Practice what you preach, Dr Backhouse tells CAs

Certification Authorities (CAs) need to improve their working practices if they are to engender trust in electronic commerce, according to CSRC Director Dr James Backhouse.

Certification Authorities (CAs) need to improve their working practices if they are to engender trust in electronic commerce, according to CSRC Director Dr James Backhouse. Writing in the current edition of the Journal of Financial Crime Dr Backhouse asserts, “It is vital for CAs to demonstrate that they practice what they preach and that procedures claimed are procedures followed.”
He argues that while trust is held to rest on behavioural predictability, current attempts to buttress the role of Public Key Infrastructures (PKIs) and CAs have focused on mere formulation of rules. “But there is yet the whole terrain of actual behaviour and performance to consider. Merely having a fine display of regulatory instruments is no guarantee of having secure and trusted operations.”

Dr Backhouse further alerts financial institutions to the dangers of running electronic marketplaces. Online brokers, bankers and intermediaries have taken to accepting instructions from clients using traditional name and password type authentication. However, this mechanism has many flaws.
As such Dr Backhouse warns, “Unless a financial services institution can be absolutely certain about the identity of the online client, it is taking very great risks to accept instruction on their behalf.” Public key cryptography techniques provide an enabling platform for the secure transaction of business.