BLOG | VIDA DIGITAL IDENTITY

Top 3 Risks of Using Uncertified Digital Signatures

Written by VIDA | Oct 2, 2023 4:09:00 PM
Digital signatures have become increasingly popular for their heightened security compared to traditional signatures. However, digital signatures require a certificate to be truly trustworthy.

There are two types of digital signatures according to the Indonesian Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions, Article 60 paragraph 2: certified and uncertified digital signatures.

Using a certified digital signature offers many benefits. But what are the risks of using an uncertified digital signature? Here’s an overview of the risks you might face if you continue using uncertified digital signatures.

What Is an Uncertified Digital Signature?

Before delving into the risks of uncertified digital signatures, it's essential to understand the difference between certified and uncertified digital signatures.

An uncertified digital signature does not involve a service provider and does not have operational permission from an authorized authority. In this case, the authority refers to the Indonesian Ministry of Information, which issues certificates to each digital signature service provider.

In contrast, a certified digital signature is issued by a service provider registered with the Indonesian Ministry of Information. These providers are authorized to operate an encryption system for securing digital signatures.

Regulations on Digital Signature Certification by Kominfo

The Indonesian Government Regulation No. 71 of 2019 states that digital signature services or providers must be registered with the government. This means that any digital signature issued by an uncertified institution is questionable, even though it can still be used.

In addition to digital signatures, the regulation also covers other digital services, including digital seals, authentication, preservation, etc. The goal is to enhance comfort and security for the public in conducting digital transactions and to promote future digital-based economic activities.

What Are the Risks of Using an Uncertified Digital Signature?

It's important to understand that while uncertified digital signatures are legally acceptable, they pose certain risks, especially when signing official and confidential documents. Here are the risks you should consider:

Security Risk: The first risk is the lack of security compared to certified digital signatures. For example, uncertified digital signatures are vulnerable to data alteration and forgery. On the other hand, legally binding
Digital signatures have become increasingly popular for their heightened security compared to traditional signatures. However, digital signatures require a certificate to be truly trustworthy.

There are two types of digital signatures according to the Indonesian Government Regulation No. 71 of 2019 on the Implementation of Electronic Systems and Transactions, Article 60 paragraph 2: certified and uncertified digital signatures.

Using a certified digital signature offers many benefits. But what are the risks of using an uncertified digital signature? Here’s an overview of the risks you might face if you continue using uncertified digital signatures.

What Is an Uncertified Digital Signature?

Before delving into the risks of uncertified digital signatures, it's essential to understand the difference between certified and uncertified digital signatures.

An uncertified digital signature is one that does not involve a service provider and does not have operational permission from an authorized authority. In this case, the authority refers to the Indonesian Ministry of Information, which issues certificates to each digital signature service provider.

In contrast, a certified digital signature is issued by a service provider registered with the Indonesian Ministry of Information. These providers are authorized to operate an encryption system for securing digital signatures.

Regulations on Digital Signature Certification by Kominfo

The Indonesian Government Regulation No. 71 of 2019 states that digital signature services or providers must be registered with the government. This means that any digital signature issued by an uncertified institution is questionable, even though it can still be used.

In addition to digital signatures, the regulation also covers other digital services, including digital seals, authentication, preservation, etc. The goal is to enhance comfort and security for the public in conducting digital transactions and to promote future digital-based economic activities.

What Are the Risks of Using an Uncertified Digital Signature?

It's important to understand that while uncertified digital signatures are legally acceptable, they pose certain risks, especially when signing official and confidential documents. Here are the risks you should consider:

Security Risk: The first risk is the lack of security compared to certified digital signatures. For example, uncertified digital signatures are vulnerable to data alteration and forgery. On the other hand, certified digital signatures have an encryption code that can only be read and verified by relevant parties.

Questionable Legitimacy: Another risk involves the legitimacy of the digital signature. Even though it might appear legal, documents signed using an uncertified digital signature can have their validity questioned. This is particularly risky for confidential documents related to government institutions or agencies.

According to Indonesian Government Regulation No. 71 of 2019, primarily as stated in Article 60, the most valid form of digital signature is the certified one. The same is indicated in the Information and Electronic Transactions Act, No. 11 of 2008, particularly in Article 11.

Impact on Company and Institution Credibility: The use of uncertified digital signatures can directly or indirectly affect the credibility of companies and institutions. Consumers and partners may perceive the company as not serious about protecting digital data and important documents.
Continued use of uncertified digital signatures may lead to discomfort among consumers and business partners. They might assume that the lack of certified signatures means that digital letters or documents can be easily forged, potentially leading to material or non-material losses.

From the above discussion, it is clear that uncertified digital signatures, while seemingly legal, carry significant risks for companies. Thus, companies should be diligent in using certified digital signatures. To achieve this, partnering with a certified digital signature service provider is recommended.

VIDA as a Certificate Authority (CA)

VIDA, as Certificate Authority (CA) under the Indonesian Ministry of Communication and Informatics, participates in securing user data, including digital signature services. VIDA's products are also certified by WebTrust, Adobe Approved Trust List, ISO 27001, and TSP Cloud Signature Consortium, enhancing digital trust for the public to use digital signatures.

VIDA implements global security standards, such as public key infrastructure, network security, and biometric authentication, supported by top global AI biometric verification with liveness detection, offering an instant, smooth, and secure user experience. Thus, user identities in digital services are guaranteed, minimizing fraud and protecting user identities.

For a fast, easy, and secure certified digital signature experience,  click here.
 digital signatures have an encryption code that can only be read and verified by relevant parties.

Questionable Legitimacy: Another risk involves the legitimacy of the digital signature. Even though it might appear legal, documents signed using an uncertified digital signature can have their validity questioned. This is particularly risky for confidential documents related to government institutions or agencies.

According to Indonesian Government Regulation No. 71 of 2019, especially as stated in Article 60, the most valid form of digital signature is the certified one. The same is indicated in the Information and Electronic Transactions Act, No. 11 of 2008, particularly in Article 11.

Impact on Company and Institution Credibility: The use of uncertified digital signatures can directly or indirectly affect the credibility of companies and institutions. Consumers and partners may perceive the company as not serious about protecting digital data and important documents.
Continued use of uncertified digital signatures may lead to discomfort among consumers and business partners. They might assume that the lack of certified signatures means that digital letters or documents can be easily forged, potentially leading to material or non-material losses.

From the above discussion, it is clear that uncertified digital signatures, while seemingly legal, carry significant risks for companies. Thus, companies should be diligent in using certified digital signatures. To achieve this, partnering with a certified digital signature service provider is recommended.

VIDA as a Certificate Authority (CA)

VIDA, as Certificate Authority (CA) under the Indonesian Ministry of Communication and Informatics, participates in securing user data, including digital signature services. VIDA's products are also certified by WebTrust, Adobe Approved Trust List, ISO 27001, and TSP Cloud Signature Consortium, enhancing digital trust for the public to use digital signatures.

VIDA implements global security standards, such as public key infrastructure, network security, and biometric authentication, supported by top global AI biometric verification with liveness detection, offering an instant, smooth, and secure user experience. Thus, user identities in digital services are guaranteed, minimizing fraud and protecting user identities.

For a fast, easy, and secure certified digital signature experience, click here.