Chapter 12

Electronic
Commerce
Systems
Learning Objectives
■ Be acquainted with the topologies that are employed
to achieve connectivity across the Internet.
■ Possess a conceptual appreciation of protocols and
understand the specific purposes that several
Internet protocols serve.
■ Understand the business benefits associated with
Internet
commerce and be aware of several Internet business
models.
■ Be familiar with the risks associated with intranet
and Internet electronic commerce.
■ Understand issues of security, assurance, and trust
pertaining to electronic commerce.
■ Be familiar with the electronic commerce implications
for the accounting profession.
 What is E-commerce?
- electronic processing and transmission of data.
• electronic buying and selling of goods and services
• online delivery of digital products
• electronic funds transfer (EFT)
• electronic trading of stocks
• direct consumer marketing

INTRAORGANIZATIONAL Internet Technologies

NETWORKS AND EDI • Packet Switching
• Virtual Private Networks (VPN)
Electronic Commerce Technologies
• Local area networks (LANs)
• Extranets
• Wide area networks (WANs) • World Wide Web
• EDI

Internet Commerce INTERNET ADDRESSES

Examines:
3 Types of Addresses for communications:
• technologies
1. E-mail addresses
• benefits
2. Web site URL addresses
• risk
3. Internet protocol (IP) addresses of
• security issues
individual computers attached to a network
 Protocols Benefits from Internet Commerce

7 Layer of Protocol • Access to a worldwide customer

Model and/or supplier base.
1. Transfer Control • Reductions in inventory investment
Protocol/Internet and carrying costs.
Protocol (TCP/IP) • The rapid creation of business
2. File Transfer Protocol
(FTP) partnerships to fill market niches as
3. Simple Network Mail they emerge.
Protocol (SNMP) • Reductions in retail prices through
4. Secure Sockets Layer lower marketing costs.
(SSL)
5. Network News Transfer • Reductions in procurement costs.
Protocol (NNTP) • Better customer service.
6. Hyper Text Transport
Protocol–Next Internet Business Models
Generation (HTTP- • Information Level
NG) • Transaction Level
7. Hypertext Markup • Distribution Level
Language (HTML)
SECURITY, ASSURANCE, AND TRUST
Trust is the catalyst for sustaining electronic commerce. Both consumers and
businesses are drawn to organizations that are perceived to have integrity. Organizations
must convey a sense that they are competent and conduct business fairly with their
customers, trading partners, and employees.

encryption
algorithm Encryption
Clear text Cipher text Encryption is the conversion
of data into a secret code for
Coded storage in databases and
equivalent transmission over networks.
decode

Cipher text Clear text Ceasar cipher- send coded messages to his
generals in the field
key algorithm
-mathematical value that the sender -procedure of shifting each letter in
selects the clear text message into a number
of position that the key value
indicates
Digital Authentication Firewalls
A firewall is a system used to
insulate an organization’s intranet
from the Internet. It can be used to
authenticate an outside user of the
network, verify his or her level of
access authority, and then direct
the user to the program, data, or
service requested. In addition to
insulating the organization’s
network from external networks,
firewalls can also be used to
protect LANs from unauthorized
internal access.
A common configuration
employs two firewalls: a network-
level firewall and an application-
level firewall. The network-level
firewall provides basic screening
of low-security messages (for
example, e-mail) and routes them
to their destinations based on the
source and destination addresses
attached.
RISK ASSOCIATED WITH ELECTRONIC COMMERCE

Intranet Risk
Interception of Network Messages
-Sniffing or unauthorized interception of information such as user
IDs, passwords, confidential e-mails, and financial data files

Access to Corporate Databases

-Intranet connected to central databases increases the risk that data
will be accessible by employees

Privileged Employees
-override privileges may permit unauthorized access to mission-
critical

Reluctance to Prosecute
-fear of negative publicity promotes reluctance to prosecute the
criminals which encourages criminal behavior
 Internet Risk
RISK TO CONSUMERS
Major areas of concern:
• THEFT OF CREDIT CARD
NUMBERS
• THEFT OF PASSWORDS
• CONSUMER PRIVACY
RISK TO BUSINESSES
• IP SPOOFING
• DENIAL OF SERVICE ATTACK
• MALICIOUS PROGRAMS
IMPLICATIONS FOR ACCOUNTING PROFESSION
The issues discussed in this chapter carry many implications for auditors and the public
accounting profession. As key functions such as inventory procurement, sales processing,
shipping notification, and cash disbursements are performed automatically, digitally, and in
real time, auditors are faced with the challenge of developing new techniques for assessing
control adequacy and verifying the occurrence and accuracy of economic events.

“Privacy Violation"
Safe Harbor Agreement requires that
Privacy pertains to the
a company meet six conditions such
level of confidentiality that
as:
an organization employs in
managing customer and
trading partner data. • NOTICE • SECURITY
The growing reliance • CHOICE AND DATA
on Internet technologies for • ONWARD INTEGRITY
TRANSFER • ACCESS
conducting business has
placed the spotlight on • ENFORCEM
ENT
privacy violation as a factor
that is detrimental to a client
entity.
 “Continuous Auditing" "Authentication" “Data Integrity“
Continuous auditing In traditional systems, A non-repudiated
techniques need to be developed the business paper on which it transaction from an authentic
that will enable the auditor to was written determines the trading partner may still be
review transactions at frequent authenticity of a sales order intercepted and rendered
intervals or as they occur. inaccurate in a material way.
from a trading partner or
customer. In electronic
“Electronic Audit Trails" “Access Controls"
commerce systems, Controls need to be in place
In an EDI environment, a
client’s trading partner’s computer
determining the identity of the that prevent or detect
automatically generates electronic customer is not as simple a unauthorized access to an
transactions, which are relayed task. organization’s information
across a value-added network system.
(VAN), and the client’s computer "Nonrepudiation“
processes the transactions without Accountants are "A Changing Legal
human intervention. responsible for assessing the Environment"
accuracy, completeness, and Accountants have
"Confidentiality of Data" validity of transactions that traditionally served their clients
As system designs become constitute client sales, by assessing risk (both business
increasingly open to accommodate accounts receivable, and legal) and devising
trading partner transactions, purchases, and liabilities. techniques to mitigate and control
mission-critical information is at risk. This risk-assessment role is
Transactions that a trading
risk of being exposed to intruders greatly expanded by Internet
partner can unilaterally
both from inside and outside the commerce, whose legal
repudiate can lead to
organization. framework is still evolving in a
uncollected revenues or legal business environment fraught
action. with new and unforeseen risks.