The new provision that compels BFIs or other firms to compulsorily use digital signature from authorized CA came into effect after the government issued digital signature in Nepal in February 2012. [break]
Under the law, any foreign or local firms were welcomed to function as CA -- an authorized agency that can issue license of digital signature to any company or individual willing to use it.
However, as no company applied for CA, OCC itself has been functioning as a CA at present, and BFIs and other online transaction service providers should have approached it for getting the authorized digital signature.
“Sadly, almost all the BFIs providing internet banking service are using digital signature issued by the unauthorized licensors,” said an official at the OCC, which is country´s regulatory agency entrusted to ensure that use of online transactions remained secure.
Controller at OCC Rajan Raj Pant said its monitoring found a large number of illegal licensors had issued the digital signature to the online service providers in Nepal. “The monitoring also shows all BFIs providing such services were using digital signature issued by such licensor. This is illegal,” Pant told Republica.
Following such revelation, Ministry of Science and Technology (MoCS) under which OCC is placed, is planning to take actions against licensors who it says are issuing unauthorized digital signature in the first phase. “After that we will initiate action against BFIs,” said Pant.
If the MoCS really took actions as Pant says, it can slap a fine of Rs 100,000 or two-year imprisonment or both to the unauthorized digital signature issuer as well as individual or company using the service.
At present, companies based in India and America are issuing digital signatures to local online transaction service providers, which is against the Electronic Transaction Act 2008.
On the other hand, any firm can register itself as CA by paying registration charge of mere Rs 25,000. The registered CA then needs to pay service charges to the OCC, but that depends on the number of digital signature licenses it issues.
A few companies did make enquiries for working as a CA, but none have applied so far, said OCC officials.
Illegal use of digital signature, meanwhile, is not just causing a loss of revenue to the government, but also raises serious questions over security of the financial transactions.
Given the risks, OCC initiated talks with Nepal Rastra Bank (NRB) to instruct BFIs to correct their mistakes. However, it later forwarded the cases to MoCS for action after NRB did not respond to its calls.
NRB Spokesperson Bhaksar Mani Gynwali, however, said the central bank never received such letters or calls from the OCC. “Otherwise, we would have definitely responded,” he said.
The government had introduced digital signature with an aim to secure online transaction and other activities like e-bidding, e-procurement. Digital signature is an electronic signature which helps to maintain privacy and security of messages of transaction.
Related story
PBL, NCCPL sign agreement for digital signature
