Use of Digital Signatures in Electronic Financial Transactions – Commentary

0

Electronic financial transactions and digital signatures
Barriers and Risks Associated with Digital Signatures in Electronic Financial Transactions
How to increase the relevance of electronic signatures for banking transactions
Comment

The increase in remote commerce over the past two years as a result of the covid-19 pandemic has gone hand in hand with an increase in the use of cashless payments and online banking transactions. As a toolkit supporting online transactions, including electronic financial transactions, digital signatures have been an essential part of Vietnam’s banking sector digitization strategy. Even though the legality of digital signatures has been recognized by Vietnamese law, there are still some risks and barriers that hinder their use.

Electronic financial transactions and digital signatures

“Electronic financial transactions” are financial transactions that are implemented by electronic means. Alongside the authorization of electronic know-your-customer (e-KYC) – introduced by the anti-money laundering law –, in practice, electronic financial transactions will be automatically carried out through pre-established information systems. Customers can thus benefit from automatic services, from the completion of e-KYC and the signing of the contract to the execution and settlement of transactions. To sign an automatic e-financial transaction, the customer must have an authenticated electronic signature.

Currently in Vietnam, digital signatures are the only form of electronic signature that is as authenticated and sufficiently valid as an individual’s wet ink signature, a representative’s signature, or an organization’s seal. Therefore, they have been widely used by organizations and individuals, but especially businesses, to sign contracts, pay bills, and file taxes. In banking, commercial banks have accepted their customers’ use of digital signatures to open accounts or make payments through online banking. The adoption of digital signatures in the banking process has offered not only customers but also banks a dramatic reduction in cost, paper and time used for transaction completion, and has also led to increased customer satisfaction.

Barriers and risks associated with digital signatures in e-financial transactions

Despite the benefits of digital signatures, their use raises some concerns.

The first problem is the risk of invalidation. Under Decree 130/2018/ND-CP, in order to obtain a secure digital signature for use in electronic financial contracts, customers must submit to the public certification authorities an application file for the issuance of a digital certificate. This consists of an application form and annexes, including a copy of an identity card or passport for natural persons and, for organizations, a copy of the decision of establishment or certificate of establishment. registration in the commercial register or the investment certificate, as well as an identity card, a citizen’s identity card or the passport of the legal representative. All these documents must be submitted, along with their originals, for certification purposes.

If the Client signs the Application online and submits it online or signs the Application with a wet ink signature and submits it by mail, their signature and identification will not be verified and certified, and therefore their signature may be invalid. To use digital signatures, customers must provide physical documents. Consequently, the application file submitted online may also be invalid, which may lead to the invalidation of customer signatures, as well as the invalidation of the transactions concerned.

Therefore, to ensure the validity of digital signatures, customers should come to the office of public certificate authorities with both copies and originals of the document in hand and sign their application in wet ink. Thus, while digital signatures can be used entirely online, their creation must be offline to ensure their validity. This fact makes automatic electronic financial transactions incapable of being fully automated, contrary to the expectations of financial institutions. In other words, to be able to enable automatic electronic financial transactions, customers still need to physically perform part of the transactions with a digital signature certification service provider – and to perform automatic electronic financial transactions with financial institutions, the customers must have already obtained their digital signature.

Currently, financial institutions, especially banks, use one-time passwords (OTPs) or multi-factor authentication for electronic financial transactions, which has the same effect as a certified electronic signature. However, the validity of these forms of electronic signature is not guaranteed.

Finally, Vietnamese laws remained silent on the notarization of electronic contracts with digital signature in electronic financial transactions, especially for electronic banking transactions. According to Decree 35/2007/ND-CP, electronic banking transactions will apply to all transactions in the banking sector, but not to the issuance of drafts and other valuable papers. By law, certain contracts between a bank and its customers must be notarized, such as real estate mortgage contracts to secure loans. However, there are no regulations on the notarization of electronic contracts that have been defined in the relevant legal documents. In practice, the use of digital signatures must respect the use of electronic contracts. The lack of regulation on the notarization of an electronic contract will therefore prevent banks and their customers from using digital signatures in transactions that must be notarized by law.

How to increase the relevance of electronic signatures for banking transactions

In addition to the above legal issues, the cost of digital signature solutions on the market today is relatively high for individuals and a high price to pay for small businesses. Digital signatures are typically used for simple transactions that are of negligible value; they are rarely used for large transactions, such as large loans or payments. Digital signatures are one of the most effective tools for the digital transformation of the banking sector in particular and the whole economy in general. Therefore, in order to promote digital banking, the legal framework for digital signatures, as well as electronic contracts, needs to be completed and refined.

First, regulations allowing e-KYC for issuing digital signatures and guidance on technical measures to ensure authentication should be enacted. To meet the digitization criteria, digital signatures must be created and used entirely online and their validity must always be guaranteed. To do this, digital signatures must be issued based on e-KYC (KYC for bank account opening has been activated). Therefore, it is recommended to modify article 23 of Decree 130/2018/ND-CP so that the application file for a certified digital signature can be submitted entirely online, and, at the same time, the obligation to submit original documents for comparison should be removed. To be consistent with Article 23, Article 25 should also complement the provision specifying that digital signature certification service providers may use appropriate technical measures, methods and sources of information (i.e. i.e. electronic identification systems and electronic authentication services provided by the Ministry of Public Security). under Decision No. 34/2021/QD-TTg, which can support and enhance the effectiveness of e-KYC) to verify the information contained in the certified digital signature application file. In addition, Article 25 should also impose on digital signature certification service providers the obligation to assume their own responsibility when using technical measures, methods and sources of information during e-procedures. KYC to ensure the validity of certified digital signatures and the transactions thus constituted.

In addition, the regulation on the notarization of contracts in the Notarization Law should be amended and supplemented to include electronic contracts. In particular, in order to expand the use of digital signatures and electronic contracts in banking transactions that must be notarized, such as immovable mortgages, the notarization law should include regulations on the procedures for notarizing electronic contracts.

These recommendations should address gaps in laws that limit or prevent the widespread use of digital signatures in banking and promote the digitalization of banking.

Comment

Having to sign bank transactions in wet ink is a barrier to popularizing the use of digital signatures. In practice, instead of using digital signatures, many banks have used OTPs in combination with multiple elements (e.g. username and password) and biometric factors (i.e. , fingerprint and face) for banking transactions. However, to a certain extent, the use of digital signatures does not comply with the provisions of the law on the legality of banking transactions. Therefore, increasing the relevance and strengthening the benefits of digital signatures for banking purposes is an important task in the strategy of digitalization of the banking sector in Vietnam.

For more information on this subject, please contact Thanh Minh Vu to LNT & Partners by phone (+84 28 3821 2357) or email ([email protected]). The LNT & Partners website can be accessed at the address www.lntpartners.com.

Share.

About Author

Comments are closed.