Until now, digital signatures have been seen as a useful tool solely for internal company purposes. In fact, however, they can be implemented in a number of fields, including online transactions. Digital signatures enable transactions to be safe and smooth for both sellers and customers, as authentication is effective even though it is done digitally. Digital signatures are thus a form of authentication.
What is the difference between a digital signature and a wet signature?
Compared to wet signatures, digital signatures are relatively difficult to forge, because they involve electronic certificates and data encryption technologies that guarantee that the digital signature cannot be changed. How, then, do we apply digital signatures to online transactions? What does a digital signature security system look like? Here's a full explanation.
An online transaction is any buying or selling activity done online over the internet. Some of the most common examples are when someone tops up their e-Wallet balance, pays bills through e-Commerce services, or buys credit and various other products.
In order to enjoy all online transaction services, ideally you have to register or sign up first. As part of this sign-up process you must verify and authenticate your identity. This enables the seller or service provider to validate your identity to prevent the risk of fraud or identity theft.
Digital signatures help minimize the risk of fraud and thus help secure online transactions. Every digitally signed digital document is authenticated with a verified digital identity. To strengthen verification, the process also usually involves biometric technology such as facial recognition.
In addition to paying bills and making purchases, online transactions can also occur in the banking service sector. One example is when a customer wants to open a new account. Thanks to the digital signature, customers can open new accounts without having to go to the bank and meet face to face with officers as long as there is an internet connection.
Digital documents that must be signed electronically only need to be sent via email. This is of course not only safe, but also practical and saves time, both for the bank and the customer.
As mentioned earlier, digital signatures offer a higher level of security in online transactions when compared to wet signatures. Your digital identity will be protected more securely because the potential for e-signature forgery or data theft is reduced.
However, how do digital signatures work?
When someone makes a digital signature, a unique hash of a message or document will appear. A hash is a series of letters and numbers generated from a mathematical algorithm against a file, be it messages, documents, emails, and others. No matter how big the file size is, the length of the hash string and number will always be the same.
The hash concatenation is always unique and one way. That is, there are no hash sequences with the same combination of letters and numbers. In addition, a hash computation cannot be reversed to mark or look for other similar files. Even in cases where two pieces of data are similar but differ by only one bit, the resulting hash will still be different.
Furthermore, the hash that emerges from the digitally signed file will be encrypted using cryptographic methods using a pair of keys called the “public key” and the “private key”. The public key is distributed for use by both the recipient and the sender of the file, while the private key is only used by one party.
If the sender's private key is used for encryption, the public key counterpart is used for decryption. Conversely, when the recipient's public key is used to encrypt, the recipient's private key can decrypt it. Thus, only the intended recipient can read the digitally signed file because he or she is the only one holding the private key. In this way, the confidentiality of the file becomes more secure.
When the hash function against a file is activated, the private key will encrypt the hash value. If anyone tries to change the contents of the file, it will produce a different hash value. From here, even the slightest changes to files can be tracked.
In the cryptographic method, there is also an arrangement called a public key infrastructure (PKI) that binds the public key to the identity of each entity, such as an individual or an organization. This binding is established through registration and issuance of electronic certificates by a certificate authority (CA) such as VIDA.
So, what exactly is a public key infrastructure?
Also known as public key infrastructure, PKI is a set of policies, systems, roles, procedures, hardware, and software needed to manage, create, use, store, distribute, and revoke electronic certificates, manage public key encryption, and perform validity. identity of an entity.
The goal is to facilitate the secure transfer of electronic information for various network activities, especially those that require confirmation of the identity of the parties involved in the communication, as well as validating the information or messages being transferred. In online transactions, this can be found in e-commerce activities or internet banking transactions.
Indeed, today many companies already use passwords for electronic information transfer. However, passwords are neither an authentication method nor an adequate form of proof given the high potential for hacking.
With such a structured way of working, digital signatures offer distinct advantages in securing online transactions. They are equipped with an ever-evolving array of technologies and advanced security systems. What are these advantages? Check out the list below.
Fraud cases are still found in online transactions. An example is a customer who steals someone else's identity to buy a product from a seller, then just runs away before making a payment. The use of digital signatures can help prevent this. Equipped with verification methods with AI technology, identity fraud can also be prevented.
That is especially true if you use a digital signature service that is protected by biometric authentication such as the one offered by VIDA, which uses face recognition, and matches the results with the data recorded at the Population and Civil Registration Service (Dukcapil). The results of digital identity authentication are even more accurate.
Online transactions are not only established between sellers and customers, but can also occur with other parties. One example is a contract in e-Commerce that needs to be carried out by management with sales partners or vendors. If both parties live in different cities, signing the contract manually will certainly take time and money, because you have to send documents back and forth to be signed.
However, with digital signatures, transactions are done online. Digital documents only need to be sent via email to the party concerned, thus saving time, effort, and costs - which can all be allocated for more important tasks.
The way digital signatures work involves a variety of methods to ensure their security. As we have seen, these include hash functions, public key infrastructure, encryption and cryptography. The combination of these methods creates a strong security system for digital signatures.
This is certainly very much needed by online transaction actors, for example e-Commerce companies that work with stakeholders and need to share vendor and customer data. Through digital signatures, you can collect customer data and consent while still complying with complex data-sharing regulations.
Digital signatures have proven themselves capable of securing online transactions. However, are they legitimate in the eyes of Indonesian law?
There is no need to worry. In Indonesia, digital signatures have the same level of legal validity as wet signatures, under Law (UU) No. 11 of 2008 concerning Information and Electronic Transactions (ITE) and Government Regulation (PP) No. 71 of 2019 concerning the Implementation of Electronic Systems and Transactions (PSTE).
However, according to PP PSTE, a new digital signature is considered to have legal force and legal effect as long as it fulfills the following requirements:
Digital-signature creation data relates only to the signer;
Only the signatory can create the digital-signature data at the time of the digital-signing process;
Any changes to the digital signature that occur after the time will be detected;
Any changes to the electronic information related to the digital signature after the time of signing will be detected;
There are certain methods used to identify who the signer is; and
There are certain ways to show that the signer has given consent to the associated electronic information.
When compared to wet signatures, digital signatures are able to secure online transactions more strongly. However, make sure the digital-signature service provider has complied with all the provisions set by the government. Use a certified digital signature such as that provided by VIDA. The electronic certificate issued by VIDA is a legally enforceable certificate that has been officially approved by the Ministry of Communication and Information in accordance with Decree No. 179 of 2019.