Digital Signature Certificates (DSC) is considered to be one of the strongest tools to Cyber Security.

DSC uses a very complex algorithm to generate a pair of asymmetric keys – Public and Private Key, wherein the private key is held securely by the user and public key is available publicly. When a user appends DSC to an electronic document or electronic transaction, the private key hashes the content of the document or transaction and uses the private information of the user in the private key to sign the document or transaction and this document or transaction is encrypted at the signor’s end. This signed document or transaction is verified with the corresponding public key and decrypted by the authorized person.

• DSCs is issued to an individual through an identity verification process as stipulated by Information Technology Act in India and hence acts as an authenticating tool. For example in the case of electronic banking and statutory efilings.
• DSCs are given a legal sanctity in India under the Information Technology Act and hence it serves as an evidence under the law and the signor cannot repudiate his / her act at a later stage.
• The digitally signed document or transaction is encrypted at the signor’s end and gives the protection against hacking or man-in-the-middle attacks. The signature will become invalid if there is any change to the content and thereby ensures integrity and confidentiality of the content.

DSCs are issued by licensed Certifying Authorities under the Ministry of Information Technology, Government of India as per the Information Technology Act.

Protection on Cyber Fraud

Cyber Fraud – Why worry?

Because, Cyber Crime usually has an impact on three things close to us – Identity, Privacy and Finances. A unique feature of cybercrime is that the consequences aren’t ‘visible’ instantaneously as with other forms of crimes like murder, burglary, kidnapping, etc. Also, the time interval between the occurrence of the crime and the victim’s realization can sometimes be so long as to eliminate all possibilities of collecting appropriate evidence.

Identity loss can be extremely damaging to one’s finances and reputation. Fraudsters wait for those moments when there is a compromise in basic security precautions while negotiating electronic identity and steal the identity. The victims could be individuals as well as institutions that handle internet money transactions.

Types of Cyber Fraud

Internet Fraud

A very common form of Internet fraud is the distribution of rogue security software. Internet services can be used to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to others connected with the scheme.

Phishing Identity Theft

Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. Identity theft occurs when someone uses your personally identifying information, like your name, user id or credit card number, without your permission, to commit fraud or other crimes.

Phishing

Phishing refers to the process of imitating legitimate companies in emails or creating fake Web sites designed to look like a legitimate Web site in order to entice users to share their passwords, credit card numbers, and other personal information. The perpetrator then uses the information to steal the target's identity or to sell that identity to others. Users need to be educated not to give away personal information in response to an unsolicited email.

Man-in-the-Middle Attack

The phrase "Man-in-the-Middle Attack" is used to describe a computer attack during which the cybercriminal funnels communication between a consumer and a legitimate organization through a fake Web site. In these attacks, neither the consumer nor the organization is aware that the communication is being illegally monitored. The criminal is, in effect, in the middle of a transaction between the consumer and his or her bank, credit-card Company, or retailer.

The man-in-the-middle server electronically “eavesdrops” on every keystroke, giving the criminal username, password, and account information. They employ Spyware and other Malware that when loaded on the consumer’s computer redirects the Web browser to the fake site. The most technically competent manipulate the real Web site so that visitors are directed to the fake site.