Digital Signature and Loans Applications

Digital signatures can be very useful when it comes to applying for a loan, irrespective of the type of loan.

You can choose the type of loan you are looking for and your lender of choice and fill out the application form online. No, the next step is not printing the application form. Rather, you affix your digital signature to the form and submit it online itself. Once the application is approved, the Loan Agreement will be drawn up which you need to sign. Again, you can sign it using the same digital signature. Thus, the entire application process is completed online in the most secure way possible. Not only this, you can save yourself the time and effort of visiting your lending institution's office.

Loans applied for in this way are called "eloans". Eloans are here and here to stay, making life easier for all.

Information Security - 3

For individuals and businesses alike, keeping data secure can often be a survival issue. Critical business statistics and more importantly, sensitive personal information about customers like PAN, debit card details etc if compromised, can lead to lawsuits and losses in billions of rupees for the company.
On the other hand, the head of a household who has stored the family's financial data on his desktop can go into a state of shock if his house is broken into and the computer stolen. Thieves may often not be interested so much in the gadget's value as in the information it contains and the potential for bigger gains by manipulating it. So here are some general tips to help you keep your personal information safe:

Store business and personal information separately
Avoid storing your Form 16 soft copy on your office desktop. If you have downloaded it to take a printout, delete the file or forward it to your personal email address and wipe it out from your office machine. The same rule applies for storing other information that is of a personal nature. Keeping your personal life and professional life apart probably applies most when it comes to security of information.

Fraudulent phone calls
Sometimes, while you are busy at work, just to get over with telemarketing calls, you may unconsciously give out sensitive personal details to the caller. Avoid it. For any call where you are required to reveal your account or credit/debit card number for certain transactions/enquiries, always insist that you be routed to an interactive voice response system (IVR). On an IVR, you punch in the number manually and the system recognises the DTMF tones generated by your phone. If you are using a landline telephone with a pulse/tone option, switch over to Tone or 'T' option and then punch in the numbers. If it does not have this option and only uses pulse, make the call some other time from a phone having the Tone option.

Wireless devices
Devices like laptops and mobile phones using the Blackberry service must be guarded very closely. Only employees who absolutely need to use these devices must be allocated the same. While you are travelling, never leave your laptop or Blackberry unattended. While travelling by air, never check it in registered baggage unless the airport/airline/security personnel ask you to do so. Carry it with you as cabin baggage. Enable finger print recognition in laptops. Avoid using the wallet feature in mobiles.

There is much more that can be done to ensure security of your data. The reason why we need to be on guard today is because more information is being exchanged across the globe now than ever before. While earlier it would take a few minutes for a telegraph to be transmitted, a text message now can travel the globe in a fraction of a second!

Information security - 2

Data security can be compromised by personal presence too. Let us look at 3 ways in which a person with malicious intent can try to take a peek into your sensitive information.

Shoulder surfing
Notice how your boss stands behind you at your workstation, as if to see whether you do things right. Now imagine that instead of your workstation, you are in a cyber café and instead of your boss, a stranger is standing behind you. If his intention is to grab some information from your screen or observe your keystrokes as you type your password, he is said to be shoulder-surfing.
Precaution: Always make sure no one stands behind you, observing what you do - not even the café owner/manager.

Dumpster diving
Some people are so desperate for information; they actually dive into a garbage bin and dig out paper containing data that is important from their viewpoint. It could be a draft of some report, or the printout of an as yet confidential financial statement. It may seem messy, but such people do not mind dirtying their hands to lay hold of material that could possibly make them millionaires.
Precaution: If your office has a shredder, use it to shred all waste paper as a habit or even as a rule. Or simply tear the paper into small bits if you don't have a shredder.

Piggy-backing
Most Corporates these days restrict entry to their premises to people holding electronic access cards. Have you ever observed strangers quietly sneak in behind an employee who enters swiping his access card? Who knows, that person could hang around with open eyes and ears and study the layout of your building. He could learn where your company's server room and other sensitive areas are.
Precaution: Make sure that when you swipe your access card, nobody follows you. If someone does follow, alert the security guard and get that person frisked. It's not only about bombs. Information getting leaked out can lead to potentially incalculable losses.

Information security - 1

In the wake of the Mumbai terror tragedy, people in India have become very conscious of their safety. Safety, however, is important also when it comes to your personal information. Besides obvious threats to life and health, when safety and security are not taken seriously, violation of personal information can occur, which poses its own unique hazards. Let us look at a few of these in brief.

Hidden dangers

Phishing: A dreaded term in the online world is phishing. Just like the fish that cannot see the fishing net coming into the water to trap them, the internet surfer does not know that he is clicking his way to a phoney website that asks him for confidential information like username, password, account number etc. Beware of emails that lure you to an unknown website or an email from an address that reads like one of the banks you have an account with. Clicking may lead you onto a similar-looking, but phoney website.

Hacking: This is different from phishing in that here, a person uses a special software or device that gives him access to your computer. He can then use your computer to suit his needs. E.g. the hacker may use a program that can read your keystrokes when you type your password while logging you’re your net banking account. Techies with constructive motives have designed the "virtual keyboard" where you click on the onscreen keyboard and the characters fill up the password field. Hackers cannot ead the clicks. So your password is safe. But as with phishing, the choice to exercise caution is yours.

Further in this series, you will learn about real dangers as opposed to virtual ones. We will also give you tips on how to exercise caution and be two steps ahead of potential cyber criminals. Technology can be abused. But abuse leads to R & D and new discoveries.

So stay tuned-in for more!

Why Digital Signatures ??

Designing new systems to authenticate users has proven to be costly and cumbersome, requiring too many technical skills for users. Most consumers don't want to take on commitments without physically signing a document in person. A range of techniques for authentication have been developed and tested. But none of them has been efficient and effective enough. Thus, nowadays its Digital Signature that is trying to provide answers to all.

Digital signatures are a form of electronic signature. The term electronic signature is used to describe the full range of electronic means to confirm the sender of the message. They range from a file including a graphical image of the sender's handwritten signature (simple but unreliable) to biometric techniques, such as iris scans (complex but reliable).

Digital signatures are based on public key technology, a special form of encryption invented in the 1970s, which uses two different keys (because two different keys are used, this form of encryption is also known as asymmetric cryptography). One key is kept secret (the private key), whereas the other key is made publicly available (the public key). The two keys are generated simultaneously and collectively are known as a "key pair." Once a message has been encrypted using one of the two keys, it can only be decrypted by the other key.

Digital signatures in daily life

Life is getting more digitalised by the day. Sometimes technology can complicate matters; at other times it can relieve you of many avoidable tasks. Digital signature is one such technological application that simplifies life greatly. Yet many of us aren't aware as to how useful it can get. So let us look at some day-to-day uses of digital signatures.

For Individuals:

Bill payment: Your private key will confirm that the payment has indeed come from you and that the details like card number, expiry date etc. are true. In a physical transaction, you need to sign on the transaction slip, but how do you sign online? Going forward, you will be able to identify yourself digitally while paying your bills.

eCommerce: This includes online shopping for tangible products as well as services like travel packages, online courses, consultancy services, podcasts etc.

Insurance: You can apply for an insurance policy and give details online as well as correspond online for policy servicing. Not only this, you can also put in a claim online. Say you are recovering from an ailment and cannot visit the insurance company's branch or courier relevant documents. But if you have a computer with an internet connection and a scanner, you can speed up your case by submitting a claim online or email a scanned copy of the claim form and other documents.

ECS mandates: Utility payments are often made by giving your bank and service providers standing instructions on debiting your account every time a payment is due. Now if these transactions are going to happen electronically, you can issue instructions online too. And you can sign your mandate digitally, to reassure your bank and service providers that it is indeed you who has issued the instructions.

E-file your return: You can file your income tax return online in 2 ways. Either you can file a soft copy and follow it up with a personal visit to the tax office to submit a copy of the ITR-V and get the acknowledged copy back. Or you can simply attach your digital signature to your electronic return form and get an acknowledgement via email, without getting up from your seat! Who wouldn't choose the latter?

Using digital signatures will place the common man in a powerful position. As you play your part in ensuring safety, confidentiality and speed by using digital signatures, you can expect your service providers and product sellers to guarantee at least the same level of efficiency, if not higher.

Who regulates digital signature use in India?

The Information Technology Act, 2000 was enacted to give a legal backing and a regulatory framework for the promotion of e-Governance and e-Commerce in India.

 Digital Signatures and Certificates are central to ensuring security and confidentiality of e-Governance and e-Commerce transactions. They cannot be sold in the way that you sell goods on online stores. You need a proper organizational setup to issue the certificates. The IT Act provides for the setting up of Certifying Authorities (CAs) who issue digital signatures in India. And to ensure that these CAs function smoothly and in tandem, the Controller of Certifying Authorities (CCA) was set up. In fact, it is the CCA that issues the CA a licence to in turn issue digital certificates.

 The CCA maintains the National Repository of Digital Certificates (NRDC) ^$ that contains all digital certificates issued by all certifying authorities in India to date. This is a mandatory requirement under the IT Act, 2000. In fact, even the licences issued to the CAs are digitally signed by the CCA. This is done in an environment that conforms to the same strict guidelines that are applicable to CAs. The certifying authorities in India can cross-certify each other as well as other CAs across the globe. This helps them recognise each other’s certificates and enables governments; businesses as well as individuals operate in the global internet space in a seamless way.

 ^$ Source: CCA brochure