Friday, June 26, 2009

The Application of 3rd Party Certification Programme in Malaysia

E-commerce has been developed and widely used by the internet users since many years ago. However, security and lack of trust on the e-commerce are the main concern among the internet users. Phishing is one of the example in security issue. Hence we need a well-mandated security infrastructure on e-commerce websites in order to enhance the confidence among of the internet users on them.

As a result, there is a security practice on e-commerce websites called certification programme. It can be called "third party certification programme" because it is performed by a third party. It is also called Certificate Authorities (CA). Third party cerification is an accessment carried out to ensure compliance with a publicly available technical specification. Importantly, the accessment is carried out by an independent, third party organization that is qualified and licensed to issue certification when the accessment is successfully completed.

This means that rather than an organization or company claiming to comply with industry standards, they have taken their commitment to quality further and invited in an external third party to verify that their product or service does indeed complywith the industry standards. There are two main certificate authorities involve in third party certification programme in Malaysia, which are MSC Trustgate and Verisign.

MSC Sdn Bhd is a licensed Certification Authority (CA) operating within the Multimedia Super Corridor. MSC Trustgate was incorporated in 1999 to meet the growing need for secure open network communications and become the catalyst for the growth of e-commerce, both locally and across the ASEAN region. Trustgate is licensed under the Digital Signature Act 1997 (DSA), a Malaysia law that sets a global precedent for the mandate of a CA. As a CA, Trustgate core's business is to provide digital certification services, including digital certificates, cryptographic products, and software development. The products and services of Trustgate are SSL Certificates, MyKAD ID, MyTrust, Managed PKI, SSL PKN, Personal ID, Managed Security Services, Verisign Certified Training and Development. It provides security solution for individuals, enterprises, government and e-commerce services providers using digital certificates, digital signature, encryption and decryption as this is the primary concern of entering into the new Internet economy. The vision of Trustgate is to enable organizations to conduct their business securely over the Internet, as much as what they have been enjoying in the physical world.

Except of MSC Trustgate, Verisign Secure Site is used to ensure data confidentiality and integrity, it leading Secure Sockets Layer (SSL) Certificate Authority which also enabling the security of e-commerce, communications and interactions for websites, intranets and extranets. It provides security solutions to protect an organization's consumers, brand, website and network. By Verisign, all information transmitted through Internet is encryptedusing the 128-bit SSL protocal. SSL is a secure way of transferring information between 2 computer on the Internet using encryption. Strong end to end encryption is also adopted within the bank's computer networks and resources.

Verisign infrastructure helps organizations to deliver in the Any Era and realize the maximum profit. It is also towards that goal that we focus our company, our technology, our services and our people. It helps companies and consumers all over the world to engage in trusted communications and commerce.

The Diagram below shows how Verisign tackle spamming and its solutions:

In conclusion, the establishment of Certificate Authorities is important and they play vital role not only to catalysts the growth of e-commerce but also to inspect the security of e-commerce websites as it provides a safe and secure protection. More e-consumer can now shop and purchase online cafe-free while their personal information or confidentiality is protected.