Risk and Security Issues for Electronic Commerce Practice

This paper outlines research in progress for defining security, control and audit issues in Electronic Commerce (EC). The research involves focused interviews with expert developers, security consultants and both internal and external auditors. This work builds on previous research into Security and Audit of Electronic Data Interchange (EDI) and uses this as the basis for building a framework of risks, security and controls for auditing electronic commerce. The preliminary research results will be validated by a survey considering the importance of these aspects and the involvement of audit and security personnel in developing EC systems. The results should provide for a framework for managing EC security, control and the identification of EC future audit techniques. These results should then allow the development of audit techniques to assist in the management of EC, primarily decision aids, with the potential to look towards embedded audit technologies. The challenge for researchers is to feedback results of EC research, as described above, so that IS practitioners may take advantage of the findings to improve the security, control and auditability of future EC systems

Identification of Issues in E-Crime and Forensic Computing

As organisations around the world have embraced the Internet and e-Commerce, so too have commercial criminals. e-Fraud is a multi-billion dollar threat to organisations, and like any other crime, these e-Crimes should be brought to justice. The process of gathering electronic evidence of an e-Fraud is known as forensic computing. This paper addresses the issues that law enforcement, private forensic specialists, network administrators, and e- Businesses face when attempting to prosecute e-Crimes. Through a research forum focus group these issues were identified and prioritized so that the computer forensic community can then identify the existing strengths, weaknesses and threats, and thereby introduce a strategy that allocates scarce resources and skills to the most needed areas

Association for Information SystemsAmericas Conference on Information SystemsEDI Risks, Security and Control: An Australian Survey

Electronic Data Interchange (EDI) is the inter-change of business documents between organisations in a structured, machine-retrievable data format, allowing data to be transferred, without re-keying, from an application in one location to an application in another location (Hansen and Hill, 1989). Security and controls are important in EDI because its widespread use as a business tool has not only changed the way business is conducted, but also introduced potential new risks which need to be addressed. In particular, cross-vulnerabilities which exist between inter-dependent trading partners in an EDI network put companies at risk due to the domino effect of one partner\u27s errors or security failures compromising the integrity of other partners\u27 systems (Marcella and Chan, 1993; Chan et al, 1991; ICAEW, 1992). Furthermore, the automation with which transactions are processed at high volume and speed has led to reduced opportunities to spot problems using human intuition (ICAEW, 1992). To explore organisational attitudes towards EDI risks and the importance of control issues, research was conducted on EDI-using organisations in Australia using a survey and case study approach. The primary aim of the survey is to obtain organisational perceptions on EDI risks, the importance of EDI controls, and the risks and controls considered important in EDI. The case study gives an in-depth perspective on the strategic and management issues considered by a major EDI-using organisation to achieve a successful EDI implementatio

Integrating Trust and Risk Perceptions in Business to Consumer Electronic Commerce with Technology Acceptance Model

This paper develops and validates a theoretical extension of the Technology Acceptance Model (TAM). The extended model aims to predict and explain consumers’ intentions to transact with an Internet-based business-to-consumer electronic commerce (B2C EC) system by integrating trust and risk perceptions with TAM. Trust is the foundation of commerce. Its influence on business relationships is even greater in the online environment, where there are no face-to-face interactions between the transacting parties. Under these conditions, consumers\u27 uncertainty on the transaction outcome would increase, and trust plays an important role in their decision to transact online. In this study, perceived risk is proposed to be a direct antecedent of intention to transact, and the various dimensions of trust are proposed to have a positive influence on perceived risk. Besides testing the model, the relative importance of the trust dimensions is also examined. The model was validated using data collected from 133 subjects. The results provided substantial support for most of the proposed hypotheses and showed the significance of the extended constructs. Several new insights on trust in B2C EC were found and their theoretical implications are discussed

Participants Involved In Identity Fraud

This paper sets out a model of the participants involved in identity fraud. This model will be verified through discussions with industry experts from key Australian organisations involved in and impacted by identity fraud