The security of fax transmissions is especially important to healthcare, legal, and financial entities. Even occasional users may wonder if Internet faxing, despite its many advantages, is secure enough to protect their confidentiality and that of their clients. The answer is, it depends...
First, let's compare Internet fax security to the security of normal fax transmissions over phone lines.
Both are susceptible to eavesdropping and diversion of transmissions, unless special precautions are taken. In the case of Internet faxes, encrypting a digital transmission or uploading it to a fax server over an encrypted Web connection provide good protection against interceptions. You should make sure that these security features are supported in any Internet fax service you consider.
Faxzero, an online faxing service I recommend, does encrypt all data before transferring it to their fax servers. In addition, their privacy policy states that they will not release personal information (such as your name, fax number or email address), nor information about the people you send faxes to, unless a court order compels them to do so.
Email-to-fax services can be spoofed, meaning someone can fake your email address in a message header and send faxes in your name. If you pay for Internet fax service that means you may be stuck with someone else's fax bill. A good Internet fax service sends a confirmation email back to the sender's email address with every fax it sends, providing an alert that an unauthorized fax was sent using your account.
Digital Delivery Offers Enhanced Fax Security
Normal faxes end up printed and deposited in a fax machine's receiving tray, where they lie until someone comes to retrieve them. These paper copies are exposed to everyone who has access to the fax machine, and may be accidentally read by people searching for their own faxes in the stack. Email-based Internet fax delivers faxes directly to the addressee's inbox (instead of a fax machine), where it's less likely to be seen by others.
Another security scheme stores received faxes on an online server. An email notice sent to the addressee contains a web link which points to the digital fax document. When clicked, the link opens a Secure Sockets Layer (SSL) connection to retrieve the document and display it in a browser, from which the recipient can save or print a copy. So the faxed document is never exposed on an unsecured connection.
Redundant security can be provided by using a Virtual Private Network (VPN) to establish exclusive connections over the Internet. Coupled with encrypted fax documents and PGP digital signatures, VPNs may be overkill when it comes to secure Internet faxing.
It's hard to control the security implemented by business partners. If you send an Internet fax to a partner's fax machine number, the printout is subject to the security vulnerabilities noted above. If possible, you should get your partners to use a more secure all-digital Internet fax solution such as fax-to-email or the SSL method described above. Hopefully, they're just as concerned with security as you are.
Bottom line, my take is that internet faxing is more secure than using good old-fashioned office fax machines, because encryption is typically NOT used when sending from one machine to another. Faxes travel across the public telephone network, and are subject to potential interception by motivated hackers. But because encryption is used by online fax services, and faxes can be delivered directly to the recipient's inbox, online faxing is a more secure option.