checked by Rich<\/p>\n
Indonesia lagging behind world in internet security<\/p>\n
Wasis Gunarto
\nContributor
\nJakarta<\/p>\n
Talking about internet banking leads us to the security
\naspects. The subject becomes more urgent as, in terms of security
\nfor banking transactions via the Internet, Indonesia is now
\nranked number two from the bottom, only better than the Ukraine,
\nin cyberfraud.<\/p>\n
A survey conducted by ClearCommerce Corporation (a company
\nthat provides solutions for real-time Internet transaction
\nprocessing, tracking and reporting) also indicated that about 20
\npercent of internet banking transactions originated from
\ncyberfraud.<\/p>\n
In its survey last year, CastleAsia (a company that
\nspecializes in business information and feasibility studies)
\nreported that approximately only 15 percent of middle- and small-
\nsized businesses in Indonesia were willing to use internet
\nbanking, as a large portion were worried about its security.<\/p>\n
The saddest part is if most businesspeople do not trust online
\ntransactions, the country's economy will eventually be affected.<\/p>\n
However, business activities have to continue in spite of this
\n"loophole" and illegal entries into websites by ruthless
\ncrackers. Just like a house with locked doors and windows plus
\nthe state-of-the-art security devices, the possibility of thieves
\nto outsmart them still exists.<\/p>\n
For transactions at the personal or individual level, security
\nis also problematic, as viruses and trojan horses can break into
\nalmost anyone's computer and the user's data -- Personal
\nIdentification (PIN) and Credit Card numbers etc. -- can be
\neasily stolen.<\/p>\n
One of my friends, during his college days, boasted about his
\nability to find out the e-mail passwords of other students.
\nHolding the print-out of the passwords, he explained how easy it
\nwas. "Just place a special recording device close to a computer,
\ncleverly hidden, of course, like I did in the campus, sit in the
\nback row and monitor my victims' data," he proudly added.<\/p>\n
This type of intruder exists everywhere and the number is
\ngrowing. With various sophisticated gadgets available on the
\nmarket, it is really terrifying how easy such valuable data,
\nincluding our hard-earned money, can be snatched away in seconds.<\/p>\n
Another enemy is the virus, for example lovebug and sircam.
\nThese viruses disrupted computers throughout the world and
\ncreated a worldwide panic as vital state secrets and bank data
\nhad been plundered. Philip Williams, from the Center of Internet
\nSecurity Expertise (CERT), confirmed that two major banks in the
\nUnited States and another in Switzerland were the victims of the
\nmerciless virus.<\/p>\n
All kinds of illegal access, including theft of subscribers'
\ndata, can also occur at Internet Service Providers, as, again, a
\ncracker can outsmart their security system by using a sniffer
\nprogram.<\/p>\n
Fake domains can also be created, causing both the bank and
\nits customers more than panic or headaches. News about ATM PINs
\nthat were forged created further havoc and the lowest sense of
\nsecurity for bank customers.<\/p>\n
However, advances in security technology, also in leaps and
\nbounds, are making it extremely difficult, almost next to
\nimpossible, for the bad guys to succeed. Various tools and layers
\nof protection are used: spyware, firewalls, Security Socker Layer
\n(SSL), public key cryptography and Certificate Authority (CA).<\/p>\n
SSL, first developed by Netscape, is like a protective
\nwrapping seal on the internet, making it "leakproof" and can only
\nbe opened by a special 128 byte combination "key", which is in
\nfact a password known only by the holder and recognized by the
\nreceiver or in this case, the bank's internet system. This
\nspecial combination key is usually called public key crytography.<\/p>\n
Cryptography was born in the days of the Roman empire. Its
\nemperor, Julius Caesar, did not trust his couriers. So, he
\nencrypted his messages, for example every letter 'A' should be
\nread as 'D', 'B' as 'E' and so forth. Only certain receivers of
\nthe messages, with prior knowledge of the special code, could
\nread his top secret messages.<\/p>\n
In the case of passwords for bank transactions, two kinds are
\nused: private keys and public keys. A public key is sent together
\nwith encrypted data and if a hacker gets hold of it, the private
\nkey, which is, again only known to both the holder and his bank,
\nprovides further security.<\/p>\n
To assure us of the authenticity of the key or the password, a
\ndigital certificate is required. This certificate contains
\ninformation that is related to the certificate owner and an
\nauthorization statement from a body or institution that
\nrecognizes or validates the password user as the authentic
\ncertificate owner.<\/p>\n
A digital certificate, inserted into a public and private key
\nor password, again makes it harder for any forgery.<\/p>\n
The most important aspect after all security actions is the
\nexistence of a body or institution that can be relied on to
\nguarantee, validate and consistently monitor every security
\naspect of a transaction via the Internet, including the digital
\ncertificates.<\/p>\n
This is where the important role of Certificate Authority (CA)
\nenters, which is a reputable and trusted body or institution that
\nrecords certificates, stores it in its server and authenticates
\nthe certificates whenever required.<\/p>\n
For banks in Indonesia that provide e-banking, the
\nprerequisites are registration and accreditation from an
\ninternational Certificate Authority, like Verisign, GlobalSign
\nand British Telecommunication, for a more secure and reliable
\ninternet banking.<\/p>\n
To date, Indonesia has no such institution, although its
\nexistence is acknowledged to help reduce the country's cybercrime
\nand enhance its e-commerce.<\/p>\n
With the upcoming highly advanced Third Generation (G3)
\ncommunication system that will automatically increase mobile
\nbanking, the need for a Certificate Authority in Indonesia is
\nbecoming ever greater.<\/p>\n
Along with that, of course, cyberlaws must come into force to
\nprovide consumers with the maximum sense of security for internet
\nbanking plus other transactions through the Internet. This way
\nrisk management for any company becomes less of a headache.<\/p>\n
Tips<\/p>\n
Internet banking service has several effective security
\ntechniques that we encourage you to implement when you use the
\nInternet banking service:<\/p>\n
1. Never reveal your password to anyone or leave your password
\nanywhere that someone else can obtain and use it.
\n2. Change your password on a regular basis.
\n3. Use the Exit button to end each Internet banking session. Do
\nnot use the Back button to exit the site.
\n4. Change your session timeout in User Options to a time that
\nmeets your needs.
\n5. Balance your account on a regular basis. Internet Banking
\nmakes it easy!<\/p>",
"url": "https:\/\/jawawa.id\/newsitem\/bichecked-by-richbi-1447899208",
"image": ""
},
"sponsor": "Okusi Associates",
"sponsor_url": "https:\/\/okusiassociates.com"
}