An Overview

During the past two decades, the business world has witnessed a technological revolution known today as electronic commerce or ecommerce. This revolution has allowed businesses all over the world to conduct business in ways that were unimaginable two decades ago. Through the use of e-commerce technologies, businesses can share and disseminate information electronically and conduct business online so consumers, regardless of their locations, can obtain goods and services from the businesses. Because of the many opportunities e-commerce technologies offer in today’s competitive marketplace, it is essential for organizations to have e-commerce presence and effectively utilize the Internet to expand their businesses. With this Internet presence, ensuring security of their data and sales experiences is of paramount importance. Through the use of effective e-commerce security tools, business can increase their sales,Guy Fitzgerald is professor of information systems at Brunel University and is head of the Department of Information Systems and Computing. Prior to this he was the cable and wireless professor of business information systems at Birkbeck College, University of London, and before that he was at Templeton College, Oxford University. As well as being an academic, he has also worked in the computer industry with companies such as British Telecom, Mitsubishi, and CACI Inc., International. His research concerns the effective management and development of information systems and he has published widely in these areas. He is probably best known for his work in relation to development techniques and methodologies and is the author of a major text in this area entitled Information Systems Development: Methodologies, Techniques and Tools, now in its fourth edition. He is also well known for his research in the areas of strategy, outsourcing, and executive information systems. His most recent research is concerned with the development of flexible information systems to enhance organizational agility. He is founder and co-editor of the Information Systems Journal (ISJ), an international journal from Blackwell Publishing, and he has been a member of many international Program Committees, including the International Conference on Information Systems (ICIS) and the European Conference on Information Systems (ECIS).

Learning from Practice

To learn more about the views and practices of industry practitioners, this chapter outlines the result of an interview with a panel of e-commerce security practitioners who were asked to share their insights, understanding and vision regarding issues related to the practice of e-commerce security. Panel members were chosen based on their experience in the field of ecommerce security and management. Section I of this interview deals with the issues and challenges of ecommerce security. Issues covered in this section include e-commerce security policies, tactics of hackers and security architecture. In Section II of the interview, the participants were asked to provide suggestions and recommendations regarding current challenges, solutions and future issues facing e-commerce security. Panel participants were asked to answer each of the questions to the best of their knowledge, sharing their practical experiences and understanding regarding e-commerce security with the book's audience.

Developing Secure E-Commerce in China

The Chinese government has been keen to develop electronic commerce (e-commerce) as a source of economic growth and modernization. While B2B (business-to-business) online transactions are boosted by state-owned enterprises or government-affiliated businesses, B2C (business-to-consumer) online transactions constitute a very minor proportion of e-commerce activities. Several obstacles have deterred consumers from embracing the Internet for B2C online trading and payment, such as inconvenient electronic payment systems, low public confidence in the insecure electronic networks and inadequate regulatory frameworks. It is imperative for the progress of e-commerce in China that electronic systems are secure, and operating frameworks transparent and stable. Otherwise, this emerging market economy will lag behind in enjoying the economic benefits of e-commerce, an emerging key facet in the World Trade Organization (WTO) environment.

E-Commerce Security Planning

Multiple levels of potential security risk affect all the elements of an e-commerce site. Truly complete security protects three areas: (1) internal network and application services, (2) perimeter network access and application services, and (3) external network and services. To minimize security risks in these areas as well as to raise overall confidence in the e-commerce service, businesses must address problems with practical solutions involving privacy and security. Establishing an e-commerce trust infrastructure encompasses confidentiality, data integrity, non-repudiation and authentication. Striking the right balance between functionality and accessibility in e-commerce demands technical security measures. It also requires management vigilance with non-technical measures such as routine assessments of vulnerabilities, policies, education and a focus on making processes and policies easy to understand and simple to implement and monitor compliance.

E-Commerce Security and the Law

The nature of the Internet as an open network means that it is devoid of central control and regulation. That in turn has exposed the Internet to the caprices and untoward intentions of some of its participants. Online businesses particularly suffer from an explosion of fraudulent activities and breach of security (destruction or theft of data and identity). The law has attempted to catch up with the problems by providing sanctions against perpetrators. Alternative solutions such as technical means and ethical codes of conduct are also in place. However, the creation of a secure network demands more than law or better technology. There is widespread recognition among lawyers, management and information system specialists that the creation of a secure network is part of the broader task of creating a security culture, starting from top management and sustained by clear and easy-to-implement policies.

Rethinking E-Commerce Security in the Digital Economy

The worldwide market for information security services will nearly triple to $21 billion by 2005, up from about $6.7 billion in 2000, according to International Data Corporation. This trend that focuses on information security stresses the translation of strategic business objectives and models into an information systems architecture that combines data process, workflow, financial and simulation models. E-commerce security is a process, not an end result. Managers need to understand how advanced technology creates more robust, scalable and adaptable information systems for the organization dedicated to continuous improvement and innovation. The key questions for assessing status quo and modus operandi are discussed, and some alternative solutions and recommendations are proposed as we look ahead in the digital economy.

Identifying and Managing New Forms of Commerce Risk and Security

Under the system of e-commerce, organisations leave themselves open to attack, which can have catastrophic consequences. This is because new risks and insecurities have emerged brought about by changes in information technology and systems. This chapter outlines the characteristics of openness, virtuality and volatility associated with e-commerce systems and the technological security requirements, such as firewall software, encryption, and digital signatures and certificates. Implications are drawn for effective risk and security management (RSM). These include stakeholder participation, a holistic approach and gaining competitive advantages. From those, recommendations are made to management focusing on the effectiveness of the RSM approach, and ways to provide competitive advantages and a smooth implementation of RSM.

How One Niche Player in the Internet Security Field Fulfills an Important Role

This chapter examines an entrepreneurial effort to provide products in the Internet security marketplace. The specific focus is on a company named Palisade Systems, which is now faced with questions regarding their future business direction in this field (Mahanti et al., 2004). Current questions include how to take advantage of recent legislation regarding privacy and computer security, and the general increase in awareness of the need for security in the Internet and in related networks. In this chapter we discuss the Internet security marketplace, recent legislation and the creation of new opportunities for marketing Internet security products, and how Palisade’s products may match these opportunities.

Security and the Importance of Trust in the Australian Automotive Industry

E-commerce–which is the sharing of business information, maintaining business relationships, and conducting business transactions by means of telecommunication networks–is growing at an exponential rate. The hype and growth of the Internet has attracted the growth of online B2B relationships. Internet business, in the United States alone, is forecast to increase as high as $7.3 trillion in 2004 (Gartner Group, 2000). Alternatively, the spatial and temporal separation between business partners generates an implicit uncertainty around online transactions. Uncertainties may arise when trading partners encounter barriers in communication (such as incompatible e-commerce systems, or lack of uniform standards) that may lead to conflicts. E-commerce adoption, unlike traditional information systems adoption, demands high levels of negotiation, cooperation and commitment from participating organizations. Selecting transaction sets, negotiating legal matters and defining performance expectations can burn up hours of staff time and also demand financial and technological resources. Managers have often cited a lack of trust as the main reason for failed business relationships. O’Hara-Deveraux and Johansen state that “trust is the glue of global work space and technology does not do much to create relationships” (1994, pp. 243-244). One way to ensure security and success of e-commerce is to establish trustworthy business relationships. This chapter aims to discuss the importance of trustworthy business relationships as a means to mitigate risks in EDI in the Australian automotive industry.

Personal Information Privacy and EC

The issue of personal information privacy (PIP) and e-commerce (EC) continues to be debated within the community of Internet users. The concerns of privacy advocates conflict with the concerns of technology growth advocates. The challenges to PIP posed by various forms of EC technology are not the result of the technology itself. Rather it is the uses of the technology that pose the threat to the integrity of PIP. In particular, the surreptitious monitoring of user behavior without the user’s consent and the possible misuse of the collected information are the biggest threats to the growth of EC.