Barriers to the public key infrastructure (PKI) deployment and usage for authentic document transaction in Sri Lankan banking sector

Abstract

As concerns for information in business, information systems are used for electronic document transactions in both internal and external business processes, which have been growing in recent years. As such, most of the banks have implemented or planning to develop document management systems to improve their business activities. These document management systems could come in forms of paper-based transactions to online systems. However, there are risks to information when using these document management systems. This leads to the main barrier of trust during transactions adopted among mature stakeholders. Therefore, it is a necessity now tom offer a better security mechanism in this changing environment./ Public key infrastructure (PKI) can be considered as an enabler for secure transaction. We can use it as a tool for trust assessment and decision making in our document management systems. Digital signature based on PKI is used for secure electronic document transactions in document management systems in order to streamline the business environment. /However, it is observed that digital certificates have not been diffused to document management systems in the Sri Lankan banking sector for secure transactions./ Electronic Transactions Act, No. 19 of 2006 was brought to promote public confidence in the authenticity, integrity and reliability of data messages, electronic documents, electronic signatures and electronic records in Sri Lanka. Even though it is legally accepted, there is a low adoption for electronic signature for document management systems./ Although we do not have to pay more attention on introducing digital signature for carrying out electronic transactions, globally we can come across significant trends on PKI software for the banking sector. What could be the reason of not being able to deploy PKI enabled document management systems in our banking sector for secure document transaction? This could be due to some barriers on implementing a better security mechanism. The attempt of this research is to identify these barriers to PKI deployment and usage for authentic document transaction and try to understand them precise relationship among these obstacles and cater solutions to overcome barriers for secure document management systems. Hence, the researcher believes that this research will serve as a guide for information security professionals and information system auditors, as well as end users to think of better information systems to carry out secure document transactions.