Legal Identifiers in Digital Certificates

Share this:

In the business and financial circles it is likely you would have come across the term Legal Entity Identifiers. Put simply, it is a unique alphanumeric 20-character code which is used to identify legal entities that undertake investment transactions in ‘reportable financial instruments’. If you hold any form of investment, from stock to company shares or bonds, it is important to have a Legal Entity Identifier. The unique code is used to help the Financial Conduct Authority (the FCA) detect if any market abuse is taking place and help prevent fraudulent transactions. But how does this tie into Digital Certificates? Here we explain.

What is a digital certificate?

A digital certificate is a tool that uses public-key cryptography to encrypt information between entities. An entity could be anything from people to organizations or physical “things” such as devices. The way it works is that both the recipient and sender of a transaction have a set of public and private digital keys. Public keys are available on a trusted database and private ones are kept on the device of both parties. Senders will encrypt their message with the public key and the only way for this to be decrypted is through the corresponding private key. Digital Certificates (such as an SSL/TLS certificate) ensures that the signing and encrypting will happen and is secure. Digital certificates are vital for keeping the internet safe and secure, however, encryption may not always be enough to keep unwanted criminal or malware attacks at bay. You can keep something encrypted but if it is unknowingly being sent directly to a criminal – such as through a phishing site posing as something legitimate that you’ve put your card details to – you could find yourself on the wrong side of a fraudulent attack.

What is it important?

Criminals stealing your data is why it is so important to know who exactly is receiving your information – particularly sensitive information such as card details or personal info such as your address. This is where Legal Entity Identifiers come in. Since they were first introduced in 2018, they have been dubbed as the new tool to help save the Know Your Customer (KYC) and other due diligence processes when signing up a new customer. By combining the use of LEI’s with digital certificates, the system could be improved even further. LEI’s are not yet integrated with all types of digital certificates, but it’s worth looking into those that are out there and available to be obtained – a Digital Signing Certificate with an LEI is an example of this. 

How to check it is legitimate

As said above, one of the most common ways criminals intercept online communications is by making fake websites and tricking users into submitting personal information. They often create fake URLs that look very similar to the actual ones and can easily be missed. Legal Entity Identifiers have a publicly available database which means you can lookup LEI’s and confirm the true identity behind a certificate, instantly determining if it is true. This added level of security ensures people trust the transaction and means your personal card details are kept secure.

Where will it go from here?

While the above is a great way to ensure all websites we use are safe, it isn’t necessarily the most practical. Many won’t bother checking every single website’s LEI before using it. However, with the implementation of Legal Entity Identifiers in digital certificates, browsers can integrate with the LEI database, showing your company names and maybe even linking to the real website instead of the fake one in the browser. At present, Legal Entity Identifiers in Digital Certificates can add transparency and assurance that wasn’t previously available to high-level B2B transactions.