Kihara Kimachia, ICT News
Would you enter into a serious business deal with someone who had no identification documents? When I state 'serious', I'm referring to considerable financial outlay such as purchasing property or a car. Would you transact that kind of business with someone who could not prove they were who they say they are? Well, from an e-commerce point of view, this is the kind of situation that exists between most of Africa and the rest of the world.
Electronic transactions in Africa carry high legal risks and do not meet international compliance requirements. It is difficult to establish online identity. There are horror stories of traders outside the continent being conned by online fraudsters who take advantage of the lax online environment in Africa. Banks in Africa have also been fleeced of millions of dollars.
What is Public Key Infrastructure?
Public key infrastructure (PKI) can improve the situation. A technical definition of public key infrastructure can be found on Wikipedia, and is described as a "a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed." The following analogy will help you better understand PKI.
Let's say you travel to a foreign country. Upon arriving at the destination airport, it is usual to go through customs unless you have diplomatic privileges. The immigration officer has to verify your identity. You can verbally tell them who you are but since there is no way to establish if you are trustworthy, immigration has to rely on a trusted third party – the passport issuing authority of your country. The passport office in your country verifies your identity before issuing a passport to you. You then use the passport to confirm your identity to immigration officials anywhere in the world.
PKI works in a similar way. The trusted third party is known as a registration authority. A registration authority verifies identity and instructs another entity known as a Certification Authority to issue a digital certificate which contains a public key. The certificate and public key are used to verify identity and ensure secure online transactions.
Public key infrastructure is the only way to satisfy the privacy, authentication, integrity and non-repudiation (PAIN) principles of security. With its implementation across Africa, the rest of the world will feel more confident when transacting with African individuals and companies. Transaction data will be safe and in the event someone tries to bypass security, it will be possible to prove that they did it. This will act as a deterrent against fraud.
Cameroon was the first African country to implement PKI technology and several other countries have taken similar steps or, are in the process of setting up. The boosted confidence levels in online security are expected to translate into greater online transactions between Africa and the rest of the world in the near future.