The wild child of dot.com e-commerce has grown up. Indeed, the innovators of e-business today are just as likely to be sober traditionalists in insurance or banking.

Organisations simply cannot resist the opportunities to use electronic platforms – often as simple as e-mail – to accelerate business and to establish new links with customers and partners around the world. These opportunities bring new challenges, as the more open a network becomes to e-business, the more prone it is to attack.

A risk manager now not only has to consider risks related to the underlying transaction, but also the risks related to the delivery of the transaction. These include compromises in confidentiality, data integrity, user authentication and accountability, among others.

No business is immune to these risks, with corporate e-mail networks routinely being used to communicate important contracts, personal information and corporate plans.

There is an increasing awareness that companies must carefully consider how they can protect their information and fulfil their responsibilities when using the internet. For example, The Law Society for solicitors in England and Wales recently recommended that its members use encryption when dealing with confidential client information by e-mail.

Bermuda was one of the first countries in the world to enact legislation dealing with the formation of electronic contracts, digital signature validity, personal data protection and on-line dispute resolution, while continuing the island's tradition of ‘sensible regulation'.

Bermuda-based QuoVadis was created to realise the benefits of Bermuda's Electronic Transactions Act 1999 (ETA), and it will become the first authorised certification services provider under the ETA when the guidelines are finalised in mid-2001.

Earlier this year, QuoVadis launched a new tool for multinational organisations to manage the risks and uncertainties associated with electronic business. Combining a robust warranty programme with digital certificate technology, QuoVadis helps manage the risks associated with e-business by allowing organisations to verify the identity of online users as well as to ensure the confidentiality and integrity of data.

The use of digital signatures also allows accountability and legal standing for electronically signed documents, approved actions and business agreements.

While digital certificates have been in use for a number of years, QuoVadis is one of a growing number of certificate authorities to offer high authentication certificates tailored to the business world.

According to Tony Nagel, CEO of QuoVadis, “Rather than locking information away, e-security risk management solutions enable organisations to conduct worldwide e-business securely and to interact more effectively with their employees, customers and partners.”

QuoVadis received developmental funding from leading Bermuda insurer Centre Solutions and its ‘eVentureCentre' incubator. In a departure from the more expected offerings from Centre Solutions, the eVentureCentre invests in early-stage e-commerce businesses that either leverage Bermuda's international business environment or provide important technical infrastructure for the offshore world.

Without borders
In past years, the media frequently portrayed the internet as a cyberworld without borders. However, as the value of e-business has increased, jurisdiction over the internet has become very important. For example, nearly 70 countries around the world have now enacted digital signature legislation.

“While the internet itself may be borderless, business is not – businesses want to align with the legal, tax and regulatory frameworks of certain countries whether they are in the real world or cyberspace,” explained Mr Nagel. “Companies in the offshore sector, such as the Bermuda insurers, are particularly sensitive to jurisdiction and prefer to use an offshore certificate authority to enable their e-business.”

The QuoVadis Limited Warranty provides protection to the direct participants of electronic transactions in which a QV certificate plays a material role in authenticating the identity of one or more parties to the transaction. Under certain conditions, the warranty reimburses QuoVadis subscribers and relying parties for economic loss due to reliance on QV certificates.

QuoVadis offers higher protection levels in its warranty programme than most onshore commercial certification authorities.

“Our target market includes some of the brightest minds in the insurance business, so we have designed a warranty programme to meet the needs of the most conservative risk managers,” said Mr Nagel. “Our clients in the offshore world deal with high-value information every day, from both a monetary and a reputational perspective. The QuoVadis warranty will allow them to move their businesses online with confidence.”

QuoVadis offers several classes of digital certificates for both individual and corporate use. For example, a corporate class certificate that identifies both the user and their employer could provide $250,000 of warranty protection per transaction to authorised relying parties.

In addition to the warranty benefits, many companies seek to outsource their digital certificate needs to QuoVadis to control their risk exposure.

QuoVadis Vice president Stephen Davidson comments, “Few companies have the economies of scale, appropriate facilities, and PKI expertise needed to properly operate a certificate authority. A bad certificate can spoil your transaction – but a compromise in your certificate authority can ruin your business.”

“QuoVadis provides a complete framework of technology solutions, operating standards, and legal agreements that have been certified to international standards. QuoVadis can get a company using digital certificates in a matter of weeks, rather than months, while controlling the costs of implementation.”

Key e-Security Terms

Public Key Cryptography: Ensures confidentiality by encrypting a message using public and private keys in association with an algorithm.

Digital Signature: Links individuals to documents, actions or events using cryptography.

Digital Certificate: An ‘electronic ID' that vouches for the user's identity; carries public key and is used to encrypt messages and create digital signatures.

Registration Authority: An agent of the Certificate Authority that confirms the identity of users before they receive a digital certificate.

Certificate Authority: The secure trusted third party that issues and manages digital certificates.