Security

SwiftSend is used to deliver large numbers of document packages over the Internet that contain, for example, personal identification information, financials and other sensitive information. Access to that information is Federally regulated, requiring close attention to security by both SwiftView, Inc. and our customers.

SwiftView, Inc. believes that security can never be an afterthought. Real security is the result of careful design, thorough implementation and, most importantly, an appropriate staff attitude. SwiftSend has all three.

SwiftSend’s Design

SwiftSend was designed with the utmost attention to detail in building a secure, web-based electronic document delivery system. Email attachments and ftp were never even considered because they compromise security. Industry-standard Secure Socket Layer (SSL/HTTPS) based links—just like online banking—are used for all connections and transactions except marketing and Help information.

Security is never free and typically more security makes a system harder to use. We have designed SwiftSend to provide multiple, user-selectable levels of security, while not requiring users to perform extraordinary operational or technical feats. Like all systems, it could be made more secure, but only at the expense of making the system unusable for significant numbers of normal users.

SwiftView, Inc. takes its responsibilities in securing customer information extremely seriously. SwiftView senior management discusses these matters with employees regularly. It is management's demonstrated high level of concern, along with the high level of integrity of our employees, which provides true security.

We continuously take many measures to ensure that the information in our care is treated appropriately. This website provides an overview of our security and operations policies. Please contact your SwiftSend Account Manager if the following does not answer all of your questions.

Fundamental SwiftSend Security

Email addresses are users' login names. Easy-to-remember login names reduce user confusion and increases security. More importantly, this makes it difficult to share accounts and provides a simple form of user authentication. In addition, SwiftSend verifies that an email address corresponds to the actual user with a round-trip email transaction.

HTTPS (SSL) is used for all communications. All of SwiftSend's external operational links use industry-standard HTTPS (Secure Socket Layer - SSL). Some other Internet services use SSL sparingly in an attempt to save bandwidth and server load. That is a mistake: it greatly raises the potential for security problems due to coding errors, yet saves them little, because hardware can easily be added to compute huge numbers of SSL keys per second. The actual SSL encryption level negotiated depends upon which browser is being used but is required to be 128 bit or higher before documents can be obtained. loandocs.swiftsend.com and docs.swiftsend.com are both fully certificated for SSL communications with certificates from Thawte, a Verisign subsidiary.

Even without passwords, SwiftSend is more secure than email attachments. More than just using SSL to secure web pages and transmissions, SwiftSend builds security into its processes. SwiftSend secures the link in the recipient's email cover letter by including a 32-character (128 bit) number which: 1) uniquely identifies both the document and the recipient and 2) is not guessable, even with huge computing power. The document link does not exist on the website in any static sense. It is supplied by the active programming of the SwiftSend website which performs a number of operations and checks before it supplies the requested content of any given URL. As a result, the document cannot be accessed unless the email is intercepted or is deliberately forwarded, both prevented by requiring passwords as noted below. Even so, this is more secure than an email attachment because the document itself is not directly made available over email.

Documents can be retracted instantly. Documents can be removed at any time from the website with one click in the Outbox. Anyone attempting to view the document is informed that the document has been removed. This gives your organization more control over document access than is possible with email attachments or other products.

Advanced SwiftSend Security

Recipient Authentication: Passwords. Document recipients are required to enter their email address, and if required, a password, before viewing a document. It is simple to enable this feature: the document originator simply clicks 'Viewer Sign-In Required' on the Document Properties screen before the package is sent.

Requiring a recipient password precludes people who intercept a notification email from viewing the document and prevent a notification email from being forwarded to another person. As with all user name/password based systems, nothing can be done about a user who gives out his user name (email address) and personal password.

Workgroup policy. SwiftSend allows workgroup administrators (WGAs) to select and implement policies to match their company security policies and requirements. WGAs can require all their users to send documents with passwords. They can control the total time a user can stay logged in and how soon a user is logged out if he is inactive. They can also require that all deliveries go only to email addresses which are provided for users in Workgroup-wide address books.