34 Pages Posted: 3 Dec 2002
Date Written: September 13, 2002
Concern about privacy, integrity, and security of online transactions hampers absorption of e-commerce technologies as a normal way of doing business. To gain acceptance and trust of their participants, all organizations much achieve control or expectations equilibrium - a state where participants choose to do what others expect of them. Establishing control in e-commerce requires us to expand the traditional view of internal control to encompass the activities of customers, suppliers, and other "outside" users of their electronic platforms. We present a framework for analyzing control in online auctions. Privacy, authentication, and denial-of-service attacks are three classes of risk especially prevalent in e-commerce. Using the control practices of eBay as an illustrative example, we suggest possible ways of controlling these risks. Privacy, integrity, and security of online transactions demand new types of assurance services in e-commerce. We analyze assurance services available in 2002 and discuss challenges and opportunities facing existing services such as WebTrust. The merits of developing proprietary versus industry standards, and simple operational vertification of client-specific policies for e-commerce assurance services are also discussed.
Suggested Citation: Suggested Citation
Duh, Rong-Ruey and Sunder, Shyam and Jamal, Karim, Control and Assurance in E-Commerce: Privacy, Integrity, and Security at eBay (September 13, 2002). Taiwan Accounting Review, Vol. 3, No. l, pp. 1-27, October 2002. Available at SSRN: https://ssrn.com/abstract=350663 or http://dx.doi.org/10.2139/ssrn.350663