How to protect forms?

Protecting the integrity of the data your clients submit is a cornerstone of the Cellosign platform. We utilize the latest industry practices to ensure that every form is served over secure, encrypted channels. However, the security of a form is only as strong as its entry point.

We provide high-level infrastructure security, but serving a form without an access layer creates a vulnerability.

To prevent unauthorized access, data scraping, or identity impersonation, we strongly recommend implementing a Verification Layer for every client-facing document.

Recommended Protection Methods

To ensure that only the intended recipient can view and complete a form, you can toggle the following “Challenge” methods:

• One-Time Password (OTP): A unique, time-sensitive code sent via SMS or Email that the client must enter before the form content is revealed.
• Knowledge-Based Authentication (KBA): A challenge requiring the client to provide a specific piece of information (e.g., the last 4 digits of an ID or a specific account number) known only to them.

Our Commitment to Modern Standards

We ensure that all client forms are served using current best practices, including:

• TLS 1.2+ Encryption: Ensuring data is unreadable to anyone intercepting the traffic.
• Anti-Automation Headers: Preventing bots from interacting with your forms.
• Field-Level Validation: Ensuring that the data entered by clients is clean and secure before it reaches your systems.

By requiring a Challenge or OTP, you ensure that the “lock” we provide is properly engaged, keeping your clients’ sensitive information private and verified.