A

Building Trust in Indonesia’s

Digital Economy
© May 2022
 1

Contents
Contents 1
Message from VIDA Chief Executive Officer 2
Executive Summary 3
Chapter 1. Introduction to Digital Trust 5
What is digital trust? Why is it important? 6
Industries perspective about Digital Trust 7
Technology Supporting Digital Trust 11
The role of CA 11
International Benchmark on Creating an Environment of Trust 13
Business Model Supporting Digital Trust in Other Countries 14
International Industry Standard 15
Chapter 2. Digital Trust Principles 16
Speed 17
Scalable 18
Secure 20
Chapter 3. Digital Trust In Indonesia 22
Digital Trust in Indonesia and case study 23
Case study 29
Sources 32
 2

Message from VIDA Chief Executive Officer

Sati Rasuanto
As the world increasingly turns online, there is a growing need to establish and foster trust in
the digital world. Individuals and businesses all need a sense of safety and reliability when
carrying out transactions and activities digitally. When online shopping, people want to be
sure that they are dealing with legitimate sellers. Mobile banking users need to be able to trust
that their confidential financial information doesn’t fall into the hands of someone else. Ride-
hailing drivers or other platform workers want to know that their hard-earned money is properly
channeled into their account upon them finishing their work. The examples are countless!

Trust is what encourages people to engage online. Without it, it’s hard to imagine any digital
innovation taking off. In a way, trust is what fundamentally drives our digital economy.

In building digital trust, we need new solutions and technologies to answer challenges
surrounding digital identity, privacy, and cyber security. VIDA, as a Certificate Authority,
strives to provide this trusted environment. Our goal is to empower individuals to seamlessly
control their most valuable information – their data and identity – while protecting this private
information with the highest standards of security. And we do this by working with companies
and helping them embed digital trusts technology and solutions into their processes.

When the pandemic hits and large-scale mobility restriction was imposed in early 2020,
the world almost unanimously turns to the internet to help support daily life. The transition
to digital happened to people across countries, age group, gender and income level. While
the pandemic has triggered an unprecedented level of digital inclusion, there remains a gap
between early adopters and the long tail, especially on the quality and level of engagement
with various digital services. Despite the fact that these services harbor the potential to
meaningfully impact the lives of underserved communities. Whether that’s allowing people
quick and easy access for COVID-19 related relief or bringing previously unbanked segments
into the financial mainstream through digital financial services.

A big part of this gap comes down to a need for building deeper trust. But how can we ensure
that the digital trust ecosystem is set up in a way that not only ensures security but is also
inclusive and scalable?

Through the “Digital Trust Report”, a collaboration between VIDA and DSInnovate, we hope
to provide a comprehensive report on those issues. The report will explore issues around
the general concept of digital trust, solutions and technology supporting it, as well as the
important design principles that should characterize those solutions.

With a focus on Indonesia, one of the largest and fastest growing internet economies in the
world, we hope the report can help illustrate the urgency and best practices of fostering digital
trust for our online world.

Happy reading!
 3

Executive Summary
Digital trust is becoming an essential requirement for businesses adopting digital technology.
Increased customer awareness about data privacy and security has encouraged businesses
to invest in safe and secure products and services.

Indonesia’s digital economy is expected to reach $146 billion by 2025, doubling from $70 billion
in 2021. Integrating digital trust helps companies build customer confidence when using digital
platforms for their daily activities. In 2019, the Tech For Good Institute estimated Southeast
Asians lost $260 million to digital fraud, with identity fraud taking the most significant share
(71%) of all fraudulent online activities.

In addition to commercial activities, government institutions are also working to strengthen

trust within the public sector. The Singaporean government, for example, verifies identities
by matching captured images with that of their government databases. Indonesia’s Single
Identity Number (NIK) is also becoming the verification benchmark for many transactions.

As Indonesian customers become more digitally savvy, providing secure digital services
becomes crucial.

Certification Authorities (CAs) play an essential role in digital trust by providing businesses
with solutions that comply with the highest security standards. Digital trust solutions can
help minimize the risks of fraud, misuse of data or information, or other illegal activities that
negatively impact businesses and customers.

Speed, security, and scalability are the most critical principles when providing digital trust
solutions. CAs must abide by these principles when providing products and services. The
solution provided must ensure that businesses operate with speed, convenience, and
security at scale.
 4

Chapter 1.
Introduction to
Digital Trust
 5

What is digital trust? Why is it important?

The expanding reach of digital technology has made the issue of digital trust increasingly
urgent and relevant. From e-commerce, banking, healthcare services, to social media, ensuring
that all internet users feel secure interacting online is a paramount priority for platforms or
service providers in the digital world.

The COVID-19 pandemic has accelerated the trend of digital transformation around the world. In
Indonesia, the government has established a policy of Large-Scale Social Restrictions (PSBB).
It limited physical activities for businesses and other organizations. Schools transitioned from
offline to online learning, organizations enforced remote work, and automation is accelerated
in a wide array of industries.

One one hand, growth in digital services has highlighted the huge potential for technology to
add value to society. On the other, this development unveiled the central role that trust plays
in encouraging digital adoption. For example, users will hesitate to use banking or financial
applications when there is no data security guarantee from banks. E-commerce users will
also avoid making digital transactions when they feel the payment process is unsecure.

How can digital trust be fostered? On a daily basis, internet users submit and exchange
personal data in return for access to digital services or platforms. This may include email
address, phone numbers, national identity number, home address, photos of ourselves and
others data points that could identify us as individuals. Collectively, this information makes up
an individual’s digital identity. Digital trust can be established by protecting the user’s digital
identity. Beyond ensuring the safety and reliability of online systems, safeguarding security
and privacy also includes preventing unauthorized and unwarranted access and use of users’
data. It is important that users are informed and in control over how their data are used and to
what end. Thus, service providers need to consider how users are able to exert control when
building their digital ecosystems.

In this report, we highlight:

• The importance and benefit of fostering digital trust
• The role of digital trust provider in supporting business and organizations to build
a trustworthy digital ecosystem
• Technologies supporting digital trusts
• Key principles of a good digital trust solutions
• Trust in Indonesia’s digital economy
 6

The Benefits of Trusts

By building trust, companies gain tremendous competitive advantage in dealing with customers/
clients, partners and investors:

Advantages with customers Advantages with partners Advantages with investors

• Trusts accelerate take-up, • Trust encourages • Trust inspires confidence.

customers will be more
willing to adopt and try
more of company’s digital
services since they believe
their data and assets are
safely managed
collaboration and synergy.
Business partners feel at
ease when engaging with a
company that takes privacy
and security management
seriously.
Trustworthy systems signal
to investors that companies
are able to responsibly
manage security and other
risks that may result in
suspension of operations
due to legal or regulatory
concerns.

Figure 01. Comparison of Digital Trust Across Countries (Harvard Business Review, 2018)

0-5 score for Attitudes Behavior Environment Experience

each category How users feel How users respond The mechanisms for How users experience
0 is low trust and about the digital to frictions in digital building digital trust, the digital trust
5 is high trust environment experiences and their robustness environment

Australia 2.90 1.85 2.73 3.25

Brazil 2.24 2.27 2.32 1.61
Bulgaria 2.34 2.76 2.39 2.91
Canada 2.66 1.76 2.71 2.01
Chile 2.12 3.22 2.66 1.31
China 3.04 3.62 1.73 1.27
Colombia 1.96 3.01 2.33 1.53
Egypt 2.71 2.17 1.95 1.05
Estonia 2.57 2.45 3.66 2.74
FInlan 2.57 2.53 3.47 3.31
France 2.41 1.49 2.83 2.96
Germany 2.73 1.93 3.30 2.94
Hong Kong 2.62 2.79 3.21 2.84
Hungary 2.41 2.25 3.02 2.43
India 2.58 2.64 2.83 0.74
Indonesia 2.91 2.60 2.27 0.98
Ireland 2.27 2.96 2.70 2.80
Italy 2.51 2.50 3.23 2.53
Japan 2.25 2.16 3.15 3.51
Jordan 2.27 2.20 2.29 1.58
Malaysia 2.14 3.14 2.90 1.38
Mexico 2.31 1.98 2.26 1.91
Netherlands 2.75 2.12 3.64 3.15
New Zealand 2.51 2.66 2.96 2.29
 7

0-5 score for Attitudes Behavior Environment Experience

each category How users feel How users respond The mechanisms for How users experience
0 is low trust and about the digital to frictions in digital building digital trust, the digital trust
5 is high trust environment experiences and their robustness environment

Norway 2.41 2.80 3.43 3.34

Pakistan 2.66 1.89 1.87 0.40
Peru 2.07 2.79 2.56 2.61
Philippines 2.10 3.02 2.38 1.53
Poland 2.52 2.18 3.01 2.77
Russia 2.58 2.24 2.73 2.81
Saudi Arabia 2.22 2.52 2.18 2.24
Singapore 2.45 3.26 3.13 3.09
Slovenia 2.11 2.34 3.12 3.02
South Korea 2.40 1.73 3.29 3.49
Spain 2.21 2.87 2.85 3.13
Sweden 3.34 2.52 3.45 3.31
Switzerland 2.65 2.38 3.55 3.79
Thailand 2.73 2.79 2.37 1.88
Turkey 2.21 3.10 2.21 2.49
United Kingdom 2.29 2.40 2.97 3.22
United States 2.45 1.96 2.95 2.89
Vietnam 2.45 3.01 2.07 1.60

Bhaskar Chakravorti et al measured four key dimensions of digital trust: Behavior, Attitudes,
Environment, and Experience from 42 countries. Result shows that Indonesia ranks
considerably well for attitudes, behavior, and environment sections. While Sweden ranks
the highest for high attitudes (score 3.34), China ranks the highest for behavior (score 3.26),
Estonia ranks the highest for environment (score 3.66), and Switzerland scores 3.79, which
makes it highest in experience score among other countries.

Industries perspective about Digital Trust

“Digital trust plays a crucial role for every business who has a core
business in the digital sector. Company’s ability to build a safe and
reliable digital environment for users will certainly be a catalyst in
maintaining the company’s reputation in front of users. Implementing
digital trust in every business process can help the company to
identify and prevent any potential legal risks that may occur due to
non-compliance with digital security standards set out in a number of
applicable laws and regulations”

~ Ruben Sumigar,
Data Privacy Officer
Lead of OVO
 8

“Digital trust means people are able to entrust their data to one
organization with ease. For example, when a customer wants to buy
an insurance product, they feel safe giving their personal data (ID
cards, telephone numbers, and addresses) because they have trust
that the company will manage their data responsibly.”

~ Herdi Santoso,
Founder of Asuransiku.id

“Bringing innovations to the market is something unavoidable for a

banking institution. With digital trust, there are many opportunities
to leverage for serving customers. Faster onboarding process, user
verification, credit scoring and loan approval are just a few examples
on how digital trust could be utilized to support banking business.
To ensure the Digital Trust is properly established, the role of a
trusted third party is crucial to support identity proofing and banking
transactions. Things such as customer blacklist, whitelist, someone’s
~ Leo Koesmanto, credit worthiness, credit score, and others can be provided with the
Managing Director identity proofing service.”
Digital Banking of
DBS Bank

“From the company’s point of view, we are very reliant on the

development of digital trust. In our business processes, data accuracy
and validity is crucial because we provide financing to dealers. Digital
trust also will help us to achieve efficiency and make our business
more scalable.”

~ Arvino,
Tech Lead of Broom

“Digital trust is actually like a backbone, especially when talking

about a fairly or very conservative financial industry. It really must
be handled properly on how to get someone to enter this industry, for
dealing with what is called “digital trust”.”

~ Zaenani Trianto,
Head of Department Digital
Transformation of Hanwha Life
 9

“Digital trust in our company is the concept as a company or a

platform that can make customers comfortable, and also believe
there is no data fraud in the platform.”

~ Sherief Caesar Mursyidi,

CTO of Futuready

“From our perspective, digital trust is our effort to avoid fraud and
other negative instances resulting from digital journeys. Educating
customers is important to make sure they feel safe when they provide
data and can only be used for the purpose of their transactions. With
the framework and the system we have, we can ensure data security”

~ Maregia Liutanto,
VP Partnership of Koinworks

“As we see the importance of data security, it becomes one of the

three main principles in our IT Master Plan. Thus, Digital Trust as one
of the derivatives of security is very important in the application and
processes run by the company”.

~ Widjayanto ,
Chief Operation Officer (COO)
of PT Fintek Karya Nusantara
(LinkAja)

“Digital Trust will speed up the Turnaround time (TAT). The end to
end process will be simplified in the long run. The faster TAT will make
the customers happy. As the process owner, sometimes we need to
make the process simple, this will make potential risks identification
faster. When integration is carried out by complying with processes,
standardization, and regulation, the end-to-end process will obtain its
level of confident”.
~ Division Head,
Information Services
and Operations of
PermataBank
 10

“Digital trust is a process or product that can increase the data

security and trustworthiness for both customers and companies.
From customers’ perspective, when they share personal data
to create an insurance policy, they feel safe and trust WE+ as a
service provider & web/application platform. From the company’s
perspective, we are able to know and trust that the validity of
customers’ data is proven”
~ Ivan John,
IT Lead of We+

“While digital implementation in the insurance sector still needs to

be regulated, we as a digital insurance broker perceive digital trust
as something very important. The risk placement process that we
held will be more accountable if the data is validated and verified.”

~ Aditya Budi,
CEO of Premiro

“In the future, more companies will carry out digital transformations
for their business. The current pandemic has changed the way
people transact and interact. So, the role of digital trust in the future
is very important, which data security and privacy are very crucial.
And this will be a challenge for companies that run their business
digitally, because this has a reciprocal effect on the sustainability of
the company’s business.”

~ Angela M. Kurnianingtyas,
Technical Project Manager of
Kopi Kenangan

From our interviews with digital industry stakeholders from various sectors, we can conclude
that the benefits of establishing digital trust are as follows:

1. Creates trust between the customer and the company, so that customers are more
likely use the company’s services

2. Provides assurances that the company has reduced risk of fraud and identity theft

3. Reduces non-compliance and legal risks

 11

Technology Supporting Digital Trust

The Role of CA
A CA (Certificate Authority) is a digital trust provider that helps businesses and organizations
manage their users’ digital identity.
A CA issues electronic certificates of a person or organization after verifying the validity of
their identity. The verification process varies case to case depending on the purpose of the
certificate issuance. Oftentimes a CA relies on basic personal information such as name, email
address, national ID number, and biometric data (face, iris, fingerprint, etc.). However, when
firms/organizations work with a CA for a more specific purpose (e.g. banking activities or
healthcare services) other personal data points, such as salary or medical records information
can also be incorporated into the verification process. To be able to verify these data, a CA
matches those information with authoritative data sources. For example, national ID numbers
are considered verified when successfully matched with the Government’s Civil Registry.
Figure 02. Integration of personal data into the electronic certificate

Driver
License Passport

Email
Id Card Adress

Integrate
Electronic Certificate

Once verified, users’ personal data are linked to a CA issued electronic certificate. These
electronic certificates can be likened to our offline identity card. And it can be used in a variety
of ways - from proofing our identity when accessing a certain digital service or to signify
consent to a digital contract/agreement.

Electronic certificates are securely encrypted and can only be accessed by the certificate
owner through a multi-factor authentication (MFA) process. MFA is an authentication method
that only grants someone access if they can successfully present two or more pieces of
evidence indicating that they are who they claim to be. Often, it follows a “What You Have”
and “What You Know” framework. For example, a user can only open their account, if they
have information of its password (What You Know) and possess the smartphone device that
the account is linked to (What You Have). In the case of electronic certificates, it’s common
to employ biometric authentication, so that only if users can present the correct biometric
information will the certificate access be granted. This way, businesses can ensure the safety
and privacy of their users’ data. Without users’ direct consent, expressed through an identity
authentication process, no one can access and use their data.
 12

A CA works with business and other organizations to incorporate these processes into their
business model:

1. Identity Proofing
Identity proofing service is widely used in financial services such as banking, insurance and
fintech, especially with the increasing digital transformation in these services. The most
common implementation of identity proofing service is for opening an account. Financial
services need to verify the identity of the new customers to minimize the fraud risk.

For example, in P2P Lending, identity proofing is used to detect the validity of a potential
lender and borrower’s identity. This is to avoid instances of fake IDs, identity thefts or even
multiple borrowing from the same individual.

2. Authentication Service (for access management)

An access management system is used to manage and monitor access permissions to files,
systems, and services to help protect individuals and organizations from access breaches.

3. Digital signature
A digital signature is a specific type of electronic signature that requires the signer to
authenticate their identity using a certificate-based digital ID. Digital signatures reduce the
risk of unwarranted duplication or alteration of an electronic document.

Digital signatures can be used for signing documents such as invoices, legal agreements,
and registration forms for digital services. Beyond that, digital signatures can also be used to
allow users to express consent towards various terms of service or similar contracts.

Implementation of digital signatures in business can benefit both consumers and service
providers in these ways:
• Faster transactions and better customer service; business process such as loan approval,
disbursements can be done faster
• Reduce costs; digital document management allows enterprises to cut cost on physical
storage
• User-friendly; a good digital signature is designed to prioritize convenience and ease
of use

International Benchmark on Creating an Environment of Trust

Cybersecurity is a rapidly growing concern for customers and businesses as they become
increasingly aware of the importance of data security and privacy. According to PwC’s 2022
Global Digital Trust Insights Survey, investments are pouring into the cybersecurity sector. 69%
of organizations predict a rise in cyber security spending in 2022 compared to 55% last year.
More than a quarter (26%) predict cyber spending hikes of 10% or more. This is an increase
from 8% reported in the previous year.

A key pillar of cybersecurity that is extensively regulated are data protection and privacy. We
have summarized the different regulatory regimes that govern protection and privacy across
the world.
 13

Europe
Data protection as a regulatory concept first appeared in the Council of Europe’s 1981
Convention on data protection. While data protection emerged in Europe, data protection
regimes have since been adopted widely around the world, with nearly 140 countries having
some form of legal regime (Greenleaf 2020), as well as numerous other regional instruments,
including the Asia-Pacific Economic Cooperation Privacy Framework and the African Union
Convention on Cyber Security and Personal Data Protection (2014). In Europe, The General
Data Protection Regulation (GDPR) is the toughest law that is implemented anywhere, as long
as it targets or collects data related to people in Europe. With GDPR, Europe is showing a firm
stand on data privacy and security at a time when more people are entrusting their personal
data with cloud services and breaches are an everyday occurrence.

United States
The United States does not have a singular law that covers the privacy of all types of data.
Instead, it has a mix of laws such as HIPAA, FCRA, GLBA, ECPA, FTC Act, etc. These are
designed to target only specific types of data in special circumstances. Below are some of the
functions of the law.

• Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires
the creation of national standards to protect sensitive patient health information from
being disclosed without the patient’s consent or knowledge.

• The Fair Credit Reporting Act (FCRA) covers information in people’s credit reports. It
limits who is allowed to see a credit report, what the credit bureaus can collect, and how
information is obtained.

• Gramm-Leach-Bliley Act (GLBA) requires consumer financial products, such as loan

services or investment-advice services, to explain how they share data, as well as the
customer’s right to opt out.

China
In China, there are three main laws that cover data privacy and data security regime, named
CSL, DSL, PIPL. The Cybersecurity Law of the People’s Republic of China (CSL) provides
guidelines on cybersecurity requirements for safeguarding Chinese cyberspace. Data Security
Law (DSL), which sets up a framework that classifies data collected and stored in China
based on its potential impact on Chinese national security, regulates its storage, and transfer
depending on the data’s classification level. And The Personal Information Protection Law
(PIPL), that complements the DSL, is designed to protect the privacy and personal information
of Chinese citizens, and will require compliance initiatives on the part of Chinese organizations
and foreign companies operating in China.
 14

Business Model Supporting Digital Trust in Other Countries

Digital trust solutions have been implemented and are common to use by enterprises to
support their business process related to security or data protection. Below are some providers
of digital trust solutions in other countries.

1. SingPass
A digital identity company from Singapore that provides an app
for individuals to access government data sources, public services
and private platforms. Moreover, it also gives solutions for
enterprises such as face verification, e-KYC, signing documents
digitally, etc. Through this app, Singaporeans can access over 460
government agencies and businesses with 1,700 digital services
using fingertips..

2. Entrust
Entrust, an American company, founded in 1969 provides solutions
related to identities, payments, and data protection for financial,
Government, education, enterprise, healthcare, and retail sectors.
It applied cryptography, PKI, and advanced technology for serving
these solutions. Entrust has served 2500 colleagues in 150
countries, has 24 million financial messages encrypted daily, and
has a revenue amount of $800 million.

3. Atos
Atos is a European company that provides consultancy services,
digital security and decarbonization offerings; an end-to-end
partnership approach. Atos is a SE (Societas Europaea) that is
listed on Euronext Paris. It was also included on the CAC 40 ESG
and Next 20 Paris Stock Indexes. Digital Workplace Security, Hybrid
Cloud Security, IoT and OT Security, and Trusted Digital Identities
are some of the cybersecurity solutions that are provided by Atos.
Therefore, Atos succeeded to get €11 billion revenue and has
served in 71 countries.

It is also very important to see the security standard in other countries since every countries
has different security standard rules and security standard is crucial in businesses to be able
to implement digital trust.
 15

International Industry Standard

While compliance to the local regulation is necessary, businesses and other organizations
often subscribe to other internationally acknowledged sets of principles for security and
privacy protection. This is to ensure that despite being regulated by different cybersecurity
and data protection regimes, companies’ practices meet basic international standards and
requirements. For digital trust providers, Webtrust, AATL and ISO are the primary standard
certification institutions.

Webtrust
The WebTrust for Certification Authorities program was
developed to increase consumer confidence in the Internet as a
vehicle for conducting e-commerce, and to increase consumer
confidence in the application of PKI technology. This WebTrust
audit is performed by public accounting firms and practitioners
who are specifically licensed by the American Institute of
Certified Public Accountants (AICPA) and the Canadian Institute
of Chartered Accountants (CICA).

AATL
Other than Webtrust, the necessary standard for Certificate
Authority is AATL or Adobe Approved Trusted List, which is a
program that allows users to create digital signatures directly
trusted when the signed document is opened in Adobe’s product.
For Certificate Authority included in Adobe’s list of trusted providers,
users can create digital signatures that are recognized by various
Adobe document applications. This addresses the critical issue
of how trustworthy digital signatures are. Vida.id from Indonesia,
Netrust from Singapore, and Sectigo from the US are examples of
companies that owned AATL.

ISO27001
ISO27001 is an international standard on how information security
is managed, which protects data confidentiality, integrity, and
availability. Certification to the ISO27001 Standard is recognized
worldwide to protect data.
 16

Chapter 2.
Digital Trust
Principles
 17

Digital Trust is becoming increasingly vital for companies to provide to customers as digital
adoption increases. The principles of Speed, Secure and Scalable are very important when it
comes to companies finding the right partner to build trust within their digital environments.

Our interviews with users and industry stakeholders reveal that when designing a trustworthy
digital ecosystem, several factors play into consideration. Businesses want to make sure that
there is no tradeoff between speed and scalability when complying with strict data protection
and privacy standards.

Figure 03. Digital trust principles that should own by CAs

Speed

Digital Trust
Principles

Secure Scale

Speed

Real-time and efficient identification processes are key components of the speed principle.
Competition among businesses is driving companies to pursue fast and convenient processes.
How can digital trust providers ensure those requirements are met?

Real-time identification
Real time identification relies on technology and access to a wide-range of authoritative data
sources that support automatic verification of various types of use’ information.

Other demographic data such as name, date of birth, national ID number, and biometric
information such as facial recognition helps simplify the identity proofing process. By allowing
facial data matching against a formal registry, verification can be done in a matter of seconds.
To increase levels of assurances, a CA can also employ more advanced biometric matching
that includes liveness detection. This allows the identification process to detect whether the
person in front of the camera is real and not a video.
 18

Efficient process: KYC for multiple online services or product

Lean and efficient identity verification process helps businesses cut on-boarding or
registration red-tape. Which in turn can help reduce user attrition or drop-out rate in the
early stages of the user’s journey.

World Economic Forum (WEF) data suggests that 63% of potential users do not finish their
digital bank registration because of lengthy and complicated forms. For example, when trying
to onboard a user into a new financial product outside of their original savings account, it
is easier for both the user and the bank to use the same KYC information and grant access
upon successful authentication or submission of additional data. Rather than having to ask
users to input the same set of information.

Across all other use-cases - be it for healthcare or e-commerce services, an efficient

verification process comes down to user-centric journey design. A good digital trust provider
should be able to accommodate such flexibility when it’s needed.

“With the rapid innovations in our industry, we choose to

develop our own digital trust solutions. We use several
tools and technology to provide secure applications. We
also use several third party consultant to assess and test
the process, security and regulation compliance of our
products.”

~ Imam Sedayu,
Chief Commercial Officer
of SiCepat Ekspres

Scalable

Scalability for digital trust providers is the capability to ensure consistent and reliable delivery
of digital identity service despite growing volume. Scalability concerns both infrastructural
readiness as well flexibility in adapting to client’s evolving demand as traffic increases and
user profile varies. Below are the key components comprising digital trust systems’ scalability:

• Back-end infrastructure meets traffic expectations

On a daily basis, digital enterprises handle thousands of onboarding requests or process
millions of transactions. This demand will only grow as the size of the digital economy
expands. To fully aid these transformations, a CA solution needs to be able to support high-
volume use-cases.

It is crucial that a CA invests in its system capacity as well as capable back-end system
engineers and other trust roles. Moreover, as verification traffic increases, CA must ensure
that its access to authoritative data sources is stable and can accommodate the spike.
 19

• Flexible Integration
Digital enterprises value and rely on seamless user-experience in their applications or
websites. To cater to this need, a CA should be able to offer flexible process integration. Ideally
one that allows an efficient user-journey where users can stay in one platform throughout
the entire identification and verification process. For example, when a user registers for an
insurance policy via a mobile application, it would increase the likelihood of user drop-out if
the process requires the user to separately access and sign-up on another application just to
get their identity verified.

A CA should be able to provide integration options ranging from SDK, Web and API integration.

• Interoperability
Interoperability allows a CA’s electronic certificates or digital identity to be compatible
with digital ecosystems of other providers. Which in turn, lets a CA to expand its electronic
certificatee’s use-cases and opportunity for product collaboration.

Take the case of the Indonesian market. In Indonesia, electronic certificates regulation
mandates all digital signatures to be based upon a CA issued electronic certificate. In such
cases, without owning a CA permit, digital signature providers from other countries are not
able to operate in the country. Partnering with a CA which is set-up to be interoperable, allows
these providers to go-to market while tapping into the back-end systems of a government-
licensed CA in Indonesia.

Beyond digital signature, interoperability allows a CA to be flexible and responsive to

collaboration opportunities that necessitates the use of a CA’s digital identity for various ID
proofing use-cases.

• Sensitivity to Field Condition

A CA should strive towards making its services friendly to all kinds of user profiles. This is
especially important for clients whose users predominantly utilize low-end or old model
smartphones. Low-end and old model smartphones generally have lower processing
capacities and limited features, which makes it difficult for it to carry out heavy processing
tasks. For example, gig economy workers in Indonesia such as ride-hailing drivers, corner
store merchants, or last-mile financial agents predominantly use low-end or old model
phones. Despite that, identity verification is an integral part of their work, drivers need to
authenticate their app access at the start of the day and agents need to help onboard or
service their customers with various financial transactions. A CA needs to ensure that their
Identity proofing processes cater to and are sensitive to the needs of such demographics.

Agent based on-boarding model

Financial inclusion relies greatly on financial institutions’ ability to employ the right digital
technology to provide last-mile services. The case of India’s Adhaar, outlines the central role
that a comprehensive digital identity system plays in accelerating financial inclusion. As a
digital trust and identity provider, a CA needs to make sure that it is equipped to help financial
institutions deploy account opening and use schemes that are convenient and user-friendly
for the underbanked and unbanked population. The agent based on-boarding model lets corner
store merchants and individuals become the last-mile intermediary of financial services and
products. The success of this model, amongst others, rely on whether banks can employ an
identity proofing system that can help their agent verify their clients or potential clients when
registration or transactions happen.
 20

Secure

Access to Authoritative Data Sources

A CA can offer secure verification and identification services only if it is connected to
authoritative data sources. This way, enterprises can be sure that their users are verified
using a legitimate and reliable source. For example, the validity of a government’s database
in verifying basic personal data such as name, government ID number, address, family
registration number, photo or face, etc. are much stronger than from a non-government
authority. In the same way, information pertaining to someone’s tax or income status are
best matched with data from the national tax office. Therefore, the more matching access a
CA has to an authoritative data source the more use-cases it is able to cover.

It is worth noting that when verifying a user’s data with an authoritative database, a CA does
not directly obtain data from the database. It only performs a matching transaction with the
output of a yes or no information or a percentage match.

Audit & Regulatory Compliance

Regulatory compliance is obtained if a CA fulfills all of its licensing and audit requirements.
While this may vary depending on the digital identity and data security/protection regime
employed within a country, in Indonesia, at the very least a CA must fulfill the requirements
outlined by the Indonesia Ministry of Information and Communications (KOMINFO). This
includes regular IT, performance and financial audits performed by an independent third
party appointed by the Ministry. Other than KOMINFO, a CA is also expected to comply with
Financial Authority and other ministerial regulations if it intends to expand to use-cases in
various sectors.

A CA compliance can also be measured by its adherence to acknowledged international and/

or industry standards. The common world class standards for a CA provider are WebTrusts,
AATL and ISO 27001.

Invest in Data Centre

Investing in data center infrastructure offers a CA the possibility of improving its own
service security and efficiency. In the case of Indonesia, processing data on-shore (within
the country) is often the requirement of various sectors for what is classified as high-risk
processing. Generally, this includes transactions related to financial, health, and other
sensitive information.

“When choosing a partner for digital trust, we need to

ensure the partner has the standard in their industry
and comply with the rules in the insurance industry.
Other than giving a fast and simple experience to our
customers, we also want our customers to feel secure
with our digital journey.”

~ Marlin Sugama,
Chief Digital Officer of
Sequis Life
 21

“We see assurance provided by CA will determine the

security, capability, and how trusted their product and
services are. Their adoption to several standards such as
NIST and FIPS compliance will give security to us.”

~ Rendra Perdana Satria,

Cybersecurity Architect
of Blibli

The three basic principles of digital trust - speed, security and scalability - are crucial for a
CA to provide to its clients. All those aspects are interlinked and cannot be viewed separately.
Failure on one aspect can potentially cause major setbacks to an enterprise business plan
and target. For example, their users can lose confidence in the enterprise products and
services and are more likely to switch to competitors.

In a digital driven economy, trust is the key aspect for all stakeholders. A CA provider as the
supporting system for businesses, must ensure those basic principles are met and create a
safe and secure environment for both clients and its users.
 22

Chapter 3.
Digital Trust In
Indonesia
 23

Digital Trust in Indonesia and case study

Adoption of digital technology has become a necessity to keep up with customers’ demand.
In Indonesia, financial services is one of the pioneers of digitization as the implementation of
digital business processes is relatively high. The banking sector in Indonesia is transforming
with the rise of digital banking in the past years. Based on Bank of Indonesia (BI) data, the
digital banking transaction reached Rp3,732 trillion as of February 2022, growing 46.5% from
the same period in previous year.

The fintech sector, such as paylater, payment and P2P lending is also rapidly growing. In
February 2022, P2P lending disbursement reached Rp16.4 trillion, growing 19 percent from
the previous month and 71 percent compared to the same period in 2021. The disbursement
comes from 103 peer-to-peer lending fintech companies officially listed by the Financial
Services Authority (OJK). This covered over 29 million borrowers throughout the country.
Digital payment is also on the rise with e-money transaction value increasing 41.35 percent in
February 2022 (year-on-year).

In the e-commerce sector, the total transaction value in 2021 is estimated at Rp395 trillion,
growing 48.5% from Rp266 trillion in 2020. The sector’s recent boom, alongside other sectors
such as healthtech, insurance and edutech, are largely driven by the pandemic push towards
an online consumer behavior.

At a glance, below are the current and projected condition of Indonesia’s digital economy:

Sectors Current market condition Potential market value

$664.2 billion of banking

Banking total assets. Top 10 market 75% of Indonesia’s adult population is
(Source: IDX & BI) capitalization in IDX is dominated still in unbanked or underbanked
by banks
Digital Banking
Rp 27,356 T (2020) to Rp39,841 T Gross digital economy transaction
(Source: Bank
(2021) digital banking transaction value is expected reach Rp1,700 T in
Indonesia & Ministry
value 2025
of Finance)

Gross Written Premium of life insurance

Insurance 2.92%(2020) to 3.11% (2021)
is projected to grow from Rp185.1 T in
(Source: GlobalData) insurance penetration
2019 to Rp196.8 T in 2024

P2P Lending Rp74.1 T (2020) to Rp141.5 T Fintech industry value in 2025

(Source: OJK) (Nov 2021) loan disbursement estimated will reach $100 billion

Payment Rp 205 T (2020)

Gross digital transaction value is
(Source: Bank to Rp305 T (2021) electronic
expected reach Rp17,000 T in 2025
Indonesia) money transaction value

Logistic
(Source: Ken $220.9 billion revenue in 2020 Estimated will be $300.3 billion in 2024
Research)
E-commerce
Rp266 T (2020) to Rp395 T (2021) Estimated transaction value will be
(Source: Goldman
e-commerce transaction value Rp1,358 T in 2025
Sachs)
$5.9 million (2020) to $6.2 million
Equity Crowdfunding Estimated transaction value will be $6.8
(2021) equity crowdfunding
(Source: Statista) million in 2025
transaction value
 24

What does it mean for Digital Trust in Indonesia?

As the digital economy in the country grows, the importance of digital trust is becoming more
vital for businesses. Trust itself is the key factor that drives customer decisions to use digital
based products and services. The unavoidable digital transformation and growing customer
expectation on data security has made companies consider integrating their digital trust
solutions to their products and services. The risks of not properly managing digital trust can
be costly.

For example, in the financial sector, misappropriation of name, identity, financial data and
record, and access to financial platforms can be a massive mishap for both the customer and
the financial institution itself. Unauthorized transactions, fraud, money laundering and other
activities which go against the law can be at risk of happening due to companies’ lack of
proper data and security governance.

Other than to help manage data and security risks, implementing digital trust solutions allows
businesses to unlock opportunities. The implementation of digital trust solutions varies
between industries. In this report we collect insights from industries on how implementation
of digital trust has allowed them to improve upon and explore novel digital use-cases to make
their service more efficient.

Figure 4. Digital Trust Solutions Implemented in Many Sectors

Insurance Logistic

Government P2P
Lending

Digital
Identity
Banking Healthcare

Edtech E-commerce

E-money
 25

Banking

Digital trust solutions in the banking industry is a necessity. Since banking applications are
widely used by customers, more financial transactions are now conducted via mobile and
smartphones. From account opening, loan application and approval, to customer’s savings
account management, banks need to accommodate by building a secure and user-friendly
digital process.
For example:
• Real-time account opening using e-KYC simplifies the process from days to no longer
than 5-10 minutes
• Online forms, loan risk assessments and identity verification employing various data
points help analysts score the creditworthiness and digital signature for the approval
process
• Biometric access management ensures that only the rightful account owner can
access their mobile banking app; and
• Digital signatures facilitate and complete fully online transactions/approval processes.
Other than security, user convenience is also becoming a consideration for banks when
adopting a new digital model. Balancing between security and convenience are vital to give
customers a great experience yet ensure security while accessing banking applications.

Insurance

In the insurance sector, onboarding and claim processes are still mostly manual. Potential
clients’ verification process is mixed between digital and manual processes depending on
the category of the insurance. For life and health insurance, digital verification could be
implemented more than general insurance (vehicle and property) where physical verification
is still needed. The regulation also still requires submission of a certain physical document.

Identity verification can be implemented in the insurance industry to help shorten the
onboarding/claim process. Verification such as biometric recognition could help insurance
companies to verify the actual policy holder and minimize risks of claim fraud. While physical
verification is still needed for some insurance products, digital signature also could be
implemented to shorten the administrative process.

Role of digital insurance brokers as an intermediary between insurance companies and

policy holders could be simplified through the digital pre-claim process. While OJK still oblige
manual document submission for the claim process, the mechanism of claim itself could be
sped up through digital trust solutions. Insurance brokers could provide digital signatures for
policyholders to give a conveyor to insurance companies to start claim verification. Thus, the
claim verification could be started without waiting for a manual document to be submitted.
Digital signatures also could be implemented on quotation slips while releasing an over-claim
offering settlement Letter of Discharge (LOD).

The insurance industry is heavily regulated and thus, insurance firms are careful to approach
novel IT solutions. The implementation of digital trust technologies is not without its
challenges. Many due diligence processes, both from firms as well as insurance regulators,
are conducted to ensure that the industry employs appropriate security considerations from
digital innovation.
 26

Electronic Money

Implementation of digital trust in e-money providers can start from the merchant or user
onboarding process. To avoid fraud and identity theft, biometric liveness tests or other mode
authentications can be implemented during e-KYC and transaction validation processes. To
validate transactions, two steps verification is implemented through biometric verification.

These solutions help to identify the same person who has registered, so the e-money
account will not be misused by other people.

P2P Lending

Identity proofing in the P2P lending sector is the basic requirement to validate the customer
identity as all of the interaction with their customers happens digitally. Document validation
and biometric verification are widely used by P2P lending companies to avoid identity theft
and fraud.

Moreover, P2P lending companies also use digital signatures for loan agreement contracts.
This helps minimize physical documents collected by the P2P lending team, make the process
faster, and allow clients from all over Indonesia to conveniently submit their signature.

Government

Digital trust solutions could be implemented to help digitize the distribution of government’s
social protection programs (Bansos). Ensuring that beneficiaries’ identity are digitally verified
against a centralized beneficiary database can help the government improve program’s
targeting, process’s efficiency and reduce leakages. Furthermore, by partnering with agents
of banks and/or e-money providers equipped to conduct last-mile biometric verification,
the program can potentially speed up the distribution process and help accelerate cashless
transactions at remote locations in the country.

Healthcare

In general, digital trusts technology can also be used to improve hospital in-patient care
efficiency. Allowing new or returning hospital patients to smoothly register, book doctor’s
consultations and have their medical record be kept and updated digitally. Such processes
help doctors, nurses and other healthcare professionals to benefit from improving hospital
bureaucracy.

Furthermore, in healthcare platforms, digital trust solutions could help the patient onboarding
process onto healthcare e-commerce apps. Where ID verification can be employed to ensure
identity before doctor’s consultation and or while redeeming the prescription. This way, the
risk of drug misuse could be minimized.

During the pandemic, to join the vaccination program held by the government, people could
register through a healthcare platform. Digital trust solutions such as identity verification
could be implemented to verify the person is the real recipient of the vaccines and help smooth
implementation of programs such as travel/vaccine passports.
 27

Logistic

Digital signature is being implemented in logistic companies to speed up the decision making
process such as shipment approval or any decision needed immediately. The impact of
implementing digital signatures could help logistic companies in the approval process that
previously took more than 24 hours and can be done faster. For example, the signature process
carried out by users who are in different locations (either branch offices, cities, or countries)
can be done in a short time, without having to wait for hardcopy documents to be sent across
cities or countries.

E-commerce

As a driver in many digital adoption in various sectors, implementation of digital trust in

e-commerce is affecting sectors such as logistics and payment. The implementation becomes
a front gate of the e-KYC process in other sectors. Merchant and user onboarding processes
will be verified through data and biometric verification, to avoid any data misuse and potential
fraud. In the onboarding process, digital trust implementation will give a faster yet secure
process for merchants and users.

The rise of paylater concept in e-commerce also becomes a key reason on why digital trust
implementation in e-commerce is very important. Alongside with customer transaction record,
the validity of customer identity itself crucial for e-commerce to provide paylater service to
its customers. E-commerce needs to ensure that the person applying for paylater is a real
person through a biometric liveness test and then with the integrated data with Dukcapil’s
database, e-commerce could expand the credit scoring approach to the customers with API
integration with other parties.

Another benefit of digital trust implementation is to validate the transaction done by customers.
Biometric verification (face or fingerprint) to validate the transaction will give a sense of
security to e-commerce users compared to password or PIN verification. This will reduce
the possibility of data misuse and unauthorized transactions. To accommodate the lower
segment users, 2FA (two-way-authentication) also becomes a consideration for e-commerce
to implement.

“The credibility of online exams is necessary for an edtech

platform. Because companies should ensure there is no
fraud during the exams, especially for certified training
such as tax, Occupational Safety and Health (OSH), etc.
So the credibility between online exams is the same with
offline exams.”
~ Hilman Fajrian,
CEO of Arkademi
 28

“In order to balance security and customers’ convenience,

and to avoid layered verification processes, digital trust
solutions could be leveraged using AI and IoT. It can predict
the pattern of customer behavior with high precision.”

~ Andreas Kurniawan,
Chief Digital and
Analytics Officer of
Bank Danamon

“DBS Bank has launched Virtual Credit Card, which the

approval process only takes 60 seconds. With digitization
the process could be faster. Customers can get the
credit virtual number soon and could be directly doing
the transaction. Then for remittance services, DBS Bank
able to do money transfer to 11 currencies in 20 countries
quickly in less than a day (which previously the process
~ Leo Koesmanto,
takes 3 days until 1 week)”
Managing Director
Digital Banking of
DBS Bank

“In the future, digital trust will become very substantial,

since businesses of every sector adapt their business into
digital. People are becoming more aware of digital ethics
(standards, SOP, regulation towards data privacy). This
will drive the digital trust solution to innovate into more
varieties, for example, MSISDN authentication.”
~Rudi Adianto,
Head of Tech of
Alodokter

“The expectation towards digital trust solutions in the

future related to advance verification and authentication
for e-commerce buyers & merchants is biometric
authentication. It will ensure the identity of users and will
deliver trust better.”

~ Albert Nobel,
Head of IT Infrastructure
of Bhinneka
 29

Case Study

Case Study
Online Onboarding at Scale: Digitizing Grab’s Partner Onboarding

Project:
Grab collaborates with VIDA to build a fully online process for driver and merchant
onboarding into Grab’s digital platform.

Context & challenges:

Grab’s SuperApp is one of the largest ride-hailing and delivery services in Indonesia. With its
business model, Grab has provided a platform for drivers, MSMEs, and other local economic
actors to thrive.

Despite being a technology company, Grab’s widespread reach across the archipelago
combined with the need for document signing process for partners’ registration, requires
Grab to accommodate the offline processes to adapt to field conditions.

However, the ever-increasing demand for minimizing physical interactions during COVID-19
has pushed all to adapt. From the consumer side, the mobility restrictions imposed during
the pandemic have significantly increased the demand for various types of Grab services.
While simultaneously, an increasing trend can also be observed for new partners who wish
to register themselves onto Grab’s platform.

Approach & strategy:

VIDA started by developing detailed profiles and personas of Grab’s partners. After initial
discussion and research, solutions are developed in ways that ensure it is relevant and contextual
to field conditions. Through this process, VIDA develops an online onboarding solution:

That can be conducted through various types of smartphones, especially

low-end phones

Easy and convenient for various Grab partners’ persona

Seamless and quick - i.e does not take more than 5 minute

Accommodates for high traffic volume

Solution:
VIDA builds an online identity verification and authentication system for potential and/
or existing partners by performing real-time matching with the Indonesian population
database. To ensure seamless, easy, and efficient use from the partner side, VIDA integrates
directly with the Grab system, so that there is no significant friction, e.g. when (i) Grab’s
prospective partners carry out the registration process - from filling out forms to digitally
signing contracts, and/or (ii) Grab’s existing partners to renew the existing agreement with
Grab, throughout Indonesia.
 30

Key features of the solution include:

• Biometric technology and liveness detection are integrated into Grab’s main system
to facilitate the identity verification process of Grab existing/prospective partners.
Grab’s existing/prospective partners only need to enter personal data according to their
respective national ID documents and show their faces on the front camera to conduct
their liveness check. These biometric data will be securely matched with the population
data of the Government of Indonesia.
• Electronic signature helping potential partners to indicate their consent and agreement
in their partnership contract/other agreement with Grab.

Case Study

Accelerating Financial Inclusion through Digitizing Bank Account Opening Process

Project:
VIDA collaborated with a digital bank to design an online customer account opening
process and electronic signature.*

Context & challenges:

The Client is part of a state-owned bank with the largest network in Indonesia. It was formed to
specifically become a digital bank provider targeting the younger generation and gig economy
workers.

To ensure optimal service, The Client and VIDA collaborate to present an integrated end-to-
end online onboarding process that can be accessed easily through the client’s application.

Approach & strategy:

VIDA builds an identity proofing system for prospective customers by conducting real-time
verification and authentication of personal data such as name, KTP number, date of birth, face
and others. By connecting directly with the Indonesian government’s population database to
match data, VIDA is able to confirm prospective customers’ identity in a way that is secure
and reliable.

In digital banking, user-friendliness is a key benchmark determining whether prospective

customers carry out and complete the overall registration stage. To that end, VIDA’s main
target is to establish an onboarding process that:

Seamless and quick - i.e does not take more than 5 minute
Integrated with existing in-app registration flow
Accommodates for high volume of application

*) The client is kept confidential due to the on-going nature of the project
 31

Solution:
To ensure a seamless, easy, and efficient use from the prospective customers’ side, VIDA
integrates directly with the client’s application, so users can fill out the registration form,
verify their identity and sign the account opening contract agreement in one place.

This online end-to-end onboarding solution is provided to approximately 100,000 prospective

customers per year.

Key features of the solution include:

• Biometric technology and liveness detection are integrated into the client’s main system
to facilitate the identity verification process of prospective users. Users only need to
enter personal data according to their respective national ID documents and show their
faces on the front camera to conduct their liveness check. These biometric data will be
securely matched with the population data of the Government of Indonesia.
• Electronic signature helping customers to indicate their consent and agreement in
opening a bank account with our client.
 32

Sources
[1] Atos. Company Profile.
[2] CPA Canada. WebTrust seal program.
[3] Dailysocial.id. 2021. The Rise of Digital Banking in Indonesia 2021.
[4] Digital Regulation Platform. 2020. Data protection and trust.
[5] Entrust. 2020. Entrust Datacard is now Entrust.
[6] Gartner. Identity-proofing Services.
[7] Harvard Business Review. 2018. The 4 Dimensions of Digital Trust, Charted Across
42 Countries.
[8] Inkwood Research. INDONESIA ENTERPRISE RESOURCE PLANNING (ERP) MARKET
FORECAST 2022-2028.
[9] ITU News. 2017. Aadhaar: India’s route to digital financial inclusion.
[10] KPMG. 2015. Digital Trust.
[11] PwC. 2021. The 2022 Global Digital Trust Insights.
[12] PwC. Digital Trust and Cyber Security.
[13] Okta. 2021. The State of Digital Trust .
[14] SATW. 2021. Digital Trust.
[15] Singpass. Overview.
[16] SSLShopper. What is WebTrust for CAs (Certification Authorities)?
[17] Statista. 2022. Crowdfunding Indonesia.
[18] The Lowdown Momentum Asia. 2022. Rise of Digital Banks in Indonesia: 3 million
more users added in 2020.
[19] World Economic Forum. 2018. Identity in a Digital World: A new chapter in the social
contract.
[20] ​​World Economic Forum. Digital Trust.
PT. Indonesia Digital Identity (VIDA)
www.vida.id