Mohd Fairus Muhamad, head of Digital Transformation and Adoption at the Malaysian Communications and Multimedia Commission (MCMC), explained that employing digital signatures, especially for critical financial and legal documents, enhances online transaction security by guaranteeing document validity and integrity.
He emphasised that once a digital signature is affixed to a document, the digital certificate becomes an integral part of the document and remains unalterable. Any modification, even a single character change, triggers detection, as reported by Bernama.
Mohd Fairus went on to detail the digital certificate process, which relies on asymmetric cryptographic algorithms. It involves the issuance of public and private keys by licensed certification authorities (CAs). The public key verifies the signer’s identity, while the private key generates a digital certificate authenticating the signature.
He stressed the significance of a trusted and secure digital signature ecosystem in upholding online transaction security and preventing potential scams.
This ecosystem encompasses the regulatory role of MCMC, which not only oversees but also grants licenses to Licensed Certification Authorities (CAs) and ensures adherence to the Digital Signature Act 1997 and Digital Signature Regulations 1998.
CAs are responsible for issuing digital certificates, managing recognised repositories, and maintaining a secure and reliable Public Key Infrastructure. A certified accountant is also accountable for conducting performance audits of CAs and submitting audit reports to MCMC.
Furthermore, Mohd Fairus highlighted the obligation of customers or digital certificate owners to securely safeguard their private keys, as mandated by Section 43 of the Digital Signature Act 1997.
Users must take measures to protect their digital signatures from compromise, including following best practices such as safeguarding private keys, using strong passwords or password protection, regularly updating digital signature software, and ensuring the security of devices used for signing documents.