TheJakartaPost

Please Update your browser

Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.

Jakarta Post

Fintech Talk: Fintech and electronic signatures

M. Ajisatria Suleiman (JP)
Jakarta
Tue, February 21, 2017

Share This Article

Change Size

Fintech Talk: Fintech and electronic signatures Illustration of fin-tech. (Shutterstock/File)

F

intech is an umbrella term that encompasses a spectrum of products and services auxiliary to the financial sector, from payment systems, insurance and capital markets to loan provision.

Unfortunately, the activities of fintech presently face great obstacles in achieving a fully digitized service paradigm amid a difficult transition from physical documents.

Payment gateways still require physical documents to connect online merchants with banks. Financial product aggregators or insurance policies also oblige potential clients to fill in a physical document as a prerequisite.

Admittedly, breakthroughs have been made for certain financial products, such as mutual funds that can now be fully purchased online for new clients or the “full digital onboarding experience” adopted by several online lending companies.

However, it is important to highlight that those practices are currently sporadic and are not sustained by a universal policy or regulation.

The use of fully digital documents faces an obvious challenge — the definition and form of “signatures” acceptable by law.

The legal construct in Indonesia regulates “electronic signatures” under Law No. 11/2008 on information and electronic transactions (ITE).

Under the ITE Law, an electronic signature is defined as a signature comprised of electronic information that is attached, associated or interconnected with other electronic information as a mean of verification and authentication.

It means all methods and formats of an electronic signature are admissible by law with the caveat that they satisfy the elements constituting an electronic signature.

If the ITE Law allows the use of electronic signatures, what is the cause for the low adoption rate of electronic signatures in Indonesia?

Adopting and operating electronic signatures, in practice, is not a walk in the park.

Operators are required to have a highly secure and reliable system in place to guarantee that information attached to electronic signatures cannot be easily modified and or bypassed (non-repudiation principle).

In the case of a dispute, operators of electronic signatures are required to prove the reliability of their system through expert verification.

Essentially, a third party is contracted to certify the electronic signature, which indicates the signature bearer’s status as a legal subject (verification principle), then ensures that the signatory subject does not bypass any documents made in the future (authentication principle).

The role of certification is similar to that of a public notary who verifies through physical inspection and keeps records of original documents to guarantee authenticity.

Government Regulation (PP) No. 82/2012 on operationalization of electronic systems and transactions stipulates two electronic signature models: uncertified models (e.g. a scanned image of a signature that is attached digitally to a document) and certified models.

Certified electronic signatures are made through the services rendered by electronic certification operators and are authenticated by an electronic certificate.

Asymmetric cryptography technology through public key infrastructure is admissible for electronic signatures, as it undergoes certification with the highest grade of verification and authentication available to date.

In addition to the methods described above, other means of verification do exist, such as personal identification numbers (PIN), a username/password system with an authorizing token, or biometric systems (fingerprint or retina scan).

What needs to be emphasized is the two-step authentication to prove “what you have”, “what you know”, or “who you are” (Article 39 of PP No. 82/2012).

Fintech business actors have yet to decide which method and authentication system is most strategic for their businesses.

In principle, even uncertified electronic signatures possess a degree of authenticity value, albeit weak, as they are subject to being easily bypassed by the bearer or even modified by other parties.

Business players, however, are still doubtful about adopting a specific model due to liability risks that would put them under heavy scrutiny in the case of a dispute.

Approaching the end of 2016, the Communications and Information Ministry introduced a fully certified electronic signature (digital signature) named Sivion.

Unfortunately, attaining Sivion certification is not easy, as it requires physical verification in the handover of the digital certificate.

Meanwhile, not all transaction schemes need full authentication systems that require physical verification and the adoption of asymmetric cryptography and public key infrastructure.

The essence of fintech is the establishment of new financial distribution avenues that gravitate to retail, so it needs to be able to cater to micro transactions.

In lieu of this, a solution that classifies transactional nomenclature according to its certification requirements is necessary.

PP No. 82/2012 governs several acceptable aspects of electronic certification — registered, certified and rooted.

The role of financial authorities is to provide transaction criteria based on the acceptability domain.

Fully digital certification is necessary to authenticate high-volume transactions.

At the other end of the spectrum, transactions with lower nominals need a verification and authentication method that is more efficiently expedited.

At the end of the day, fintech exists to support financial inclusion through technology that is fast, easy and low-cost.

 

The writer is a public policy director at the Indonesian Fintech Association.



{

Your Opinion Matters

Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.

Enter at least 30 characters
0 / 30

Thank You

Thank you for sharing your thoughts. We appreciate your feedback.