|
Abstract
The
Internet has become more than a communication medium—it is
now a standard way of doing business. It offers
opportunities for businesses to expand their customer and
partner base. However, the Internet can also increase
competition. With new opportunities and challenges in
sight, businesses want to transact on the Internet. This
has made secure messaging a vital part of the strategic and
tactical roadmap of many institutions.
Overview
The Internet presents many
opportunities. To realize the full potential of the
Internet, businesses will need to transact electronically.
Transforming commercial transactions to an electronic form has
enormous commercial growth and cost savings potential.
However, changing the business process may introduce new risks
and can alter traditional risks. Postal mail ensures
basic controls. In contrast, a communications network imparts
no controls. A document sent over a network will be
meaningless if it is not protected from modification without
detection. Even the slightest potential for variation
from its original form prevents the recipient from relying
upon the information received. Similarly, it is critical
that contents of a document be protected from disclosure. Secure messaging provides controls not built into the network
to mitigate the risks of disclosure and modification while
transacting on the network.
Though secure messaging has many
benefits, it cannot eliminate the basic risks of transacting.
Many of the traditional transactional risks will still exist
and must be dealt with. A technological solution simply
cannot completely alleviate all counterparty, currency,
reputation and other risks.
Supporting Risk Management
Risk
management requires more than protection against modification
and disclosure. Information security controls can
achieve more. Secure messaging when properly implemented
supplements risk managing transactions over the Internet.
Information security processes can answer:
§
Who is on the
other side of the transaction (identification)?
§
Are they
authorized to perform the transaction (authority)?
§
Have they agreed
to perform the transaction (authorization)?
§
Can we show what
they have agreed to do (accountability)?
Each
individual or business has a responsibility in the transaction
and should be held liable for their actions. If each
party to a transaction is not held responsible for the
performance of their obligations, it is not possible to risk
manage. It is insufficient to only present a signature as
demonstration of authorization. Rather the process must
be whole. The signature must be tied to an individual through
identification and the individual must have authority to
authorize the transaction. After authorization it is
necessary to ensure everyone can be linked to their actions
through accountability. It is not sufficient to have
accountability of the authorization; everything must be
audited.
Secure
messaging is part of a larger risk based processing engine.
The risk-based engine must still manage the traditional risks
and determine what actions should be performed next by the
recipient. It supports mitigation of all the business
concerns (e.g., credit worthiness, liability, etc.) to
determine the next course of action.
Transforming paper-based to electronic based can reduce risk
since secure messaging achieves identification, authority,
authorization and accountability with superior results.
For instance a digital signature has attributes that a hand
written signature does not. Unlike a handwritten
signature, with a digital signature any modification to a
document will be detected.
Risk-based Transaction
Processing
To
understand how secure messaging can support risk managing of a
transaction, let us analyze what has been done in the past and
relate it to electronic transactions.
One of the
most common types of commercial transactions today is two
party transactions. As with all risk bearing
transactions it must be possible to determine the source
(sender) and integrity of a document. For a paper-based
checking account, a client provides a signature card, also
called an authorization letter, to the bank. When the
check is being processes, the bank validates the signature on
a check against a signature on the signature card. Though unsophisticated, the signature card approach can be
used by a consumer to buy lunch or by a company to purchase a
jumbo jet.
Can the
signature card example be translated to a method which works
over the Internet? “Yes”. Rivest, Shamir and
Adelman in their invention of the RSA encryption and digital
signature discuss electronic mail systems replacing the
existing paper mail systems for business transactions.
The digital signature presents a technical means to mimic a
hand written signature. Though not exactly like a hand
written signature, a digital signature has the same legal
basis when used within the appropriate context. Each
signer holds a signing public key. Think of it as a
signature card. The signer can digitally sign an
electronic message using the private key associated with the
signing public key and the message. To verify the source and
integrity of a message, the digital signature is validated
with the public key and the message. When performed with
the proper controls, it can be shown that a digital signature
for a message could have only been created by the signer
having access to the private key. Hence, even holding the
signature card, e.g., the public key, does not permit the
bearer the ability to forge signatures.
Though two
party transactions are common there is a need for multi-party
transactions as well. Most multi-party transactions are
inherently built by combining transactions within bi-lateral
(two party) relationships. Clients, whether buyer or
seller, have a relationship with their individual bank.
A client does not require a relationship with the banks of
buyers and sellers of its products and services. Rather
a financial transaction between two clients using two
different banks is carried out using multiple bi-lateral
transactions. The transactional risk is well specified
within each individual bi-lateral transaction.
Public key
infrastructures were specifically designed to facilitate
multi-lateral transactions. Third party certification
authorities can enable two parties who have never met to
communicate confidentially without someone else listening in
such as with SSL. However, a traditional public key
infrastructure changes the nature of relationships, modifies
all of the processes and shifts the risks due to the
introduction of a new middle entity called a certification
authority. In public key infrastructure the third party
certification authority does not accept risk on a
transactional basis because it is not participant in the
transaction. It therefore has a limited role in risk
management. In contrast, the signature card approach is
local risk-based decision making of identification, authority,
authorization and accountability on a bi-lateral basis.
In
contradiction with popular e-commerce myths, a certification
authority is not necessary to perform a public key
transaction. There was no notion of a certification
authority when public key technologies were developed.
Risk-based Ancillary Controls
How about
encryption? Encryption, unlike signatures, facilitates
privacy protection. Encryption, though an essential part
of a transaction, has a different role in a transaction.
A simple relationship can be thought of. Encryption is
to the envelope as a digital signature is to a hand written
signature. Upon receipt, if the envelope or encryption
is thrown away the responsibilities of the parties is still
maintained.
Encryption
is essential in risk management though it is generally not
part of the decision making process to determine what to do
next upon receipt of a document. However, open
disclosure of documents does introduce reputation, legal and
market risks. Private information oftentimes cannot be
exposed due to legal or regulatory requirements.
Similarly, competitive information or information governed by
a non-disclosure agreement must be protected.
Fortunately, secure messaging provides for encryption.
Technology
may support many other benefits in risk management.
Flexibility and on the fly design of a document is useful.
With electronic forms, it is no longer necessary to provide
each customer and partner with the same generic document.
Electronic forms can be customized to meet specific
requirements of the transaction. Risk can now be
controlled at a more granular level.
Transacting
electronically is more effective in ensuring that the
documents are delivered to the right place than a paper-based
system. It can eliminate human error during the delivery
process. No longer will a document be sent to the wrong
place. This provides for a more effective and stable
transacting environment. Stability reduces risk.
Concluding Remarks
A technical
solution for transforming paper-based documents to an
electronic form must be viewed from a risk management
perspective. Secure messaging will play an important
risk control function in risk management. In defining
risk controls several issues must be addressed. Will the
secure message technology deployed support risk management on
a transactional level? What risk controls are supported?
Will it satisfy the requirements of identification, authority,
authorization and accountability? Will it provide any
ancillary control support? Who are the players and what
role do they play? Can the technology determine who is
liable if something goes wrong? How has the risk
structure changed with secure messaging? Will the
technology provide risk-based ancillary support? These
are some of the many questions a technology risk manager must
ask. |
