Professional Documents
Culture Documents
Contents
Contents 1
Message from VIDA Chief Executive Officer 2
Executive Summary 3
Chapter 1. Introduction to Digital Trust 5
What is digital trust? Why is it important? 6
Industries perspective about Digital Trust 7
Technology Supporting Digital Trust 11
The role of CA 11
International Benchmark on Creating an Environment of Trust 13
Business Model Supporting Digital Trust in Other Countries 14
International Industry Standard 15
Chapter 2. Digital Trust Principles 16
Speed 17
Scalable 18
Secure 20
Chapter 3. Digital Trust In Indonesia 22
Digital Trust in Indonesia and case study 23
Case study 29
Sources 32
2
Trust is what encourages people to engage online. Without it, it’s hard to imagine any digital
innovation taking off. In a way, trust is what fundamentally drives our digital economy.
In building digital trust, we need new solutions and technologies to answer challenges
surrounding digital identity, privacy, and cyber security. VIDA, as a Certificate Authority,
strives to provide this trusted environment. Our goal is to empower individuals to seamlessly
control their most valuable information – their data and identity – while protecting this private
information with the highest standards of security. And we do this by working with companies
and helping them embed digital trusts technology and solutions into their processes.
When the pandemic hits and large-scale mobility restriction was imposed in early 2020,
the world almost unanimously turns to the internet to help support daily life. The transition
to digital happened to people across countries, age group, gender and income level. While
the pandemic has triggered an unprecedented level of digital inclusion, there remains a gap
between early adopters and the long tail, especially on the quality and level of engagement
with various digital services. Despite the fact that these services harbor the potential to
meaningfully impact the lives of underserved communities. Whether that’s allowing people
quick and easy access for COVID-19 related relief or bringing previously unbanked segments
into the financial mainstream through digital financial services.
A big part of this gap comes down to a need for building deeper trust. But how can we ensure
that the digital trust ecosystem is set up in a way that not only ensures security but is also
inclusive and scalable?
Through the “Digital Trust Report”, a collaboration between VIDA and DSInnovate, we hope
to provide a comprehensive report on those issues. The report will explore issues around
the general concept of digital trust, solutions and technology supporting it, as well as the
important design principles that should characterize those solutions.
With a focus on Indonesia, one of the largest and fastest growing internet economies in the
world, we hope the report can help illustrate the urgency and best practices of fostering digital
trust for our online world.
Happy reading!
3
Executive Summary
Digital trust is becoming an essential requirement for businesses adopting digital technology.
Increased customer awareness about data privacy and security has encouraged businesses
to invest in safe and secure products and services.
Indonesia’s digital economy is expected to reach $146 billion by 2025, doubling from $70 billion
in 2021. Integrating digital trust helps companies build customer confidence when using digital
platforms for their daily activities. In 2019, the Tech For Good Institute estimated Southeast
Asians lost $260 million to digital fraud, with identity fraud taking the most significant share
(71%) of all fraudulent online activities.
As Indonesian customers become more digitally savvy, providing secure digital services
becomes crucial.
Certification Authorities (CAs) play an essential role in digital trust by providing businesses
with solutions that comply with the highest security standards. Digital trust solutions can
help minimize the risks of fraud, misuse of data or information, or other illegal activities that
negatively impact businesses and customers.
Speed, security, and scalability are the most critical principles when providing digital trust
solutions. CAs must abide by these principles when providing products and services. The
solution provided must ensure that businesses operate with speed, convenience, and
security at scale.
4
Chapter 1.
Introduction to
Digital Trust
5
The expanding reach of digital technology has made the issue of digital trust increasingly
urgent and relevant. From e-commerce, banking, healthcare services, to social media, ensuring
that all internet users feel secure interacting online is a paramount priority for platforms or
service providers in the digital world.
The COVID-19 pandemic has accelerated the trend of digital transformation around the world. In
Indonesia, the government has established a policy of Large-Scale Social Restrictions (PSBB).
It limited physical activities for businesses and other organizations. Schools transitioned from
offline to online learning, organizations enforced remote work, and automation is accelerated
in a wide array of industries.
One one hand, growth in digital services has highlighted the huge potential for technology to
add value to society. On the other, this development unveiled the central role that trust plays
in encouraging digital adoption. For example, users will hesitate to use banking or financial
applications when there is no data security guarantee from banks. E-commerce users will
also avoid making digital transactions when they feel the payment process is unsecure.
How can digital trust be fostered? On a daily basis, internet users submit and exchange
personal data in return for access to digital services or platforms. This may include email
address, phone numbers, national identity number, home address, photos of ourselves and
others data points that could identify us as individuals. Collectively, this information makes up
an individual’s digital identity. Digital trust can be established by protecting the user’s digital
identity. Beyond ensuring the safety and reliability of online systems, safeguarding security
and privacy also includes preventing unauthorized and unwarranted access and use of users’
data. It is important that users are informed and in control over how their data are used and to
what end. Thus, service providers need to consider how users are able to exert control when
building their digital ecosystems.
Figure 01. Comparison of Digital Trust Across Countries (Harvard Business Review, 2018)
Bhaskar Chakravorti et al measured four key dimensions of digital trust: Behavior, Attitudes,
Environment, and Experience from 42 countries. Result shows that Indonesia ranks
considerably well for attitudes, behavior, and environment sections. While Sweden ranks
the highest for high attitudes (score 3.34), China ranks the highest for behavior (score 3.26),
Estonia ranks the highest for environment (score 3.66), and Switzerland scores 3.79, which
makes it highest in experience score among other countries.
“Digital trust plays a crucial role for every business who has a core
business in the digital sector. Company’s ability to build a safe and
reliable digital environment for users will certainly be a catalyst in
maintaining the company’s reputation in front of users. Implementing
digital trust in every business process can help the company to
identify and prevent any potential legal risks that may occur due to
non-compliance with digital security standards set out in a number of
applicable laws and regulations”
~ Ruben Sumigar,
Data Privacy Officer
Lead of OVO
8
“Digital trust means people are able to entrust their data to one
organization with ease. For example, when a customer wants to buy
an insurance product, they feel safe giving their personal data (ID
cards, telephone numbers, and addresses) because they have trust
that the company will manage their data responsibly.”
~ Herdi Santoso,
Founder of Asuransiku.id
~ Arvino,
Tech Lead of Broom
~ Zaenani Trianto,
Head of Department Digital
Transformation of Hanwha Life
9
“From our perspective, digital trust is our effort to avoid fraud and
other negative instances resulting from digital journeys. Educating
customers is important to make sure they feel safe when they provide
data and can only be used for the purpose of their transactions. With
the framework and the system we have, we can ensure data security”
~ Maregia Liutanto,
VP Partnership of Koinworks
~ Widjayanto ,
Chief Operation Officer (COO)
of PT Fintek Karya Nusantara
(LinkAja)
“Digital Trust will speed up the Turnaround time (TAT). The end to
end process will be simplified in the long run. The faster TAT will make
the customers happy. As the process owner, sometimes we need to
make the process simple, this will make potential risks identification
faster. When integration is carried out by complying with processes,
standardization, and regulation, the end-to-end process will obtain its
level of confident”.
~ Division Head,
Information Services
and Operations of
PermataBank
10
~ Aditya Budi,
CEO of Premiro
“In the future, more companies will carry out digital transformations
for their business. The current pandemic has changed the way
people transact and interact. So, the role of digital trust in the future
is very important, which data security and privacy are very crucial.
And this will be a challenge for companies that run their business
digitally, because this has a reciprocal effect on the sustainability of
the company’s business.”
~ Angela M. Kurnianingtyas,
Technical Project Manager of
Kopi Kenangan
From our interviews with digital industry stakeholders from various sectors, we can conclude
that the benefits of establishing digital trust are as follows:
1. Creates trust between the customer and the company, so that customers are more
likely use the company’s services
2. Provides assurances that the company has reduced risk of fraud and identity theft
Driver
License Passport
Email
Id Card Adress
Integrate
Electronic Certificate
Once verified, users’ personal data are linked to a CA issued electronic certificate. These
electronic certificates can be likened to our offline identity card. And it can be used in a variety
of ways - from proofing our identity when accessing a certain digital service or to signify
consent to a digital contract/agreement.
Electronic certificates are securely encrypted and can only be accessed by the certificate
owner through a multi-factor authentication (MFA) process. MFA is an authentication method
that only grants someone access if they can successfully present two or more pieces of
evidence indicating that they are who they claim to be. Often, it follows a “What You Have”
and “What You Know” framework. For example, a user can only open their account, if they
have information of its password (What You Know) and possess the smartphone device that
the account is linked to (What You Have). In the case of electronic certificates, it’s common
to employ biometric authentication, so that only if users can present the correct biometric
information will the certificate access be granted. This way, businesses can ensure the safety
and privacy of their users’ data. Without users’ direct consent, expressed through an identity
authentication process, no one can access and use their data.
12
A CA works with business and other organizations to incorporate these processes into their
business model:
1. Identity Proofing
Identity proofing service is widely used in financial services such as banking, insurance and
fintech, especially with the increasing digital transformation in these services. The most
common implementation of identity proofing service is for opening an account. Financial
services need to verify the identity of the new customers to minimize the fraud risk.
For example, in P2P Lending, identity proofing is used to detect the validity of a potential
lender and borrower’s identity. This is to avoid instances of fake IDs, identity thefts or even
multiple borrowing from the same individual.
3. Digital signature
A digital signature is a specific type of electronic signature that requires the signer to
authenticate their identity using a certificate-based digital ID. Digital signatures reduce the
risk of unwarranted duplication or alteration of an electronic document.
Digital signatures can be used for signing documents such as invoices, legal agreements,
and registration forms for digital services. Beyond that, digital signatures can also be used to
allow users to express consent towards various terms of service or similar contracts.
Implementation of digital signatures in business can benefit both consumers and service
providers in these ways:
• Faster transactions and better customer service; business process such as loan approval,
disbursements can be done faster
• Reduce costs; digital document management allows enterprises to cut cost on physical
storage
• User-friendly; a good digital signature is designed to prioritize convenience and ease
of use
A key pillar of cybersecurity that is extensively regulated are data protection and privacy. We
have summarized the different regulatory regimes that govern protection and privacy across
the world.
13
Europe
Data protection as a regulatory concept first appeared in the Council of Europe’s 1981
Convention on data protection. While data protection emerged in Europe, data protection
regimes have since been adopted widely around the world, with nearly 140 countries having
some form of legal regime (Greenleaf 2020), as well as numerous other regional instruments,
including the Asia-Pacific Economic Cooperation Privacy Framework and the African Union
Convention on Cyber Security and Personal Data Protection (2014). In Europe, The General
Data Protection Regulation (GDPR) is the toughest law that is implemented anywhere, as long
as it targets or collects data related to people in Europe. With GDPR, Europe is showing a firm
stand on data privacy and security at a time when more people are entrusting their personal
data with cloud services and breaches are an everyday occurrence.
United States
The United States does not have a singular law that covers the privacy of all types of data.
Instead, it has a mix of laws such as HIPAA, FCRA, GLBA, ECPA, FTC Act, etc. These are
designed to target only specific types of data in special circumstances. Below are some of the
functions of the law.
• Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires
the creation of national standards to protect sensitive patient health information from
being disclosed without the patient’s consent or knowledge.
• The Fair Credit Reporting Act (FCRA) covers information in people’s credit reports. It
limits who is allowed to see a credit report, what the credit bureaus can collect, and how
information is obtained.
China
In China, there are three main laws that cover data privacy and data security regime, named
CSL, DSL, PIPL. The Cybersecurity Law of the People’s Republic of China (CSL) provides
guidelines on cybersecurity requirements for safeguarding Chinese cyberspace. Data Security
Law (DSL), which sets up a framework that classifies data collected and stored in China
based on its potential impact on Chinese national security, regulates its storage, and transfer
depending on the data’s classification level. And The Personal Information Protection Law
(PIPL), that complements the DSL, is designed to protect the privacy and personal information
of Chinese citizens, and will require compliance initiatives on the part of Chinese organizations
and foreign companies operating in China.
14
1. SingPass
A digital identity company from Singapore that provides an app
for individuals to access government data sources, public services
and private platforms. Moreover, it also gives solutions for
enterprises such as face verification, e-KYC, signing documents
digitally, etc. Through this app, Singaporeans can access over 460
government agencies and businesses with 1,700 digital services
using fingertips..
2. Entrust
Entrust, an American company, founded in 1969 provides solutions
related to identities, payments, and data protection for financial,
Government, education, enterprise, healthcare, and retail sectors.
It applied cryptography, PKI, and advanced technology for serving
these solutions. Entrust has served 2500 colleagues in 150
countries, has 24 million financial messages encrypted daily, and
has a revenue amount of $800 million.
3. Atos
Atos is a European company that provides consultancy services,
digital security and decarbonization offerings; an end-to-end
partnership approach. Atos is a SE (Societas Europaea) that is
listed on Euronext Paris. It was also included on the CAC 40 ESG
and Next 20 Paris Stock Indexes. Digital Workplace Security, Hybrid
Cloud Security, IoT and OT Security, and Trusted Digital Identities
are some of the cybersecurity solutions that are provided by Atos.
Therefore, Atos succeeded to get €11 billion revenue and has
served in 71 countries.
It is also very important to see the security standard in other countries since every countries
has different security standard rules and security standard is crucial in businesses to be able
to implement digital trust.
15
Webtrust
The WebTrust for Certification Authorities program was
developed to increase consumer confidence in the Internet as a
vehicle for conducting e-commerce, and to increase consumer
confidence in the application of PKI technology. This WebTrust
audit is performed by public accounting firms and practitioners
who are specifically licensed by the American Institute of
Certified Public Accountants (AICPA) and the Canadian Institute
of Chartered Accountants (CICA).
AATL
Other than Webtrust, the necessary standard for Certificate
Authority is AATL or Adobe Approved Trusted List, which is a
program that allows users to create digital signatures directly
trusted when the signed document is opened in Adobe’s product.
For Certificate Authority included in Adobe’s list of trusted providers,
users can create digital signatures that are recognized by various
Adobe document applications. This addresses the critical issue
of how trustworthy digital signatures are. Vida.id from Indonesia,
Netrust from Singapore, and Sectigo from the US are examples of
companies that owned AATL.
ISO27001
ISO27001 is an international standard on how information security
is managed, which protects data confidentiality, integrity, and
availability. Certification to the ISO27001 Standard is recognized
worldwide to protect data.
16
Chapter 2.
Digital Trust
Principles
17
Digital Trust is becoming increasingly vital for companies to provide to customers as digital
adoption increases. The principles of Speed, Secure and Scalable are very important when it
comes to companies finding the right partner to build trust within their digital environments.
Our interviews with users and industry stakeholders reveal that when designing a trustworthy
digital ecosystem, several factors play into consideration. Businesses want to make sure that
there is no tradeoff between speed and scalability when complying with strict data protection
and privacy standards.
Speed
Digital Trust
Principles
Secure Scale
Speed
Real-time and efficient identification processes are key components of the speed principle.
Competition among businesses is driving companies to pursue fast and convenient processes.
How can digital trust providers ensure those requirements are met?
Real-time identification
Real time identification relies on technology and access to a wide-range of authoritative data
sources that support automatic verification of various types of use’ information.
Other demographic data such as name, date of birth, national ID number, and biometric
information such as facial recognition helps simplify the identity proofing process. By allowing
facial data matching against a formal registry, verification can be done in a matter of seconds.
To increase levels of assurances, a CA can also employ more advanced biometric matching
that includes liveness detection. This allows the identification process to detect whether the
person in front of the camera is real and not a video.
18
World Economic Forum (WEF) data suggests that 63% of potential users do not finish their
digital bank registration because of lengthy and complicated forms. For example, when trying
to onboard a user into a new financial product outside of their original savings account, it
is easier for both the user and the bank to use the same KYC information and grant access
upon successful authentication or submission of additional data. Rather than having to ask
users to input the same set of information.
~ Imam Sedayu,
Chief Commercial Officer
of SiCepat Ekspres
Scalable
Scalability for digital trust providers is the capability to ensure consistent and reliable delivery
of digital identity service despite growing volume. Scalability concerns both infrastructural
readiness as well flexibility in adapting to client’s evolving demand as traffic increases and
user profile varies. Below are the key components comprising digital trust systems’ scalability:
It is crucial that a CA invests in its system capacity as well as capable back-end system
engineers and other trust roles. Moreover, as verification traffic increases, CA must ensure
that its access to authoritative data sources is stable and can accommodate the spike.
19
• Flexible Integration
Digital enterprises value and rely on seamless user-experience in their applications or
websites. To cater to this need, a CA should be able to offer flexible process integration. Ideally
one that allows an efficient user-journey where users can stay in one platform throughout
the entire identification and verification process. For example, when a user registers for an
insurance policy via a mobile application, it would increase the likelihood of user drop-out if
the process requires the user to separately access and sign-up on another application just to
get their identity verified.
A CA should be able to provide integration options ranging from SDK, Web and API integration.
• Interoperability
Interoperability allows a CA’s electronic certificates or digital identity to be compatible
with digital ecosystems of other providers. Which in turn, lets a CA to expand its electronic
certificatee’s use-cases and opportunity for product collaboration.
Take the case of the Indonesian market. In Indonesia, electronic certificates regulation
mandates all digital signatures to be based upon a CA issued electronic certificate. In such
cases, without owning a CA permit, digital signature providers from other countries are not
able to operate in the country. Partnering with a CA which is set-up to be interoperable, allows
these providers to go-to market while tapping into the back-end systems of a government-
licensed CA in Indonesia.
Secure
It is worth noting that when verifying a user’s data with an authoritative database, a CA does
not directly obtain data from the database. It only performs a matching transaction with the
output of a yes or no information or a percentage match.
~ Marlin Sugama,
Chief Digital Officer of
Sequis Life
21
The three basic principles of digital trust - speed, security and scalability - are crucial for a
CA to provide to its clients. All those aspects are interlinked and cannot be viewed separately.
Failure on one aspect can potentially cause major setbacks to an enterprise business plan
and target. For example, their users can lose confidence in the enterprise products and
services and are more likely to switch to competitors.
In a digital driven economy, trust is the key aspect for all stakeholders. A CA provider as the
supporting system for businesses, must ensure those basic principles are met and create a
safe and secure environment for both clients and its users.
22
Chapter 3.
Digital Trust In
Indonesia
23
The fintech sector, such as paylater, payment and P2P lending is also rapidly growing. In
February 2022, P2P lending disbursement reached Rp16.4 trillion, growing 19 percent from
the previous month and 71 percent compared to the same period in 2021. The disbursement
comes from 103 peer-to-peer lending fintech companies officially listed by the Financial
Services Authority (OJK). This covered over 29 million borrowers throughout the country.
Digital payment is also on the rise with e-money transaction value increasing 41.35 percent in
February 2022 (year-on-year).
In the e-commerce sector, the total transaction value in 2021 is estimated at Rp395 trillion,
growing 48.5% from Rp266 trillion in 2020. The sector’s recent boom, alongside other sectors
such as healthtech, insurance and edutech, are largely driven by the pandemic push towards
an online consumer behavior.
At a glance, below are the current and projected condition of Indonesia’s digital economy:
Logistic
(Source: Ken $220.9 billion revenue in 2020 Estimated will be $300.3 billion in 2024
Research)
E-commerce
Rp266 T (2020) to Rp395 T (2021) Estimated transaction value will be
(Source: Goldman
e-commerce transaction value Rp1,358 T in 2025
Sachs)
$5.9 million (2020) to $6.2 million
Equity Crowdfunding Estimated transaction value will be $6.8
(2021) equity crowdfunding
(Source: Statista) million in 2025
transaction value
24
For example, in the financial sector, misappropriation of name, identity, financial data and
record, and access to financial platforms can be a massive mishap for both the customer and
the financial institution itself. Unauthorized transactions, fraud, money laundering and other
activities which go against the law can be at risk of happening due to companies’ lack of
proper data and security governance.
Other than to help manage data and security risks, implementing digital trust solutions allows
businesses to unlock opportunities. The implementation of digital trust solutions varies
between industries. In this report we collect insights from industries on how implementation
of digital trust has allowed them to improve upon and explore novel digital use-cases to make
their service more efficient.
Insurance Logistic
Government P2P
Lending
Digital
Identity
Banking Healthcare
Edtech E-commerce
E-money
25
Banking
Digital trust solutions in the banking industry is a necessity. Since banking applications are
widely used by customers, more financial transactions are now conducted via mobile and
smartphones. From account opening, loan application and approval, to customer’s savings
account management, banks need to accommodate by building a secure and user-friendly
digital process.
For example:
• Real-time account opening using e-KYC simplifies the process from days to no longer
than 5-10 minutes
• Online forms, loan risk assessments and identity verification employing various data
points help analysts score the creditworthiness and digital signature for the approval
process
• Biometric access management ensures that only the rightful account owner can
access their mobile banking app; and
• Digital signatures facilitate and complete fully online transactions/approval processes.
Other than security, user convenience is also becoming a consideration for banks when
adopting a new digital model. Balancing between security and convenience are vital to give
customers a great experience yet ensure security while accessing banking applications.
Insurance
In the insurance sector, onboarding and claim processes are still mostly manual. Potential
clients’ verification process is mixed between digital and manual processes depending on
the category of the insurance. For life and health insurance, digital verification could be
implemented more than general insurance (vehicle and property) where physical verification
is still needed. The regulation also still requires submission of a certain physical document.
Identity verification can be implemented in the insurance industry to help shorten the
onboarding/claim process. Verification such as biometric recognition could help insurance
companies to verify the actual policy holder and minimize risks of claim fraud. While physical
verification is still needed for some insurance products, digital signature also could be
implemented to shorten the administrative process.
The insurance industry is heavily regulated and thus, insurance firms are careful to approach
novel IT solutions. The implementation of digital trust technologies is not without its
challenges. Many due diligence processes, both from firms as well as insurance regulators,
are conducted to ensure that the industry employs appropriate security considerations from
digital innovation.
26
Electronic Money
Implementation of digital trust in e-money providers can start from the merchant or user
onboarding process. To avoid fraud and identity theft, biometric liveness tests or other mode
authentications can be implemented during e-KYC and transaction validation processes. To
validate transactions, two steps verification is implemented through biometric verification.
These solutions help to identify the same person who has registered, so the e-money
account will not be misused by other people.
P2P Lending
Identity proofing in the P2P lending sector is the basic requirement to validate the customer
identity as all of the interaction with their customers happens digitally. Document validation
and biometric verification are widely used by P2P lending companies to avoid identity theft
and fraud.
Moreover, P2P lending companies also use digital signatures for loan agreement contracts.
This helps minimize physical documents collected by the P2P lending team, make the process
faster, and allow clients from all over Indonesia to conveniently submit their signature.
Government
Digital trust solutions could be implemented to help digitize the distribution of government’s
social protection programs (Bansos). Ensuring that beneficiaries’ identity are digitally verified
against a centralized beneficiary database can help the government improve program’s
targeting, process’s efficiency and reduce leakages. Furthermore, by partnering with agents
of banks and/or e-money providers equipped to conduct last-mile biometric verification,
the program can potentially speed up the distribution process and help accelerate cashless
transactions at remote locations in the country.
Healthcare
In general, digital trusts technology can also be used to improve hospital in-patient care
efficiency. Allowing new or returning hospital patients to smoothly register, book doctor’s
consultations and have their medical record be kept and updated digitally. Such processes
help doctors, nurses and other healthcare professionals to benefit from improving hospital
bureaucracy.
Furthermore, in healthcare platforms, digital trust solutions could help the patient onboarding
process onto healthcare e-commerce apps. Where ID verification can be employed to ensure
identity before doctor’s consultation and or while redeeming the prescription. This way, the
risk of drug misuse could be minimized.
During the pandemic, to join the vaccination program held by the government, people could
register through a healthcare platform. Digital trust solutions such as identity verification
could be implemented to verify the person is the real recipient of the vaccines and help smooth
implementation of programs such as travel/vaccine passports.
27
Logistic
Digital signature is being implemented in logistic companies to speed up the decision making
process such as shipment approval or any decision needed immediately. The impact of
implementing digital signatures could help logistic companies in the approval process that
previously took more than 24 hours and can be done faster. For example, the signature process
carried out by users who are in different locations (either branch offices, cities, or countries)
can be done in a short time, without having to wait for hardcopy documents to be sent across
cities or countries.
E-commerce
The rise of paylater concept in e-commerce also becomes a key reason on why digital trust
implementation in e-commerce is very important. Alongside with customer transaction record,
the validity of customer identity itself crucial for e-commerce to provide paylater service to
its customers. E-commerce needs to ensure that the person applying for paylater is a real
person through a biometric liveness test and then with the integrated data with Dukcapil’s
database, e-commerce could expand the credit scoring approach to the customers with API
integration with other parties.
Another benefit of digital trust implementation is to validate the transaction done by customers.
Biometric verification (face or fingerprint) to validate the transaction will give a sense of
security to e-commerce users compared to password or PIN verification. This will reduce
the possibility of data misuse and unauthorized transactions. To accommodate the lower
segment users, 2FA (two-way-authentication) also becomes a consideration for e-commerce
to implement.
~ Andreas Kurniawan,
Chief Digital and
Analytics Officer of
Bank Danamon
~ Albert Nobel,
Head of IT Infrastructure
of Bhinneka
29
Case Study
Case Study
Online Onboarding at Scale: Digitizing Grab’s Partner Onboarding
Project:
Grab collaborates with VIDA to build a fully online process for driver and merchant
onboarding into Grab’s digital platform.
Despite being a technology company, Grab’s widespread reach across the archipelago
combined with the need for document signing process for partners’ registration, requires
Grab to accommodate the offline processes to adapt to field conditions.
However, the ever-increasing demand for minimizing physical interactions during COVID-19
has pushed all to adapt. From the consumer side, the mobility restrictions imposed during
the pandemic have significantly increased the demand for various types of Grab services.
While simultaneously, an increasing trend can also be observed for new partners who wish
to register themselves onto Grab’s platform.
Seamless and quick - i.e does not take more than 5 minute
Solution:
VIDA builds an online identity verification and authentication system for potential and/
or existing partners by performing real-time matching with the Indonesian population
database. To ensure seamless, easy, and efficient use from the partner side, VIDA integrates
directly with the Grab system, so that there is no significant friction, e.g. when (i) Grab’s
prospective partners carry out the registration process - from filling out forms to digitally
signing contracts, and/or (ii) Grab’s existing partners to renew the existing agreement with
Grab, throughout Indonesia.
30
Case Study
Project:
VIDA collaborated with a digital bank to design an online customer account opening
process and electronic signature.*
To ensure optimal service, The Client and VIDA collaborate to present an integrated end-to-
end online onboarding process that can be accessed easily through the client’s application.
Seamless and quick - i.e does not take more than 5 minute
Integrated with existing in-app registration flow
Accommodates for high volume of application
*) The client is kept confidential due to the on-going nature of the project
31
Solution:
To ensure a seamless, easy, and efficient use from the prospective customers’ side, VIDA
integrates directly with the client’s application, so users can fill out the registration form,
verify their identity and sign the account opening contract agreement in one place.
Sources
[1] Atos. Company Profile.
[2] CPA Canada. WebTrust seal program.
[3] Dailysocial.id. 2021. The Rise of Digital Banking in Indonesia 2021.
[4] Digital Regulation Platform. 2020. Data protection and trust.
[5] Entrust. 2020. Entrust Datacard is now Entrust.
[6] Gartner. Identity-proofing Services.
[7] Harvard Business Review. 2018. The 4 Dimensions of Digital Trust, Charted Across
42 Countries.
[8] Inkwood Research. INDONESIA ENTERPRISE RESOURCE PLANNING (ERP) MARKET
FORECAST 2022-2028.
[9] ITU News. 2017. Aadhaar: India’s route to digital financial inclusion.
[10] KPMG. 2015. Digital Trust.
[11] PwC. 2021. The 2022 Global Digital Trust Insights.
[12] PwC. Digital Trust and Cyber Security.
[13] Okta. 2021. The State of Digital Trust .
[14] SATW. 2021. Digital Trust.
[15] Singpass. Overview.
[16] SSLShopper. What is WebTrust for CAs (Certification Authorities)?
[17] Statista. 2022. Crowdfunding Indonesia.
[18] The Lowdown Momentum Asia. 2022. Rise of Digital Banks in Indonesia: 3 million
more users added in 2020.
[19] World Economic Forum. 2018. Identity in a Digital World: A new chapter in the social
contract.
[20] World Economic Forum. Digital Trust.
PT. Indonesia Digital Identity (VIDA)
www.vida.id