KUALA LUMPUR: The use of digital signatures, especially for important documents that have financial and legal risks, can increase the security of online transactions to ensure the validity and integrity of each document is guaranteed.
Malaysian Communications and Multimedia Commission (MCMC) head of Digital Transformation and Adoption Mohd Fairus Muhamad said this is because after a digital signature is made on a document, the digital certificate will be embedded in the document and this cannot be altered as any changes even to one alphabet will be detected.”
“The digital certificate process is produced using asymmetric cryptographic algorithms. It has a public key and private key issued by a licenced certification body where the public key ensures the validity of the signer’s identity whereas the private key produces a digital certificate attesting to the signature,” he said.
He said this when interviewed on the Bernama TV’s programme Ruang Bicara: Bicara MCMC titled ‘Tandatangan Digital: Pastikan Data Peribadi Selamat’ last night (Oct 31).
Elaborating further, Mohd Fairus said a trusted and secure digital signature ecosystem is an important element to ensure the security of online transactions as well as preventing any individuals from becoming victims of scams.
“This ecosystem involves MCMC as the regulator. Besides regulating MCMC also issues licences for activities of Licensed Certification Authorities (CA) and ensures compliance with the Digital Signature Act 1997 and Digital Signature Regulations 1998.
“CAs play a role in issuing digital certificates to customers, organising recognised repositories and ensuring the use of safe and trusted Public Key Infrastructure. There is also a certified accountant responsible for implementing a performance audit of CAs and submitting an audit report to MCMC,” he said.
In this matter, he said a customer or digital certificate owner also needs to take care and keep the private key safely as stipulated in Section 43, Digital Signature Act 1997.
“Section 43 of the Digital Signature Act provides that it is the duty of the customer or individual or user to keep the private key safe and prevent its disclosure to any person,” he said.
“The user needs to protect the digital signatures from being compromised. Individuals and organisations need to follow the best practices to keep private keys, use strong passwords or password protection, as well as regularly update digital signature software and ensure the security of devices used to sign documents,” he said.
Meanwhile, Communications and Multimedia Consumer Forum of Malaysia (CFM) chairman Megat Ishak Maamunor Rashid, who was a guest on Ruang Bicara titled ‘Kemudaratan Dalam Talian: Penjualan Tidak Sah’, said to avoid falling victim to online sales scams, there are several ‘red flags’ to take note of.
“When purchasing items, the red flags we need to watch out for are when sellers ask for your full name, identity card number, (bank) account number and home address, and additionally you must be wary when the item offered is much cheaper than the normal price.
“Buyers can also ask the sellers for the cash on delivery (COD) method, and if they (sellers) say they are unable to offer this then do not proceed with the purchase, or if they (sellers) agree to COD, then make sure you open the package in front of the sender to check the item,” he said.
He also said that normally victims of online sales scams lack awareness and do not buy items on reliable business platforms such as Lazada, Shopee or the like.
“We at CFM do not handle cases related to scams or illegal sales, but we are more concerned with raising the level of consumer awareness related to things like these,” he added. – BERNAMA
