Trust in electronic transactions

The internet enables convenient information sharing, communication, and transactions. We can easily read news from various sources, catch up with people we know, buy goods and services, and manage affairs with entities such as our bank and authorities.

However, with this convenience come challenges. Various scams and phishing are a growing problem, eroding trust in services and messages, even from trusted sources.

How do I identify the other party online?

In the physical world, it’s clear who provides the information we read, with whom we are communicating, or with whom we are conducting business. If you decide to share your personal information with someone, or, for example, give out your credit card number, you know to whom you are providing this information. Knowing the other party makes it easier to trust that they will not misuse the information.

Online, we have fewer means to ensure trust. A message might appear to come from a familiar address, but the sender’s address could be falsified. Faking sender information in an email is easy, making it a poor method for verifying the actual sender.

We also need to exercise caution with website addresses to avoid deception. For example, yle.fi.example or уle.fi are not the actual web addresses of Yle. In the first example, the domain extends beyond the .fi suffix. In the second example, the address’s first letter is not the Latin alphabet’s y but a Cyrillic u.

Solutions

  • Efforts to address this issue have included the use of browser certificates and the issuance of so-called ”extended validation certificates,” which would display slightly differently in the service’s web browser. This practice has been discontinued.
  • The Trust over IP Foundation (ToIP) is developing new solutions to enhance trust on the Internet. Findynet is a member of the Trust over IP Foundation and contributes to its development efforts.
  • The DIDComm protocol, supported by numerous wallet applications, facilitates persistent, secure, two-way connections between entities.

How can you prove that the information you have provided is correct?

Many transactions require us to provide information and proof about ourselves from one entity to another. These credentials can be in the form of plastic cards, paper documents, or even PDF files, which can be cumbersome to manage. In addition, the recipient of this information often lacks effective means to ensure that it is accurate, unaltered, and up-to-date. In transactions, we need to provide information and evidence about ourselves from one entity to another. This evidence could be paper printouts sent by mail or presented at a service desk. It might also include PDF files that are printed on paper, sent via email, various ”secure mail” solutions, or uploaded to browser-based services.

For the receiving party, using the information contained in such evidence presents challenges. Automating the capture of information from paper or PDF files is cumbersome and unreliable. Furthermore, the receiving party has no way to verify that the information has not been tampered with.

Solutions

 

  • Electronically signed documents or the electronic stamping of a document partially solve the issue related to trust, but they do not facilitate usability or automated data processing.
  • Digital proofs and wallet applications enable the transmission of data in such a way that it can be automatically processed, and their origin and integrity can be verified.

Read more