Jakarta, 25 November 2020 – PT Indonesia Digital Identity (VIDA) becomes the first WebTrust accredited Certificate Authority (CA) company in Indonesia, licensed under the Indonesian Ministry of ICT. The company focuses on identity proofing and multi-factor authentication. It has close partnerships with the Indonesian Ministry of Home Affairs' National ID database, and is part of OJK (Financial Services Authority)’s regulatory sandbox and registered as Bank Indonesia's financial technology provider.
WebTrust is an international dominant standard that requires CAs to undergo comprehensive annual audits through which the adequacy and effectiveness of controls deployed by a Certification Authority is assessed. WebTrust Certification is developed and managed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). WebTrust for CA 2.2, which VIDA has undergone, comprises 7 criteria forming 325 controls and will be verified annually. The requirements include privacy, security, business practices/transaction integrity, availability, confidentiality or non-repudiation. In Indonesia, currently the international certification has only been obtained by the Root Certification Authority (CA) managed by the Directorate General of Informatics Applications of the Ministry of Communications and Informatics.
Sati Rasuanto, CEO of VIDA explained, “As the world continues to go digital at an accelerated pace, consumer and business concerns on digital privacy and data security have also increased significantly. To respond to the concerns of data security, VIDA aims to continuously provide more assurance on the legitimacy of businesses that offer goods and services in the digital platform. Obtaining WebTrust certification, which is one of the highest recognized standards internationally, allows VIDA to provide high assurance for both companies and customers that the application being accessed maintains the privacy and security of user data.”
“The key value of the digital certificate is to verify that a person sending a message is who he or she claims to be, which is uniquely aligned with eKYC and authentication requirements. The CA issued digital certificates, efficiently packaged together information about the public keys, the encryption algorithms used, the owner, the digital signature of a Certificate Authority that has verified the owner, and validity dates. It follows that a digital certificate can then be used to encrypt and “sign” information digitally - enabling security trust in the online world,” explained Gajendran Kandasamy, Chief Operations Officer, VIDA.
“Building on ISO 27001 and Electronic Certificate Operator (PSrE) certifications, VIDA pursued compliance to WebTrust CA requirements to strengthen our systems and processes toward world class expectations. This accomplishment enables inclusion in the trust-lists of prominent ecosystems,” explained Gajendran further.
The Ministry of Communications & Informatics through Law Number 19 of 2016 stated that Certificate Authority must be legally certified to issue digital certificates. VIDA has been certified as CA at KOMINFO since 2019. The addition of the WebTrust certification obtained by VIDA shows the company's commitment to maintain public trust through a guaranteed data system, so that the public can carry out financial transactions safely.
“WebTrust is a form of assurance service that provides reasonable guarantee for the performance effectiveness of a business or digital application and its compliance to applied standards and regulation. Given how important cybersecurity is for us, VIDA is continuously undertaking measures to be at par or even exceed global security benchmarks. With state-of-the-art features along with the best security system and WebTrust certification, VIDA aims to not only serve its clients well, but to also show that a small startup from Indonesia like us can provide the kinds of level of assurance provided by other large multinational technology companies. I am especially proud of our team for getting this certification in the midst of the pandemic. This is definitely not an easy feat. As we continue to grow our impact, we hope to build a digital identity company that can make Indonesia proud,” closed Sati.
About VIDA - PT Indonesia Digital Identity
Established in 2018, PT Indonesia Digital Identity (VIDA) is a company registered and recognized by the Indonesian government as an Electronic Certificate Operator (PSrE) or Certificate Authority (CA) through the Ministry of IT & Communication, Indonesia (Kominfo). By becoming a CA, VIDA has the authority to issue authentic Electronic Certificates and a legally binding Electronic Signature. VIDA was founded to digitize and secure individual identities, validated with reliable data (authoritative sources).
In addition, VIDA is also registered as an IKD (Digital Financial Innovation) organizer registered with the OJK. The products and solutions offered by VIDA can be adopted by various sectors and industries, including the financial services industry to facilitate direct verification to customers. VIDA also believes in instilling digital trust among its users and strengthening compliance and is therefore registered under the OJK and BI regulatory sandbox regulations.
WebTrust is an assurance service jointly developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). WebTrust relies on a series of principles and criteria designed to promote confidence and trust between consumers and companies conducting business on the Internet. Public accounting firms and practitioners, who obtain a WebTrust business license from the AICPA or CICA, can provide assurance services to evaluate and test whether a particular web site meets any one of the Trust Services principles and criteria. The WebTrust seal of assurance is placed on the organization's web site following the engagement and signifies the practitioner's unqualified opinion.