linked to a unique, encrypted cryptographic key that creates a secure and verifiable audit trail. This makes tampering with a signed electronic document far more difficult.

"Most officially signed electronic records are commonly locked in formats such as PDF after the digital signature is applied. If any change is made to the content after signing, the existing digital signature generally becomes invalid, and the document has to be signed again," explains Senior Chartered Accountant Rakesh Chatter. "This helps protect the integrity of the e-document and makes tampering easier to detect."

In India, electronic signatures operate under the encryption framework provided by the Information Technology Act, 2000. A Digital Signature Certificate (DSC) is created using a private key accessible only to the signer and is verified through a corresponding public key.

Digital signatures and how they work (ETV Bharat Creative)

Chatter notes that there are built-in systems to verify whether a digital signature is valid and to confirm that the signer’s identity matches the person or organisation named in the document.

In effect, a digital signature acts like a tamper-proof seal on a document sent online by ensuring authenticity, data integrity, and accountability. Because every valid digital signature leaves a traceable record, it becomes much harder for fraudsters to alter the document after it has been signed.

Getting a Digital Signature Certificate

Individuals as well as firms can obtain a Digital Signature Certificate (DSC) from licensed certifying authorities regulated by the Controller of Certifying Authorities (CCA). It is generally valid for one to three years, and the cost usually ranges from Rs 1,000 to Rs 3,000, depending on the class of certificate and the validity period.

To obtain a DSC, applicants generally need to submit PAN, Aadhaar, and KYC details and complete the required verification process, which may include video verification or physical verification. The applicant's identity and address must be verified, and the exact KYC process may vary by certifying authority and certificate type.

Getting a digital signature certificate (DSC) (ETV Bharat Creative)

Some recognised DSC providers include eMudhra, Protean eGov Technologies, CDSL Ventures, and CSC e-Governance Services India.

Notably, while DSCs help establish the authenticity of electronic documents, not all personal legal documents can be digitally signed. Certain categories are legally excluded, such as wills, sale deeds, powers of attorney, and trust deeds.

Electronic signatures: Usage and limitations (ETV Bharat Creative)

According to Rakesh Chatter, digital signatures are most commonly used for documents that are legally required to be filed electronically. In many official filings, the law itself determines when a digital signature becomes mandatory. For example, an income tax return filed by a non-audited assessee may be verified through Aadhaar authentication or by sending a manually signed physical copy to the Centralised Processing Centre (CPC). However, audited firms are generally required to file returns using a valid DSC.

Protecting Digital Signatures

While electronic signatures help protect people from the misuse of e-documents, Chatter cautions that misuse of DSC is also possible—not necessarily by altering the signed file, but by misusing the signature token itself.

"A digital signature remains secure only as long as the holder maintains control over it. If there is any suspicion that a DSC has been compromised, the password should be changed immediately," Chatter says. "Since the digital signature key is usually stored on a physical token or USB drive, sharing the device or password with another person can create a serious risk. Once someone else gains access, the digital signature can potentially be used without the knowledge of the original holder."

If a digital signature is misused, it should be suspended or revoked immediately. This should be followed by a formal complaint with the cybercrime police so that misuse is officially recorded without delay.

Rachana Rautray, Partner JSA Advocates and Solicitors, explains that the first step is to preserve evidence. "People should immediately take screenshots, save emails, messages and other communications, and note down timestamps, sender details, links and any other information that may help establish that tampering or fraud has taken place," she says.

Protecting digital signatures (ETV Bharat Creative)

"If money has already been transferred because of the fraud, the affected person should immediately inform the bank or financial institution and request that the transaction be frozen or blocked. A formal complaint should also be filed with the local police," she adds.

Speaking further, Rautray says that in cases involving digital identity theft or cheating by impersonation, the matter should be reported to the cybercrime cell so that further legal action can be taken on the basis of the available evidence.