Though advance technology brings about many advantages to financial institutions and its customers, it also brings in great risks of information security and electronic fraud. Therefore as the use of electronic payments (e-payments) increases, the need for advanced IT security infrastructure becomes critical in order to prevent the risks associated with information security and unauthorized access.
Authentication is a critical issue for users of electronic commerce. Banks must have confidence in the authenticity and the integrity of an electronic transaction received from another bank. This can be achieved through the use of Digital Signatures. Digital Signatures are aimed at achieving a higher level of trust where physical signatures are not possible. Digital signing helps the recipient of the electronic transaction to know with certainty that it was originated by the party who claims who they are and that no changes have been made after the transaction has been signed.
Responding proactively to this rising need, the Central Bank of Sri Lanka requested LankaPay to be the financial sector Certification Service Provider (CSP). Accordingly, LankaPay launched Sri Lanka's first Certification Authority under the brand name LankaSign in accordance with the Electronic Transaction Act, No.19 of 2006 on May-22-2009.
LankaSign in its first phase provided digital certificates to Banks to be used in financial transaction clearing systems, such as SLIPS and CITS. In 2011 LankaSign launched its second phase by providing digital certificates for all financial sector enterprise applications, SSL Certificates and End Users (E-mail/Document signing) Certificates on both private and public networks. LankaSign provided a much affordable option to the country’s financial sector and has helped in automating documentation work which was previously done manually.
In catering to the growing needs, LankaSign recently introduced the facility of issuing digital certificates in real-time for mobile based payment applications for digitally signing and authenticating electronic documents. Aligning with the Electronic Transaction Act, No.19 of 2006, LankaSign follows a stringent process for validating the certificate users and their respective organizations before issuing a digital certificate. Due to its high security standards, LankaSign was able to obtain certification on ISO 27001:2013 for its Information Security Management System in the year 2015.
LankaSign certificates are currently compatible with operating systems Windows 7 or higher and also with Mac OS versions up to Catalina. iPadOS, IOS, Android and other mobile operating systems are not supported natively at the moment, but will be supported via a third party solution in the near future. LankaSign digital certificates require manual installation and trust enforcements, which will be rectified once the alignment with National CA is completed this year.