SK Launched Secure Implementation Guide for E-service Providers
SK ID Solutions, provider of Smart-ID and Mobile-ID, published a secure implementation guide for e-services to help them to protect them from attacks carried out by cybercriminals.
E-service providers need to consider many potential risks, including the ones that are associated with digital authentication solutions used by end-users accessing their services. Therefore, it is important that e-service providers implement additional security mechanisms to help users to understand the context of their actions and to protect them from possible attacks. To assist the e-services, SK ID Solutions has compiled a thorough document Secure Implementation Guide.
The document lists most common threats and attacks that have been tried in the past against the e-services and their customers. The document helps e-service providers to consider, which attacks could have most devastating impact on their business and customers and therefore, which countermeasures should be deployed.
“We consider authentication as a chain consisting of three links: end-user, authentication solution provider and e-service provider. To provide secure authentication, every party has to implement their own measures – end-users have to use the authentication tools (such as a Mobile-ID and Smart-ID) in a secure way, SK has to provide secure authentication service and e-services have to implement all needed security measures. The same applies to digital signing as well. While the end-users have been informed about different threats and how to fight them, and SK has always worked on improving their solutions’ security, the third link – e-service providers – have been left without clear instructions. As a vital party, they should implement their countermeasures, too,” said Jaan Murumets, Smart-ID Product Manager of SK ID Solutions.
The guidelines list main security measures for e-service providers. Although every measure listed is important in fighting against cybercriminals, the final decision based on risk assesment, and an action plan should be made by the e-service providers – there is nobody else, who can implement those defences and security measures on their behalf to protect their customers.