Control and Assurance in E-Commerce: Privacy, Integrity and Security at Ebay

33 Pages Posted: 9 Jan 2001 Last revised: 27 Jul 2014

See all articles by Rong-Ruey Duh

Rong-Ruey Duh

National Taiwan University - Department of Accounting

Karim Jamal

University of Alberta - Department of Accounting, Operations & Information Systems

Shyam Sunder

Yale University - School of Management; Yale University - Cowles Foundation

Multiple version iconThere are 2 versions of this paper

Date Written: April 1, 2001

Abstract

Growth of online auctions and other forms of e-commerce has been hampered by concerns about the privacy, integrity, and security of online transactions. To earn the trust of their participants, new e-commerce organizations, like traditional organizations, have to reach the state of expectations equilibrium or control - a state where the actual behavior of participants corresponds to what others expect them to do. Since e-commerce companies provide electronic platforms where buyers and sellers interact directly with each other (as well as with the platform operator), establishing control in e-commerce enterprises requires broadening of the traditional definition of "internal control" to encompass the activities of "outsiders" such as customers, and suppliers.

This paper presents a framework for analyzing the control environment of online auctions and identifies privacy and denial of service attacks as two new classes of risks faced by e-commerce companies. Using the control policies and practices of a leading consumer online auction company (eBay) as an illustrative example, we suggest possible ways of controlling these risks. This analysis identifies the demand for new kinds of assurance services for e-commerce to support privacy, integrity and security of online transactions. E-commerce assurance services available at the end of year 2000 (e.g. WebTrust) fall short of what is needed to establish expectations equilibrium or control in online auction firms. The merits of developing proprietary (e.g., PWC privacy standards) versus industry standards (e.g. WebTrust) for e-commerce assurance services are also discussed.

Keywords: E-commerce, Online auctions, Control, Assurance, Privacy, Integrity, Security

JEL Classification: M40, M46, M49

Suggested Citation

Duh, Rong-Ruey and Jamal, Karim and Sunder, Shyam, Control and Assurance in E-Commerce: Privacy, Integrity and Security at Ebay (April 1, 2001). Taiwan Accounting Review Vol. 3 Issue. 1 pp. 1-27 2002, University of Alberta School of Business Research Paper No. 2013-677, Yale SOM Working Paper No. AC-01, Available at SSRN: https://ssrn.com/abstract=254270 or http://dx.doi.org/10.2139/ssrn.254270

Rong-Ruey Duh (Contact Author)

National Taiwan University - Department of Accounting ( email )

50 Lane 144, Section 4
Taipei 32026
Taiwan

Karim Jamal

University of Alberta - Department of Accounting, Operations & Information Systems ( email )

Edmonton, Alberta T6G 2R6
Canada
780-492-5829 (Phone)
780-492-3325 (Fax)

Shyam Sunder

Yale University - School of Management ( email )

165 Whitney Avenue
P.O. Box 208200
New Haven, CT 06520-8200
United States
203-432-6160 (Phone)

HOME PAGE: http://www.som.yale.edu/faculty/sunder/

Yale University - Cowles Foundation ( email )

Box 208281
New Haven, CT 06520-8281
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
2,691
Abstract Views
15,879
Rank
3,407
PlumX Metrics