Imagine a banking customer handing over their ATM card and PIN number to another person for withdrawing cash. What do we make of that person? A gullible fool, an imbecile or a digital idiot. How many such persons would exist in India today? A handful, tiny, miniscule minority of the ATM customers at the worst.
Now, can you imagine an arena where the majority, if not substantially the whole customer population hand over their ‘ATM card’ and ‘PIN’ to another person permanently to use it? What we are talking about is not a figment of imagination or of a fictional country; rather it is the sophisticated world of Indian corporates, where directors hand over their digital signature token to their accountant or attorney to use it at their discretion. In fact if a test is conducted in which the holders of digital signatures are required to affix it to a document, I am willing to bet my last rupee that more than 90% of the 400,000+ DIN holders in India will fail to do the basic act of affixing their digital signature on to a given document.
Digital signature is identity proof presented electronically to prove one’s identify, to access information or service on the internet or to sign documents digitally. This is essential as electronic documents like e-forms filed with MCA and Income Tax returns need to be authenticated using a digital signature. Digital Signatures are legally admissible in a court of law as provided in the Indian IT Act, 2000.
Every director of a company or authorized signatory needs to get a Digital Signature Certificate (DSC) from the Certifying Authority, who is licensed to issue a DSC under section 24 of the India IT Act, 2000.
Digital signature certificates in India are classified into 3 classes based on its authenticity:
- Class I: Issued to private individuals / private subscribers –they certify User’s name and email address
- Class 2: Issued to business personnel/ private individual. Use –they certify that the information provided by the subscriber does not conflict with information in well document databases
- Class 3: Issued to individuals / Organizations –high assurance certificates for e-com applications issued to individuals only on their physical appearance before the certifying authority.
However, all the three class of DSC’s are not accorded the same standing in law. For example, MCA recognizes only class 2 and class 3 digital signatures for the purpose of affixing it to e-forms.
With the advent of Aadhaar two new modes of digital certificates have come up which are in the Class 2 category:
- Aadhaar e-KYC OTP based: the digital signature is affixed after an OTP authentication successfully validates the subscriber is the same as the Aadhaar holder.
- Aadhaar e-KYC biometric based: the digital signature is affixed after a biometric authentication successfully validates the subscriber is the same as the Aadhaar holder
While Aadhaar e-KYC is yet to make its mark in the Indian Corporate world today, there is every reason to believe going forward it will take the center stage and make digital certificate tokens history. Till that time we have to live with the fact that digital signatures mean far less than what a signature or thumb impression conveys on paper which is affixed by the individual authenticating it.