|
|
| |
A Milestone in the Financial Industry – “Introduction of Digital Certification Services”
Certification Services”
The Payment Industry in Sri Lankan has evolved towards greater efficiencies and customer centricities, which has resulted in high reliance on advance technology. The rapid growth of the telecommunication infrastructure and other Information Communication Technologies (ICTs), such enterprise IT systems, the Internet, mobile gateways and information security has greatly contributed towards meeting this need.
The use of the Internet and electronic transactions has evolved rapidly in Sri Lanka in order to facilitate greater customer service and attract customers irrespective of their demographics. This is very evident by the high use of Internet Banking, CITS (Cheque Image Truncation System – LCPL’s next business day cheque clearing system throughout SL), SLIPS (Sri Lanka Interbank Payments) and other systems.
Secure electronic transactions will be an integral part of electronic commerce in the future. Without information security, the interests of the merchant, the consumer, and the credit or economic institution cannot be served effectively. Privacy of transactions, and authentication of all parties, is important for achieving the level of trust that will allow such transactions to flourish.
Though high technology brings about many advantages to the financial institutions and its customers, it also brings in great risks of information security and electronic fraud. Therefore as the use of electronic payments (e-payments) increases, the need for advanced IT security infrastructure is critical in order to prevent the risks associated with information security and unauthorized access.
Authentication is an important issue for users of electronic commerce. Consumers must have faith in the authenticity of the merchant, and merchants must have faith in the authenticity of the consumer. Authentication is critical to achieving trust in electronic commerce. This is achieved through the use of digital signatures. Digital signatures are aimed at achieving a higher level of trust as a written signature has in real life. This helps to achieve non-repudiation, and the recipient cannot later establish that the message wasn’t sent using his private key.
One of the principal objectives of this exercise is to promote public confidence in the authenticity, integrity and reliability of data messages, electronic documents, electronic records or other communications.
Recognizing this need the Central Bank of Sri Lanka requested LankaClear (Pvt.) Ltd. (LCPL) to be the financial sector Certificate Service Provider (CSP). Therefore LCPL under the guidance of the Central Bank and ICT Agency of Sri Lanka and with the technical assistance of TechCERT, LCPL has launched Sri Lanka’s first Certificate Authority (CA) under the brand name LANKASIGN in accordance with the Electronic Transaction Act, No.19 of 2006 and the Computer Crimes Act, No. 24 of 2007, which affords legal protection arising from electronic fraud.
A CSP is an authority on a network that issues and manages security credentials and public keys for message encryption. As part of a public key infrastructure (PKI), a CSP checks with a Registration Authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can then issue a digital certificate that can be used for the purpose of signing and encrypting electronic transactions.
LANKASIGN (LCPL – CSP) in its first phase will provide digital certificates to the participant banks in the Common Payment Switch (CPS – Online, real-time electronic fund transfer system between banks) and the planned enhancements for the CITS direct connectivity. In the second phase the LCPL – CSP will provide digital certificates for all financial sector enterprise applications and end users. This will be of great value to the financial sector in Sri Lanka as the digital certificates of LCPL - CSP will be sold as a very competitive price compared to that of other foreign CSPs.
LANKASIGN is implemented on the RedHat Open CA (an authority in a network that issues and manages security credentials and public keys for message encryption) which uses of X.509 (the international standard for a digital certificate) digital certificates and associated technologies running on advanced, highly secure and a scalable platform with a Secure Root Key management system. For the first phase of this the LCPL – CSP, the CA and Public Key Infrastructure (PKI) will be made available on LCPL’s Virtual Private Network (VPN) and in the second phase be made available on the public network.
The LANKASIGN was launched on 22nd May, 2009 by Dr. Mrs. Ranee Jayamaha, Deputy Governor of Central Bank of Sri Lanka, and the first two recipients of the digital certificates were Bank of Ceylon and Sampath Bank. This launch will not only be a major milestone for the ICT in the Sri Lankan, but will greatly encourage more institutions in financial sector to adopt cost effective digital certificate based technology for greater information security.
|
|
