Digital Signature in Financial Transactions
Chapter One
Objectives of the Research
The objectives of this research are:-
- To critically review the current legislations on electronic signatures;
- To critically review the technologies underlying the electronic signatures and digital signatures;
- To critically review the need to have an effective internal control system and the impact of emerging technologies like electronic signatures and signatures to financial transactions;
- To critically review the risks associated with electronic signatures;
- To propose a Risk Management Framework for electronic signature;
- To critically the review the costs of implementing the electronic signature as a way to mitigate the risk of doing business in a paperless environment;
- To examine how internal control system can complement the implementation of electronic signatures\
CHAPTER TWO
LITERATURE REVIEW
Using an electronic signature to replace a handwritten signature has long been touted as the technology will create trust and confidence in a paperless environment. This section is a review on electronic signatures based on literatures taken from various journals, text books, white papers, and Internet web sites.
Signatures and the Law
Christopher Kuner and Anja Miedbordt (1999) argue that the differences in the definition of “written signature” have great influence in the national and international policies on electronic authentication using US and Germany as references. US law is gradually reducing the scope of handwritten signature requirements by placing greatest emphasis on the intent of the parties. In contrast, German Digital Signature Law does not deal with the legal status of electronic signature but requires a high- security technical standard because of the stringent requirements for pen-on-paper signatures. From these two examples, it is not surprising that different countries frequently have quite different concepts in mind when they talk about electronic signature
Robins, Kaplan, Miller & Ciresi (2000) provide frequently asked questions on Electronic Signatures in Global and National Commerce Act (ESIGN) signed by President Clinton on June 30, 2000 and went into effect on October 1, 2000. ESIGN defines electronic signatures as “an electronic sound, or process attached to or logically associated with a contract or other record and executed or adopted by with the intent to sign the record“. The ESIGN Act is a technology neutral legislation because it does not favor any particular security technology or media. According to ESIGN, electronic signature can come in many forms, including PIN numbers, passwords, or even clicking an icon. However, ESIGN does contain exceptions on the use of electronic signatures and records in some areas. It looks like it is up to the parties to the transaction to determine the form of electronic signature. In this connection, the paper by Schroers, J et al.(2015 provides an overview of development of eSignature in Belgium and German through comparing the e-signature provisions with the regulations, thereby providing the requirements of qualified electronic signatures and its application using a questionnaire format.
Daniel Uhlfelder (2000) provides an introduction to the Electronic Signature in Global and National Commerce Act (ESIGN), which validating the use of electronic records and electronic signatures. Digital Signature Bill (1997) defines digital signature as a public key which can accurately determine
a) whether the transformation was created using the private key that corresponds to the signer’s public key; and b) whether the message has been altered since the transformation was made. The Act in essence allows digital signature among others: 1) to function on electronic documents the same way as traditional handwritten signature; 2) applies to e-mail, Internet transactions, smart cards, etc; 3) allows for secured transmission of sensitive documents on the Internet.
Rath et el.(2015) observed that the increase in Foreign Direct Investments in several sectors such as services, logistics, telecom in China and its subsequent entry into World Trade Organization resulted in several reforms in regulation related to e-commerce and introduction of the ‘E-signature Law’. The law grants e-signatures the same effect as handwritten signatures. However, the process of developing new laws has become very complex, causing uncertainties and likely to lead to reduced confidence in ICT and logistics industry.
Todd Hartman (2001) provides an overview of the US state and federal laws governing the need for and effect of electronic signatures. Electronic signatures and digital signatures are two different concepts that are often confused by many. Digital signature generally refers to the specific technological process of authenticating a document and a separate person agreeing to the document through the use of a public key encryption system. Electronic signature refers to any electronic mark, process or record that meets the legal requirements for verifying a document and a signatory. The author correctly pointed out the confusion between electronic signature and digital signature and it can be accepted that digital signature is really one form of electronic signature. However, different business models and environments will require different types of electronic signature for practical and commercial reasons even though electronic signature like password or pin number is considered to be a weak authentication approach but this method of authentication has been used for years in ATM card or Shell’s Petrol Fleet card.
CHAPTER THREE
RESEARCH METHODOLOGY
The research design for this study is based on secondary sources based on information gathered from various business magazines, journals, white papers, text books and Internet. The research framework for discussion, analysis and finding is shown in the following diagram: ─
CHAPTER FOUR
DISCUSSION, ANALYSIS AND FINDING
The Need to Develop a Risk Management Framework for Electronic Signature
The use of electronic signatures especially digital signatures helps to strengthen trust and confidence in paperless environment where information and documents, financial transactions or personal information are transmitted in a secure manner. However, it also entails potential risks, some of which are known and understood others are known but less understood, and still other are unknown.
CHAPTER FIVE
CONCLUSIONS AND RECOMMENDATIONS
Conclusion
There are many risks associated with electronic signatures and not all of them created equal. The business objectives of a signature are to provide attribution, affirmation, authentication, and non- repudiation. Digital signature is one form of electronic signatures that uses PKI technology and appeared to be the most logical choice for E-commerce scenario. From the discussion and analysis, a formal clearly written Risk Management Framework should assist management to systematically identify, evaluate, quantify, assess, monitor and control the risks in implementing applications that make use of electronic signature technology. To manage, track and mitigate these risks, a Risk Management Scorecard using Balanced Scorecard format will help. Electronic signatures are normally part of the “e” initiatives in a company. It can also be employed in other forms of security implementation that do not go through Internet such as ATM, immigration checking, etc, The Risk Management Framework is applicable to any type of application that requires electronic signatures for security.
The implementation of electronic signature should be complemented by an effective internal control system. A company must bear in that electronic signatures only help to answer part of the internal controls required in a paperless environment. Moreover, electronic signatures do not always work as intended. If this is not mitigated with an effective internal control system, it may potentially result in great financial losses to or legal actions against the organization or company.
In selecting an electronic signature technology to implement, companies need to evaluate whether the technology achieve what they wanted, cost and complexity of the technology, whether there is a need to push tools or techniques to the customers, who to place the trust on, and compatibility and interoperability of electronic signatures. Standards are required to ensure compatibility and interoperability of digital signatures. There are still bumpy roads ahead before we could see a wide acceptance and usage of electronic signatures in the electronic transaction environment.
References
- Abbdal, S. H., Kadhim, T. A., Abduljabbar, Z. A., Hussien, Z. A., Yassin, A. A., Hussain, M. A., & Waley, S. (2016). Ensuring Data Integrity Scheme Based on Digital Signature and Iris Features in Cloud. Indonesian Journal of Electrical Engineering and Computer Science, 2(2), 452-460.
- Ali Farhoomand with Peter Lovelock (2001), “Global e-Commerce – Text and Cases”, Prentice Hall. Ambedkar, B. R., Gupta, A., & Bedi, S. S. (2016). Confidentiality of Group Digital Signature Using Proposed Public Keys Encryption Algorithm. International Journal of Engineering Science, 2303.
- American Bar Association (1996), “Digital Signature Guidelines Tutorial”. The American Bar Association, December. URL: http://www.abanet.org/scitech/ec/sc/isc/dsg-tutorial.html .
- Bank Negara Malaysia (2000), “Guidelines on Provision of Internet Insurance/Takaful by Insurers and Takaful Operators”, Bank Negara Malaysia.
- Bartley, Joshua A., and Maxwell J. Battcher. (2016) “E-SIGNATURE.” U.S. Patent 20,160,179,776, .
- E-SIGNATURE United States Patent Application 20160179776
- Bennett Gold (2001), “Considering Security and Control”, The New Straits Times, July. URL: http://www.e-commercellert.com/article311.html
- Bond, M., Choudary, O., Murdoch, S. J., Skorobogatov, S., & Anderson, R. (2014). Chip and Skim: cloning EMV cards with the pre-play attack. In 2014 IEEE Symposium on Security and Privacy (pp. 49-64). IEEE.
