Those who frequently use electronic signatures at banks may wonder whether the bank will tamper with their signatures or use them to conduct unauthorized transactions. In reality, banks typically use technical measures and legal compliance to prevent tampering and counterfeiting when handling electronic signatures. This can be understood from the following key aspects:

1. Use of digital certificates and the PKI (Public Key Infrastructure) system

Bank electronic signatures are not simply "handwritten signature images" but rather utilize asymmetric encryption technology. Each signatory has a unique private and public key. The private key is stored in the signatory's secure device (such as a USB-shield, hardware security module (HSM), or the built-in security chip in the trusted signature screen) and is used for signing. The public key is bound to a certificate issued by an authorized CA (Certificate Authority for Digital Certification). Authoritative CAs in my country include those that support national cryptographic algorithms and CFCA certificates.

When signing, the system encrypts the document's digest with the private key, and the recipient decrypts and verifies with the public key. If the document has been tampered with, the digest value will be inconsistent, and verification will fail. If someone forges a signature, a legitimate signature cannot be generated without the private key.

However, it's important to note that banks must use digital certificates issued by a nationally recognized CA (such as CFCA). The private key must be stored in a hardware security module (HSM) or a controlled security chip and cannot be exported.

2. Tamper-resistant Design of the Signature Screen/Signature System

Modern bank electronic signature screens typically feature: a tamper-resistant security chip: The private key is stored in the security chip, which automatically destroys the key if tampered with. Encrypted Signature Data Transmission: The signing process (including handwriting data, pressure, and speed) is encrypted between the screen and the bank's system to prevent interception or tampering by intermediaries. Dynamic Handwriting Encryption: Biometrics such as pen pressure, speed, and acceleration are recorded and encrypted in an electronic file. Screen Firmware Encryption Verification: This prevents third-party malicious tampering with the device system.

3. Tamper-resistant Storage of Electronic Signature Files

After signing, the system generates an unalterable signed file (such as an encrypted PDF file) with the signature's digital fingerprint (hash + CA signature). Documents are stored in the bank's dedicated electronic seal management system or blockchain/timestamping service to ensure they cannot be subsequently modified. If a document is altered, any verification tool will display "Invalid Signature" or "Document Modified."

4. Identity Authentication and Two-Factor Authentication

Banks typically require multiple authentication methods for signatures, such as SMS verification code + bank app facial recognition, online banking USB Shield/USB Key, and dedicated signature screens combined with ID scanning and facial comparison. This prevents anyone from legally submitting the signature to the system, even if they obtain a signature image.

5. Legal and Compliance Assurance

China's Electronic Signature Law, the US ESIGN, and the EU eIDAS all stipulate that electronic signatures have the same legal validity as handwritten signatures, as long as the identity is authentic, the signature cannot be tampered with, and the signing process is traceable. Banks typically work with CAs to provide a chain of evidence for signatures that can be used in legal proceedings, ensuring that any disputes can be handled through legal proceedings.

Summary

Banks primarily rely on the following to prevent electronic signatures from being tampered with or forged:

Digital certificates + asymmetric encryption (PKI) – ensuring signatures are unique and cannot be forged. Signature screen security chip + encrypted transmission – prevents private key leakage and hijacking of the signing process.

Document encryption and packaging + timestamp/blockchain – prevent post-signature tampering.

Multi-factor authentication – prevents signature forgery.

Compliant with legal regulations – provides a judicially recognized chain of evidence.