Indonesia's financial services sector has witnessed a rapid digital transformation in recent years, bringing greater convenience and efficiency to consumers and businesses alike. However, with these advancements come new challenges, particularly in ensuring the security and authenticity of digital transactions.
The increasing internet use, smartphones, and better digital knowledge has led to a higher demand for online financial services. Over the past ten years, the number of fintech companies in Indonesia has grown six times, going from only 51 active companies in 2011 to 334 in 2022.
The interest and involvement of customers with fintech services are constantly increasing, especially in recent times. Customer penetration for payments, lending, and wealth has grown rapidly, driving significant uplift in value, more than USD 17 Billion loans disbursed for 2022, growing at 140%.
Nevertheless, this digital transformation brings its own set of challenges, with one of the most significant being the assurance of secure and trustworthy online transactions. This is where the importance of identity-verified digital signatures becomes essential.
The Importance of Digital Signatures in Financial Services
Digital signatures are essential in transforming financial services. It securely validates electronic documents and transactions, making processes more efficient, reducing paperwork, and enabling remote operations. Digital signatures offer a secure method of signing important documents, just like the traditional pen-and-paper signatures, but with an added layer of security and convenience.
As data breaches become more prevalent in the news, the importance of strong cybersecurity measures cannot be ignored. Identity-verified digital signatures play a vital role in this aspect by providing a reliable way to confirm a user's identity and protect their data. By implementing digital signatures, financial institutions can reduce the risk of identity theft and fraudulent transactions, enhancing their services' overall security and reliability in building customer trust.
Digital Signature Regulation
Financial institutions in Indonesia prioritize compliance with regulatory standards. By using digital signatures, they can adhere to Indonesia's regulatory framework, such as:
UU PDP No.27/2022 – Personal Data Protection Law
UU PDP (Undang-Undang Perlindungan Data Pribadi or Personal Data Protection Law) No. 27/2022 outlines the legal framework for protecting personal data in Indonesia. The Data Controller is required to ensure the accuracy, completeness, and consistency of Personal Data by the provisions of the laws and regulations. To ensure this, the Data Controller must conduct verification of the Personal Data.
UU ITE Article 26
Financial service providers in Indonesia must obtain explicit consent from users before collecting, using, or sharing their data. This regulation ensures that users have control over their information and helps protect them from unauthorized use or data breaches. Implementing identity-verified digital signatures in the consent process strengthens the integrity of this consent, mitigating the risk of fraudulent activities and unauthorized access to sensitive data.
UU 19/2016 ITE and PP PSPE and Permenkominfo 11/2022
To become a legally binding digital signature provider in Indonesia, certain requirements must be met. The digital signature must be capable of authentication and verification and must be issued through a Certificate Authority under the Ministry of Communications and Informatics.
Risk of Fines for Non-Compliance
Failure to comply with the consent requirements and ensuring proper identity verification can result in severe penalties and fines for financial service providers, such as:
1. Compensation Lawsuit (Gugatan Ganti Rugi)
If a party suffers losses due to non-compliance with digital signature regulations, they may file a compensation lawsuit seeking financial restitution.
2. Administrative Sanctions (Sanksi Administrasi)
Regulatory authorities may impose administrative penalties for violations of digital signature requirements, including:
-
Written Warning
A written warning may be issued to the non-compliant party, urging them to rectify the violations.
-
Temporary Suspension of Processing Activities
In severe cases of non-compliance, the processing activities related to the digital signature may be temporarily halted.
-
Deletion or Destruction of Personal Data
Failure to comply with data protection regulations may result in the requirement to delete or destroy personal data obtained through non-compliant digital signature activities.
-
Administrative Fines
Non-compliant parties may face administrative fines calculated based on a specific formula, such as 2% of annual revenue multiplied by the variable of compliance violation severity.
3. Criminal Sanctions
Non-compliance with digital signature regulations may lead to criminal penalties.
-
Imprisonment and/or Fines (Pidana Badan dan atau Denda)
Individuals or entities found guilty of non-compliance may face imprisonment and/or fines.
-
Additional Penalties of Asset Confiscation and Compensation
In addition to fines or imprisonment, further penalties may include the confiscation of assets and the obligation to compensate for losses incurred.
-
Penalties for Executives and Corporations
Individuals responsible for non-compliance, as well as the corporation itself, may be subject to legal penalties.
-
Business Activity Suspension for up to 5 years
In severe cases, the regulatory authorities may temporarily suspend the business activities of the non-compliant party for a maximum period of 5 years.
These fines not only have financial implications but can also damage the organization's reputation, leading to a loss of trust among customers.
VIDA as a trusted Certificate Authority (CA)
As a Certificate Authority (CA) under the Ministry of Communications and Informatics, VIDA participates in the security of users' data, such as for digital signature services. VIDA products have also received certification from WebTrust, Adobe Approved Trust List, ISO 27001, and the Cloud Signature Consortium TSP to increase digital trust for the public to use digital signatures.
VIDA also applies world security standards, such as Public Key Infrastructure, network security, and biometric authentication is powered by top-global biometric AI verification with liveness detection to provide an instant, seamless, and secure user experience. That way, the identity of users of digital services can be guaranteed, minimizing fraud and protecting user identities.
VIDA's comprehensive security features are anticipated to give the public digital trust in utilizing fintech services. Click here for more info.