In today’s internet-driven world, online transactions have become increasingly significant, allowing people to conduct various activities without leaving their homes. However, online transactions also come with risks, particularly in terms of data falsification leading to various fraudulent activities. Therefore, organizations like ETDA play a crucial role in enhancing security and elevating the efficiency of E-Commerce businesses in Thailand.
So, who is ETDA, and what is its role in shaping the digital landscape? This article aims to provide answers to these questions.
What is ETDA and what role does it play in the digital society?
ETDA, short for Electronic Transactions Development Agency, is a governmental organization under the supervision of the Ministry of Digital Economy and Society. Its primary responsibility is to establish regulations and oversee electronic transactions and related services to foster a secure and reliable digital economy.
ETDA plays a pivotal role across various sectors, including:
- G2X: Facilitating interactions between the government and other sectors, such as businesses and citizens.
- B2X: Supporting business-to-business transactions and interactions between businesses and citizens.
- C2C: Enabling interactions among citizens, such as through social media platforms.
ETDA’s mandate extends to all dimensions of electronic transactions, spanning from governmental to private and public sectors. With the inherent risks associated with online transactions, including fraud and data breaches, ETDA, as a government entity, is tasked with overseeing, regulating, and promoting efficient E-Commerce businesses in Thailand.
The Role of ETDA in Promoting EKYC Systems in the Business Sector
ETDA plays a crucial role in supporting the development of online transactions and various E-Commerce initiatives in Thailand, aiming to enhance their efficiency. One of its key missions is to promote identity verification through Electronic Know Your Customer (EKYC) systems.
EKYC systems for businesses provide online identity verification services that can be integrated into the organization’s applications or websites. This elevates security and convenience in online transactions for both users and businesses.
The implementation of EKYC in businesses involves various identity verification processes, including:
- Identity and identity linkage verification, such as facial scanning, to compare the person’s identity with the ID card used for verification.
- Authentication methods linking the verified identity to the authentication tool, such as using ID cards or fingerprint scans.
- Identity confirmation, which verifies that the person’s identity matches the information provided for verification.
What are IAL and AAL standards, and how do they differ?
Due to the various risks associated with electronic transactions, ETDA has established guidelines and standards for using Digital ID in business applications. These include defining Identity Assurance Levels (IAL) and Authenticator Assurance Levels (AAL).
1. Identity Assurance Levels (IAL):
IAL refers to the level of identity verification for users of online transaction services, ensuring confidence that the person applying for the service is indeed the same as the individual represented in the system. IAL helps prevent identity fraud or impersonation and is categorized into three levels of verification intensity:
1.1 IAL1: This level gathers identity information such as ID cards or passports but does not verify data linked to the identity between individuals.
1.2 IAL2: A higher level of identity confirmation, particularly suitable for businesses with medium to high-risk profiles. IAL2 is further subdivided into three sub-levels:
- IAL2.1: Includes face-to-face or online identity verification through applications, using card readers (Dip Chip) to compare and verify data on the chip.
- IAL2.2: Similar to IAL2.1 but also involves online status verification.
- IAL2.3: Similar to IAL2.2 but includes biometric checks, such as facial recognition or fingerprint scanning, to verify the identity of individuals.
1.3 IAL3: The most stringent level of identity verification, requiring dual-document verification (e.g., ID cards and passports) and face-to-face identity confirmation or video calls to compare facial images from identity documents.
2. Authenticator Assurance Levels (AAL):
- AAL refers to the credibility of the means used to confirm identity, aimed at reducing errors in identity verification. This process begins after the user has passed identity verification. AAL is categorized into three levels:
- AAL1: Single-factor authentication, where identity is confirmed using only one factor.
- AAL2: Two-factor authentication, where identity is confirmed using two factors.
- AAL3: Two-factor authentication with the requirement of using cryptographic devices.
Summary:
It is evident that EKYC plays a crucial role in identity verification, especially for current E-Commerce businesses. ETDA has a significant role in setting standards for the reliability of identity verification, such as IAL and AAL, which help increase confidence in both businesses and users that the received data is secure and trustworthy