New APEC Guidelines for Secure International E-Commerce Transactions

Guidelines to make e-commerce transactions across borders more secure and simple have been released by the APEC eSecurity Task Group (eSTG).

The Public Key Infrastructure (PKI) guidelines will be used for a range of transactions including the formalization of contracts, shipping documentation, customs and quarantine clearance and taxation and online consumer purchases.

Chair of the APEC eSTG, Mr. David Hickman, said the PKI Guidelines have been designed to ensure that they are compatible with industry standards already in use in Europe and can be adopted by developing economies.

"The eSTG undertook a comparison of existing schemes to identify a class of digital signature standard suitable for e-commerce around the region," Mr. Hickman said.

"We recognised that any approach developed for APEC must also be able to interact with other standards, particularly those being used in Europe. These guidelines will foster the interoperability of PKI schemes, which will assist developing economies who are improving their e-commerce capacity to interact at a global level.

"Past standards have provided guidance in developing secure electronic transaction facilities, however these have not always addressed legal issues relating to the cross jurisdiction recognition of certificates. As a result differences between standards have emerged that have the potential to impede transactions and undermine the regional potential of e-commerce."

Mr. Hickman highlighted the work of the team that developed the guidelines which he said would be valued around the region.

"The eSTG is most appreciative of the work of Mr. Steve Orlowski from Australia working with experts from Australia, Canada, Hong Kong China, Singapore, the United States and the European Union," Mr Hickman said.

"This has been a major exercise over an extended period that will make e-business more secure and easier for people right around APEC region.

The final report, "APEC Guidelines for Schemes to Issue Certificates Capable of Being Used in Cross Jurisdiction Ecommerce," is now available.

PKI is a secure method for exchanging information via the Internet and makes use of a system known as public key cryptography to ensure transactions are secure. PKI uses digital signature certificates that authenticate electronic activities carried out between individuals, governments and companies.

The guidelines are based on RFC 3647, which addresses policy and technical aspects of PKI that came into effect in November 2003. The RFC (Requests for Comments) document series is a set of technical and organizational notes about the Internet that began in 1969 to discuss many aspects of computer networking, including protocols, procedures and programs.

The APEC eSecurity Task Group is part of the APEC Telecommunications and Information Working Group (APEC TEL) .