Control and Assurance in E-Commerce: Privacy, Integrity, and Security at eBay
National Taiwan University - Department of Accounting
Yale University - School of Management
University of Alberta - Department of Accounting, Operations & Information Systems
September 13, 2002
Yale ICF Working Paper No. 02-38
Concern about privacy, integrity, and security of online transactions hampers absorption of e-commerce technologies as a normal way of doing business. To gain acceptance and trust of their participants, all organizations much achieve control or expectations equilibrium - a state where participants choose to do what others expect of them. Establishing control in e-commerce requires us to expand the traditional view of internal control to encompass the activities of customers, suppliers, and other "outside" users of their electronic platforms. We present a framework for analyzing control in online auctions. Privacy, authentication, and denial-of-service attacks are three classes of risk especially prevalent in e-commerce. Using the control practices of eBay as an illustrative example, we suggest possible ways of controlling these risks. Privacy, integrity, and security of online transactions demand new types of assurance services in e-commerce. We analyze assurance services available in 2002 and discuss challenges and opportunities facing existing services such as WebTrust. The merits of developing proprietary versus industry standards, and simple operational vertification of client-specific policies for e-commerce assurance services are also discussed.
Number of Pages in PDF File: 34Accepted Paper Series
Date posted: December 3, 2002
© 2015 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo8 in 0.375 seconds