Indonesian Political, Business & Finance News

checked by Rich

| Source: JP

checked by Rich

Indonesia lagging behind world in internet security

Wasis Gunarto
Contributor
Jakarta

Talking about internet banking leads us to the security
aspects. The subject becomes more urgent as, in terms of security
for banking transactions via the Internet, Indonesia is now
ranked number two from the bottom, only better than the Ukraine,
in cyberfraud.

A survey conducted by ClearCommerce Corporation (a company
that provides solutions for real-time Internet transaction
processing, tracking and reporting) also indicated that about 20
percent of internet banking transactions originated from
cyberfraud.

In its survey last year, CastleAsia (a company that
specializes in business information and feasibility studies)
reported that approximately only 15 percent of middle- and small-
sized businesses in Indonesia were willing to use internet
banking, as a large portion were worried about its security.

The saddest part is if most businesspeople do not trust online
transactions, the country's economy will eventually be affected.

However, business activities have to continue in spite of this
"loophole" and illegal entries into websites by ruthless
crackers. Just like a house with locked doors and windows plus
the state-of-the-art security devices, the possibility of thieves
to outsmart them still exists.

For transactions at the personal or individual level, security
is also problematic, as viruses and trojan horses can break into
almost anyone's computer and the user's data -- Personal
Identification (PIN) and Credit Card numbers etc. -- can be
easily stolen.

One of my friends, during his college days, boasted about his
ability to find out the e-mail passwords of other students.
Holding the print-out of the passwords, he explained how easy it
was. "Just place a special recording device close to a computer,
cleverly hidden, of course, like I did in the campus, sit in the
back row and monitor my victims' data," he proudly added.

This type of intruder exists everywhere and the number is
growing. With various sophisticated gadgets available on the
market, it is really terrifying how easy such valuable data,
including our hard-earned money, can be snatched away in seconds.

Another enemy is the virus, for example lovebug and sircam.
These viruses disrupted computers throughout the world and
created a worldwide panic as vital state secrets and bank data
had been plundered. Philip Williams, from the Center of Internet
Security Expertise (CERT), confirmed that two major banks in the
United States and another in Switzerland were the victims of the
merciless virus.

All kinds of illegal access, including theft of subscribers'
data, can also occur at Internet Service Providers, as, again, a
cracker can outsmart their security system by using a sniffer
program.

Fake domains can also be created, causing both the bank and
its customers more than panic or headaches. News about ATM PINs
that were forged created further havoc and the lowest sense of
security for bank customers.

However, advances in security technology, also in leaps and
bounds, are making it extremely difficult, almost next to
impossible, for the bad guys to succeed. Various tools and layers
of protection are used: spyware, firewalls, Security Socker Layer
(SSL), public key cryptography and Certificate Authority (CA).

SSL, first developed by Netscape, is like a protective
wrapping seal on the internet, making it "leakproof" and can only
be opened by a special 128 byte combination "key", which is in
fact a password known only by the holder and recognized by the
receiver or in this case, the bank's internet system. This
special combination key is usually called public key crytography.

Cryptography was born in the days of the Roman empire. Its
emperor, Julius Caesar, did not trust his couriers. So, he
encrypted his messages, for example every letter 'A' should be
read as 'D', 'B' as 'E' and so forth. Only certain receivers of
the messages, with prior knowledge of the special code, could
read his top secret messages.

In the case of passwords for bank transactions, two kinds are
used: private keys and public keys. A public key is sent together
with encrypted data and if a hacker gets hold of it, the private
key, which is, again only known to both the holder and his bank,
provides further security.

To assure us of the authenticity of the key or the password, a
digital certificate is required. This certificate contains
information that is related to the certificate owner and an
authorization statement from a body or institution that
recognizes or validates the password user as the authentic
certificate owner.

A digital certificate, inserted into a public and private key
or password, again makes it harder for any forgery.

The most important aspect after all security actions is the
existence of a body or institution that can be relied on to
guarantee, validate and consistently monitor every security
aspect of a transaction via the Internet, including the digital
certificates.

This is where the important role of Certificate Authority (CA)
enters, which is a reputable and trusted body or institution that
records certificates, stores it in its server and authenticates
the certificates whenever required.

For banks in Indonesia that provide e-banking, the
prerequisites are registration and accreditation from an
international Certificate Authority, like Verisign, GlobalSign
and British Telecommunication, for a more secure and reliable
internet banking.

To date, Indonesia has no such institution, although its
existence is acknowledged to help reduce the country's cybercrime
and enhance its e-commerce.

With the upcoming highly advanced Third Generation (G3)
communication system that will automatically increase mobile
banking, the need for a Certificate Authority in Indonesia is
becoming ever greater.

Along with that, of course, cyberlaws must come into force to
provide consumers with the maximum sense of security for internet
banking plus other transactions through the Internet. This way
risk management for any company becomes less of a headache.

Tips

Internet banking service has several effective security
techniques that we encourage you to implement when you use the
Internet banking service:

1. Never reveal your password to anyone or leave your password
anywhere that someone else can obtain and use it.
2. Change your password on a regular basis.
3. Use the Exit button to end each Internet banking session. Do
not use the Back button to exit the site.
4. Change your session timeout in User Options to a time that
meets your needs.
5. Balance your account on a regular basis. Internet Banking
makes it easy!

View JSON | Print