Is Internet Faxing Secure?

Category: Fax

I've been using online faxing for about a year, but until now I never really thought about the potential for my fax transmission falling into the wrong hands. Should I be concerned about the security of Internet faxing?

Online Fax Security

The security of fax transmissions is especially important to healthcare, legal, and financial entities. Even occasional users may wonder if Internet faxing, despite its many advantages, is secure enough to protect their confidentiality and that of their clients. The answer is, it depends...

First, let's compare Internet fax security to the security of normal fax transmissions over phone lines. Both are susceptible to eavesdropping and diversion of transmissions, unless special precautions are taken. In the case of Internet faxes, encrypting a digital transmission or uploading it to a fax server over an encrypted Web connection provide good protection against interceptions. You should make sure that these security features are supported in any Internet fax service you consider.
Online Fax Security

Faxzero, an online faxing service I recommend, does encrypt all data before transferring it to their fax servers. In addition, their privacy policy states that they will not release personal information (such as your name, fax number or email address), nor information about the people you send faxes to, unless a court order compels them to do so.

Email-to-fax services can be spoofed, meaning someone can fake your email address in a message header and send faxes in your name. If you pay for Internet fax service that means you may be stuck with someone else's fax bill. A good Internet fax service sends a confirmation email back to the sender's email address with every fax it sends, providing an alert that an unauthorized fax was sent using your account.

Digital Delivery Offers Enhanced Fax Security

Normal faxes end up printed and deposited in a fax machine's receiving tray, where they lie until someone comes to retrieve them. These paper copies are exposed to everyone who has access to the fax machine, and may be accidentally read by people searching for their own faxes in the stack. Email-based Internet fax delivers faxes directly to the addressee's inbox (instead of a fax machine), where it's less likely to be seen by others.

Another security scheme stores received faxes on an online server. An email notice sent to the addressee contains a web link which points to the digital fax document. When clicked, the link opens a Secure Sockets Layer (SSL) connection to retrieve the document and display it in a browser, from which the recipient can save or print a copy. So the faxed document is never exposed on an unsecured connection.

Redundant security can be provided by using a Virtual Private Network (VPN) to establish exclusive connections over the Internet. Coupled with encrypted fax documents and PGP digital signatures, VPNs may be overkill when it comes to secure Internet faxing.

It's hard to control the security implemented by business partners. If you send an Internet fax to a partner's fax machine number, the printout is subject to the security vulnerabilities noted above. If possible, you should get your partners to use a more secure all-digital Internet fax solution such as fax-to-email or the SSL method described above. Hopefully, they're just as concerned with security as you are.

Bottom line, my take is that internet faxing is more secure than using good old-fashioned office fax machines, because encryption is typically NOT used when sending from one machine to another. Faxes travel across the public telephone network, and are subject to potential interception by motivated hackers. But because encryption is used by online fax services, and faxes can be delivered directly to the recipient's inbox, online faxing is a more secure option.

Do you have something to say about the security of online faxing? Post your comment or question below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 25 Mar 2011


For Fun: Buy Bob a Snickers.

Prev Article:
Streaming Internet Movies to Your TV

The Top Twenty
Next Article:
Windows 8 Preview

Most recent comments on "Is Internet Faxing Secure?"

Posted by:

Lee McIntyre
25 Mar 2011

Bob, I need you to "connect the dots" for me. We know not to put private information such as credit card numbers in e-mail messages, because those messages are no more secure than post cards sent through the U.S. Postal Service.

I receive all my incoming faxes as unencrypted PDF documents attached to e-mail messages, from my fax provider. Are those unencrypted PDF attachments any more secure that the e-mail messages they are attached to?

EDITOR'S NOTE: If they are not encrypted, then no.


Posted by:

Chuck
25 Mar 2011

If you send a fax over the Internet to someone's computer, why not just email it to them? Encrypted of course.


Posted by:

Jason Wallwork
26 Mar 2011

Just used FaxZero about a week ago. I have all-in-one printer but it doesn't do faxing. So I scanned in a couple of signed documents and used FaxZero to fax them to their destinations. I asked on of the places I faxed to if the cover sheet advertisement was annoying and they assured me it wasn't. They thought it was kind of neat, actually.

The cheap scanner software that came with the printer only scans in JPG, GIF or PNG formats (or coverts to text via OCR) so I used Bullzip PDF printer to convert the scan to a PDF (Fax zero doesn't accept image files). Altogether, an easy and effective service.


Posted by:

Ashleigh
28 Mar 2011

Sfax (http://www.sfaxme.com) is another service that ensures your document is completely secure by encrypting it throughout its entire journey. It was originally designed for the healthcare industry and only uses email for notifications, and therefore provides the highest levels of document security – all with a complete audit trail.


Posted by:

Lee McIntyre
30 Mar 2011

After being made aware of security issues with unencrypted fax documents attached to e-mail messages, I checked with my provider, FreedomVoice Systems (www.freedomvoice.com). They provide entire virtual office services, including incoming 800-numbers, voice mail boxes, inbound and outbound fax, and more, starting at $10 per month for the basic setup.

I learned that I have three options:

1. Receive unencrypted faxes attached to notification e-mail messages as PDF files. (This is what I've been doing for years, unwittingly inviting security breaches).

2. Instruct the system to ZIP the faxes and password-protect them before attaching them to the e-mail. I specify a password one time, and the same password is used to open all ZIPped faxes going forward, until I change passwords. I understand ZIPped files are not 100% impervious to hacking, but they're sufficient for my purposes, so this is what I'm now doing.

3. Receive notification-only messages from FreedomVoice (on both my cell phone and via e-mail), which allow me to log in to the FreedomVoice web site and download the PDF file directly to my computer. I suppose this provides the highest security, but it interjects the extra step of having to log in to retrieve my incoming faxes.

I've been a delighted FreedomVoice customer for perhaps 10 years (perhaps I sound like a paid spokesperson, but I definitely am not), and I would recommend it to anyone looking for a secure inbound/outbound virtual fax system, with or without voice messaging, virtual office, etc.


Posted by:

David Turner
30 Mar 2011

FaxitFast.com is also a reliable Internet Fax service.

All of their inbound / outbound faxes sent from the account dashboard are transmitted securely via SSL connection. In addition, they offer a risk-free 30 day trial so that you can try the service before you actually buy. Unfortunately as Lee mentioned, receiving / sending faxes directly from your email account can be difficult to ensure the same level of security compared to viewing faxes from your account dashboard at FaxitFast.com


Posted by:

Chris
05 Mar 2014

While encryption during transmission is important, I gotta say this article misses another point, which is actually more important: storage.

Let's put it this way: if I'm using an online fax service, do I know if my documentation stored on a server somewhere? Is any such server encrypted? Is any such server protected in other ways? As a security professional, that's the first thing on my mind.

If I were an unscrupulous person w/ sufficient technical skills, an online faxing service that stores faxes somewhere would be an unbelievably tempting target - especially if they process a lot of faxes in one day.

I am just about to fax some tax paperwork, for instance. This has my name, SSN, address, and primary email. That's a gold mine for an identity thief, and I can't be the only one needing to fax info like this.

So, if people are using that service to fax sensitive information (and they will be), then, as an attacker, I wouldn't give a darn about whether it's encrypted during transmission - I'd be going after the servers. It's easier to hack an insecure server than tap a phone line, and it'll yield much better results (more documents from more sources = more sensitive information).

So, in short: SSL encryption is nice, but unless there's secure storage (or no storage at all), then you're better off using an old-school fax machine.


Posted by:

Mike Hagerty
29 Sep 2014

Security is a state of mind.

Without encryption and/or password protection for attachments, online faxes are certainly vulnerable to security breaches on the receiving side.

Many organizations routinely "trap" all inbound messages, then route and save copies of them internally per their own protocols. Once a file is decrypted, what happen after that is anyone's guess.

The one real advantage of a using old-school dedicated fax phone lines is that it almost eliminates the chance for the message to be copied, diverted, or intercepted during transmission - unless the lines are bugged.


Posted by:

cdg
29 Oct 2017

Faxzero used to provide a decent service. But, for the last several months, faxes to congress are not going through. When I reported the problem to Faxzero, their incompetent, rude "support" person (who goes by the name of Connie), kept insisting the fault lies with my computer (singular) --- even though I provided documentation that it occurs with six different computers, five different browsers, five different operating systems, different routers and different ISPs. I've switched to another service permanently. I suggest you do the same.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML


Article information: AskBobRankin -- Is Internet Faxing Secure? (Posted: 25 Mar 2011)
Source: https://askbobrankin.com/is_internet_faxing_secure.html
Copyright © 2005 - Bob Rankin - All Rights Reserved