英文摘要 |
stract: Concern about privacy, integrity, and security of online transactions hampers absorption of e-commerce technologies as a normal way of doing business. To gain acceptance and trust of their participants, all organizations must achieve control or expectations equilibrium—a state where participants choose to do what others expect of them. Establishing control in e-commerce requires us to expand the traditional view of internal control to encompass the activities of customers, suppliers, and other 'outside' users of their electronic platforms. We present a framework for analyzing control in online auctions. Privacy, authentication, and denial-of-service attacks are three classes of risk especially prevalent in e-commerce. Using the control practices of eBay as an illustrative example, we suggest possible ways of controlling these risks. Privacy, integrity, and security of online transactions demand new types of assurance services in e-commerce. We analyze assurance services available in 2002 and discuss challenges and opportunities facing existing services such as WebTrust. The merits of developing proprietary versus industry standards, and simple operational verification of client-specific policies for e-commerce assurance services are also discussed. |