Is Internet Faxing Secure?
I've been using online faxing for about a year, but until now I never really thought about the potential for my fax transmission falling into the wrong hands. Should I be concerned about the security of Internet faxing?
Online Fax Security
The security of fax transmissions is especially important to healthcare, legal, and financial entities. Even occasional users may wonder if Internet faxing, despite its many advantages, is secure enough to protect their confidentiality and that of their clients. The answer is, it depends...
First, let's compare Internet fax security to the security of normal fax transmissions over phone lines. Both are susceptible to eavesdropping and diversion of transmissions, unless special precautions are taken. In the case of Internet faxes, encrypting a digital transmission or uploading it to a fax server over an encrypted Web connection provide good protection against interceptions. You should make sure that these security features are supported in any Internet fax service you consider.
Email-to-fax services can be spoofed, meaning someone can fake your email address in a message header and send faxes in your name. If you pay for Internet fax service that means you may be stuck with someone else's fax bill. A good Internet fax service sends a confirmation email back to the sender's email address with every fax it sends, providing an alert that an unauthorized fax was sent using your account.
Digital Delivery Offers Enhanced Fax Security
Normal faxes end up printed and deposited in a fax machine's receiving tray, where they lie until someone comes to retrieve them. These paper copies are exposed to everyone who has access to the fax machine, and may be accidentally read by people searching for their own faxes in the stack. Email-based Internet fax delivers faxes directly to the addressee's inbox (instead of a fax machine), where it's less likely to be seen by others.
Another security scheme stores received faxes on an online server. An email notice sent to the addressee contains a web link which points to the digital fax document. When clicked, the link opens a Secure Sockets Layer (SSL) connection to retrieve the document and display it in a browser, from which the recipient can save or print a copy. So the faxed document is never exposed on an unsecured connection.
Redundant security can be provided by using a Virtual Private Network (VPN) to establish exclusive connections over the Internet. Coupled with encrypted fax documents and PGP digital signatures, VPNs may be overkill when it comes to secure Internet faxing.
It's hard to control the security implemented by business partners. If you send an Internet fax to a partner's fax machine number, the printout is subject to the security vulnerabilities noted above. If possible, you should get your partners to use a more secure all-digital Internet fax solution such as fax-to-email or the SSL method described above. Hopefully, they're just as concerned with security as you are.
Bottom line, my take is that internet faxing is more secure than using good old-fashioned office fax machines, because encryption is typically NOT used when sending from one machine to another. Faxes travel across the public telephone network, and are subject to potential interception by motivated hackers. But because encryption is used by online fax services, and faxes can be delivered directly to the recipient's inbox, online faxing is a more secure option.
Do you have something to say about the security of online faxing? Post your comment or question below...
This article was posted by Bob Rankin on 25 Mar 2011
|For Fun: Buy Bob a Snickers.|
Streaming Internet Movies to Your TV
The Top Twenty
Windows 8 Preview
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Is Internet Faxing Secure? (Posted: 25 Mar 2011)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Is Internet Faxing Secure?"
25 Mar 2011
Bob, I need you to "connect the dots" for me. We know not to put private information such as credit card numbers in e-mail messages, because those messages are no more secure than post cards sent through the U.S. Postal Service.
I receive all my incoming faxes as unencrypted PDF documents attached to e-mail messages, from my fax provider. Are those unencrypted PDF attachments any more secure that the e-mail messages they are attached to?
EDITOR'S NOTE: If they are not encrypted, then no.
25 Mar 2011
If you send a fax over the Internet to someone's computer, why not just email it to them? Encrypted of course.
26 Mar 2011
Just used FaxZero about a week ago. I have all-in-one printer but it doesn't do faxing. So I scanned in a couple of signed documents and used FaxZero to fax them to their destinations. I asked on of the places I faxed to if the cover sheet advertisement was annoying and they assured me it wasn't. They thought it was kind of neat, actually.
The cheap scanner software that came with the printer only scans in JPG, GIF or PNG formats (or coverts to text via OCR) so I used Bullzip PDF printer to convert the scan to a PDF (Fax zero doesn't accept image files). Altogether, an easy and effective service.
28 Mar 2011
Sfax (http://www.sfaxme.com) is another service that ensures your document is completely secure by encrypting it throughout its entire journey. It was originally designed for the healthcare industry and only uses email for notifications, and therefore provides the highest levels of document security – all with a complete audit trail.
30 Mar 2011
After being made aware of security issues with unencrypted fax documents attached to e-mail messages, I checked with my provider, FreedomVoice Systems (www.freedomvoice.com). They provide entire virtual office services, including incoming 800-numbers, voice mail boxes, inbound and outbound fax, and more, starting at $10 per month for the basic setup.
I learned that I have three options:
1. Receive unencrypted faxes attached to notification e-mail messages as PDF files. (This is what I've been doing for years, unwittingly inviting security breaches).
2. Instruct the system to ZIP the faxes and password-protect them before attaching them to the e-mail. I specify a password one time, and the same password is used to open all ZIPped faxes going forward, until I change passwords. I understand ZIPped files are not 100% impervious to hacking, but they're sufficient for my purposes, so this is what I'm now doing.
3. Receive notification-only messages from FreedomVoice (on both my cell phone and via e-mail), which allow me to log in to the FreedomVoice web site and download the PDF file directly to my computer. I suppose this provides the highest security, but it interjects the extra step of having to log in to retrieve my incoming faxes.
I've been a delighted FreedomVoice customer for perhaps 10 years (perhaps I sound like a paid spokesperson, but I definitely am not), and I would recommend it to anyone looking for a secure inbound/outbound virtual fax system, with or without voice messaging, virtual office, etc.
30 Mar 2011
FaxitFast.com is also a reliable Internet Fax service.
All of their inbound / outbound faxes sent from the account dashboard are transmitted securely via SSL connection. In addition, they offer a risk-free 30 day trial so that you can try the service before you actually buy. Unfortunately as Lee mentioned, receiving / sending faxes directly from your email account can be difficult to ensure the same level of security compared to viewing faxes from your account dashboard at FaxitFast.com
05 Mar 2014
While encryption during transmission is important, I gotta say this article misses another point, which is actually more important: storage.
Let's put it this way: if I'm using an online fax service, do I know if my documentation stored on a server somewhere? Is any such server encrypted? Is any such server protected in other ways? As a security professional, that's the first thing on my mind.
If I were an unscrupulous person w/ sufficient technical skills, an online faxing service that stores faxes somewhere would be an unbelievably tempting target - especially if they process a lot of faxes in one day.
I am just about to fax some tax paperwork, for instance. This has my name, SSN, address, and primary email. That's a gold mine for an identity thief, and I can't be the only one needing to fax info like this.
So, if people are using that service to fax sensitive information (and they will be), then, as an attacker, I wouldn't give a darn about whether it's encrypted during transmission - I'd be going after the servers. It's easier to hack an insecure server than tap a phone line, and it'll yield much better results (more documents from more sources = more sensitive information).
So, in short: SSL encryption is nice, but unless there's secure storage (or no storage at all), then you're better off using an old-school fax machine.
29 Sep 2014
Security is a state of mind.
Without encryption and/or password protection for attachments, online faxes are certainly vulnerable to security breaches on the receiving side.
Many organizations routinely "trap" all inbound messages, then route and save copies of them internally per their own protocols. Once a file is decrypted, what happen after that is anyone's guess.
The one real advantage of a using old-school dedicated fax phone lines is that it almost eliminates the chance for the message to be copied, diverted, or intercepted during transmission - unless the lines are bugged.
29 Oct 2017
Faxzero used to provide a decent service. But, for the last several months, faxes to congress are not going through. When I reported the problem to Faxzero, their incompetent, rude "support" person (who goes by the name of Connie), kept insisting the fault lies with my computer (singular) --- even though I provided documentation that it occurs with six different computers, five different browsers, five different operating systems, different routers and different ISPs. I've switched to another service permanently. I suggest you do the same.