Digital signatures are currently highly popular due to their capability to offer greater security than traditional signatures. However, digital signatures also require a certificate to ensure their full trustworthiness.
Digital signatures come in two types, as referenced in the Indonesian Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions, Article 60 paragraph 2, which states that there are certified and uncertified digital signatures.
Using a certified digital signature undoubtedly offers many benefits. But what happens if the digital signature you use is not certified? Below is an overview of the risks you might face if you continue using uncertified digital signatures.
What Is an Uncertified Digital Signature?
Before exploring the risks of uncertified digital signatures, it is essential to understand the difference between certified and uncertified digital signatures.
An uncertified digital signature does not involve a service provider and does not have operational permission from an authorized authority. The authority refers to the Indonesian Ministry of Information, which issues certificates to each digital signature service provider in this context.
Meanwhile, a certified digital signature is issued by a digital signature service provider registered with the Indonesian Ministry of Information. These providers are authorized to operate an encryption system to secure digital signatures.
Regulations on Digital Signature Certification by Kominfo
According to Indonesian Government Regulation No. 71 of 2019, digital signature services or providers must be registered with the government. This means that any digital signature issued by an uncertified institution is questionable, even though it can still be used.
Besides digital signatures, this regulation also governs other digital services, including digital seals, authentication, preservation, and so forth. The aim is to enhance comfort and security for the public in conducting digital transactions and to promote future digital-based economic activities.
What Are the Risks of Using an Uncertified Digital Signature?
It's important to understand that while uncertified digital signatures are legally acceptable, they pose certain risks, especially when signing official and confidential documents. Here are the risks you should be aware of:
Security Risk: The first risk is the lack of security compared to certified digital signatures. For instance, uncertified digital signatures are vulnerable to data alteration and forgery, unlike certified digital signatures, which have an encryption code that can only be read and verified by relevant parties.
Questionable Legitimacy: Another risk involves the legitimacy of the digital signature. Even though it might appear legal, documents signed using an uncertified digital signature can have their validity questioned. This is particularly risky for confidential documents related to government institutions or agencies.
Moreover, according to Indonesian Government Regulation No. 71 of 2019, especially as stated in Article 60, the highest level of authenticity proof belongs to certified digital signatures. The same is indicated in the Information and Electronic Transactions Act, No. 11 of 2008, particularly in Article 11.
Impact on Company and Institution Credibility: The use of uncertified digital signatures can directly or indirectly affect the credibility of companies and institutions. Consumers and partners may perceive the company as not serious about protecting digital data and important documents.
Continued use of uncertified digital signatures may lead to discomfort among consumers and business partners. They might assume that the lack of certified signatures means that digital letters or documents can be easily forged, potentially leading to material or non-material losses.
VIDA as a Certificate Authority (CA)
VIDA, as Certificate Authority (CA) under the Indonesian Ministry of Communication and Informatics, participates in securing user data, including digital signature services. VIDA's products are also certified by WebTrust, Adobe Approved Trust List, ISO 27001, and TSP Cloud Signature Consortium, enhancing digital trust for the public to use digital signatures.
VIDA implements global security standards, such as public key infrastructure, network security, and biometric authentication, supported by top global AI biometric verification with liveness detection, offering an instant, smooth, and secure user experience. Thus, user identities in digital services are guaranteed, minimizing fraud and protecting user identities.
For a fast, easy, and secure certified digital signature experience, click here.