eMailACheck implements a state-of-the-art and secure platform that reduces fraud and is more secure than traditional paper checks. In the process, it saves money and allows payor and payee to send and receive checks faster than most existing mechanisms.
 
Check related
 
 
What inbuilt fraud-protection does eMailACheck have that makes it more secure than traditional checks?
What is a digital signature and why is it secure?
How is the electronic check sent to Payee? Is it secure?
 
General
 
 
What information do you store in your database?
Do you process checks or check related financial transactions?
What is online security? How secure is eMailACheck.com website?
What information about the check do you store? Is this information accessible over the Internet?
How do you ensure that information stored in your database does not fall into the wrong hands?
What should I do if I suspect a fraudulent transaction?
 
 
What inbuilt fraud-protection does eMailACheck have that makes it more secure than traditional checks?
eMailACheck contains multiple security features. Two of these powerful features are:
  The background contains critical check information repeated and shadowed in the background. This includes payor name, payor bank account, payee name, check number, check amount and check date. Hence, if a fraudulent user changes any information on the check, it will not match the background.
  The barcode contains critical check information in addition to a digital signature (described below). If a fraudulent user changes any piece of information in the check, the digital signature becomes invalid. Furthermore each check can only clear one time. Conversely, a fraudulent user cannot generate an authentic digital signature with the tampered information as it needs a special "private" key known ONLY to the payor. The banks use specialized software to validate the authenticity of the digital signature and the check information.
Traditional checks are written on pre-printed paper which rely on watermarks and other security features which are difficult (but not impossible) to reproduce.
What is a digital signature and why is it secure?
The digital signature assures authenticity and integrity to the check as it proves that the check was created by the Payor who owns the private key. It also ensures that the check and its content are unchanged and have not been modified.
Digital signatures are created and verified by cryptography, the branch of applied mathematics that concerns itself with transforming messages into seemingly unintelligible forms and back again. Digital signatures use what is known as "public key cryptography," which employs an algorithm using two different but mathematically related "keys;" one for creating a digital signature or transforming data into a seemingly unintelligible form, and another key for verifying a digital signature or returning the message to its original form. Computer equipment and software utilizing two such keys are often collectively termed an "asymmetric cryptosystem."
The complementary keys of an asymmetric cryptosystem for digital signatures are arbitrarily termed the private key, which is known only to the signer and used to create the digital signature, and the public key, which is ordinarily more widely known and is used by a relying party to verify the digital signature. If many people need to verify the signer's digital signatures, the public key must be available or distributed to all of them, perhaps by publication in an on-line repository or directory where it is easily accessible. Although the keys of the pair are mathematically related, if the asymmetric cryptosystem has been designed and implemented securely it is "computationally infeasible to derive the private key from knowledge of the public key. Thus, although many people may know the public key of a given signer and use it to verify that signer's signatures, they cannot discover that signer's private key and use it to forge digital signatures. This is sometimes referred to as the principle of "irreversibility."
Another fundamental process, termed a "hash function," is used in both creating and verifying a digital signature. A hash function is an algorithm which creates a digital representation or "fingerprint" in the form of a "hash value" or "hash result" of a standard length which is usually much smaller than the message but nevertheless substantially unique to it. Any change to the message invariably produces a different hash result when the same hash function is used. In the case of a secure hash function, sometimes termed a "one-way hash function," it is computationally infeasible to derive the original message from knowledge of its hash value. Hash functions therefore enable the software for creating digital signatures to operate on smaller and predictable amounts of data, while still providing robust evidentiary correlation to the original message content, thereby efficiently providing assurance that there has been no modification of the message since it was digitally signed.

Thus, use of digital signatures usually involves two processes, one performed by the signer and the other by the receiver of the digital signature:
Digital signature creation uses a hash result derived from and unique to both the signed message and a given private key. For the hash result to be secure, there must be only a negligible possibility that the same digital signature could be created by the combination of any other message or private key.
Digital signature verification is the process of checking the digital signature by reference to the original message and a given public key, thereby determining whether the digital signature was created for that same message using the private key that corresponds to the referenced public key.
  To sign a document or any other item of information, the signer first delimits precisely the borders of what is to be signed. The delimited information to be signed is termed the "message" in these guidelines. Then a hash function in the signer's software computes a hash result unique (for all practical purposes) to the message. The signer's software then transforms the hash result into a digital signature using the signer's private key. The resulting digital signature is thus unique to both the message and the private key used to create it.

Typically, a digital signature (a digitally signed hash result of the message) is attached to its message and stored or transmitted with its message. However, it may also be sent or stored as a separate data element, so long as it maintains a reliable association with its message. Since a digital signature is unique to its message, it is useless if wholly disassociated from its message.

Verification of a digital signature is accomplished by computing a new hash result of the original message by means of the same hash function used to create the digital signature. Then, using the public key and the new hash result, the verifier checks:
1.
whether the digital signature was created using the corresponding private key; and
2.
whether the newly computed hash result matches the original hash result which was transformed into the digital signature during the signing process.
  The verification software will confirm the digital signature as "verified" if:
the signer's private key was used to digitally sign the message, which is known to be the case if the signer's public key was used to verify the signature because the signer's public key will verify only a digital signature created with the signer's private key; and
the message was unaltered, which is known to be the case if the hash result computed by the verifier is identical to the hash result extracted from the digital signature during the verification process.
  Various asymmetric cryptosystems create and verify digital signatures using different algorithms and procedures, but share this overall operational pattern.

The processes used for digital signatures have undergone thorough technological peer review for over a decade. Digital signatures have been accepted in several national and international standards developed in cooperation with and accepted by many corporations, banks, and government agencies. The likelihood of malfunction or a security problem in a digital signature cryptosystem designed and implemented as prescribed in the industry standards is extremely remote, and is far less than the risk of undetected forgery or alteration on paper or of using other less secure electronic signature techniques

Digital signatures, effectively eliminate fraud and solves the problems of:
Imposters, by minimizing the risk of dealing with imposters or persons who attempt to escape responsibility by claiming to have been impersonated;
 
Message integrity, by minimizing the risk of undetected message tampering and forgery, and of false claims that a message was altered after it was sent;
 
Formal legal requirements, by strengthening the view that legal requirements of form, such as writing, signature, and an original document, are satisfied, since digital signatures are functionally on a par with, or superior to paper forms; and
 
Open systems, by retaining a high degree of information security, even for information sent over open, insecure, but inexpensive and widely used channels.
How is the electronic check sent to Payee? Is it secured?
Yes. The electronic check is sent in a special encrypted format. Checks sent to a website or directly to Payee via email are both encrypted using special algorithms. ONLY the Payee can decrypt and access them.
 
What information is stored in the eMailaCheck database?
Payor - Our secure database only stores information provided by a Payee during the signup and activation process.

Payee - Only information provided by Payee during the signup process is stored in our secure database.

Website - eMailACheck monitors traffic visiting our website. More detailed website related information is available at Privacy.

None of the information stored or monitored by us is shared with any third-party. Additionally, access to stored information is limited to authorized individuals of the software provider.
Do you process checks or check related financial transactions?
eMailACheck does not process checks or check related financial transactions. We use mechanisms approved by many financial institutions that send checks from Sender(Payor) to Receiver (Payee) safely, quickly and in the most cost-effective manner.
 
What is online security? How secure is eMailACheck.com website?
Online security ensures that critical information you transmit to and from our website is secure and cannot be intercepted, read or misused by any other party. To guarantee a secure web experience, eMailACheck employs security at two levels: control of access to your accounts and security of transmission over the Internet. Account access security is accomplished by the use of your personal access codes: a Username and Password. Transmission security is achieved by requiring the use of a browser that includes the highest level of encryption, or data coding, available. This browser based technology uses the industry standard SSL (Secure Socket Layer) technology.
 
What information about the check do you store? Is this information accessible over the Internet?
eMailACheck does not receive any information about checks going directly from Sender to Receiver's email (Payee). Should you suspect a fraudulent transaction, please call your Bank immediately and advise them to take precautionary measures including putting a stop payment on the suspected check Please also contact us to advise if such an event occurs.
How do you ensure that information stored in your database does not fall into the wrong hands?
All our physical servers and databases are located in a high security location accessible only by authorized eMailACheck personnel.
 
What should I do if I suspect a fraudulent transaction?
Should you suspect a fraudulent transaction, please call your Bank immediately and advise them to take precautionary measures including putting a stop payment on the suspected check. Please also contact us to advise if such an event occurs.
 
 
 
Copyright 2005-2009 eMailACheck. All Rights Reserved