(A) If there is a security procedure between the parties with respect to an electronic signature or electronic record, both of the following apply:
(1) The effect of compliance with a security procedure established by a law or regulation is determined by that law or regulation.
(2) In all other cases than those described in division (A)(1) of this section, if the parties agree to use or otherwise knowingly adopt a security procedure to verify the person from which an electronic signature or electronic record has been sent, the electronic signature or electronic record is attributable to the person identified by the security procedure, if the person relying on the attribution establishes all of the following:
(a) The security procedure is commercially reasonable.
(b) The party accepted or relied on the electronic message in good faith and in compliance with the security procedure and any additional agreement with or separate instructions of the other party.
(c) The security procedure indicates that the electronic message is from the person to which attribution is sought.
(B) If the electronic signature or electronic record is not attributable to a party under section 1306.08 of the Revised Code but is attributable to the party under other provisions of this section, then, notwithstanding the other provisions of this section, the electronic signature or electronic record is not attributable to the party if the party establishes that the electronic signature or electronic record was caused directly or indirectly by a person meeting any of the following:
(1) The person was not entrusted at any time with the right or duty to act for the party with respect to such electronic signature or electronic record or security procedure.
(2) The person lawfully obtained access to transmitting facilities of the party, if such access facilitated the misuse of the security procedure.
(3) The person obtained, from a source controlled by the party, information facilitating misuse of the security procedure.
(C) If the parties use a commercially reasonable security procedure to detect errors or changes with respect to an electronic signature or electronic record, both of the following apply:
(1) The effect of a security procedure is determined by the agreement between the parties, or, in the absence of an agreement, by this section or any law establishing the security procedure.
(2) Unless the circumstances indicate otherwise, if a security procedure indicates that an electronic signature or electronic record has not been altered since a particular time, it shall be treated as not having been altered since that time.
Effective Date: 09-14-2000 .