Overview

I. Internet Commerce

II. Risk Associated with Electronic

Commerce

III. Security, Assurance and Trust

IV. Implications for the Accounting

Profession
1 Internet
Commerce
Internet Technologies

Protocols

Internet Protocols

Benefits from Internet

Commerce
 Internet Commerce

Internet Technologies
Packet Switching Extranets
messages are divided into small packets a password controlled
each packet of the message takes a network for private users
different routes
World Wide Web
Virtual Private an Internet facility that links
Network users locally and globally
a private network within a public Internet addresses
network
e-mail address
URL address
IP address
 Internet Commerce

Protocols
Its function
facilitate the synchronize provide a promote
physical the transfer of basis for error network
connection data between checking and designs that
between the physical measuring are flexible,
network devices network expandable,
devices performance and cost-
effective.
 Internet Commerce

Internet Protocols
Transfer Control Protocol/Internet Protocol (TCP/IP)

controls how individual packets of data

are formatted, transmitted, and Simple Network Mail Protocol (SNMP)
received
e-mail
Hypertext Transfer Protocol (HTTP)

controls web browsers Secure Sockets Layer (SSL) and Secure

Electronic Transmission (SET)

encryption schemes
File Transfer Protocol (FTP)

used to transfer files across the internet

 Internet Commerce

Benefits of Internet Commerce

Access to a Rapid creation of Reductions in
worldwide customer business partnerships procurement costs
and/or supplier to fill emerging
base market niches
Reductions in Reductions in retail Better customer
inventory prices through lower service
investment and marketing costs
carrying costs
 Internet Commerce

Internet Business Models

Distribution level
using the Internet to sell and
deliver digital products to
Transaction level customers

using the Internet to accept

Information Level orders from customers and/or
to place them with their
-using the Internet to display suppliers
and make accessible
information about the
company, its products, services,
and business policies
 Internet Commerce

Dynamic Virtual Organization

2 Risk Associated with
Electronic Commerce

What is risk?

Intranet Risks

Internet Risks
 Risk Associated with Electronic Commerce

Intranet Risk
Intercepting network messages Privileged employees
sniffing: interception of user IDs, passwords, override privileges may allow unauthorized
confidential e-mails, and financial data files access to mission-critical data

Accessing corporate databases Reluctance to prosecute

connections to central databases increase fear of negative publicity leads to such
the risk that data will be accessible by reluctance but encourages criminal behavior
employees
 Risk Associated with Electronic Commerce

Internet Risks- Consumers

Consumer
privacy
Theft of (cookies)
Theft of passwords
credit card
numbers
 Risk Associated with Electronic Commerce

Internet Risks- Business

IP spoofing Privileged employees
masquerading to gain access to a Web override privileges may allow unauthorized
server and/or to perpetrate an unlawful act access to mission-critical data
without revealing ones identity

Other malicious programs:

viruses, worms, logic bombs, and Trojan

horses pose a threat to both Internet and
Intranet users
 Risk Associated with Electronic Commerce

Three Common Types of DOS Attacks

Smurf
the DOS attacker uses numerous
intermediary computer to flood the
target computer with test
messages, pings.
SYN Flood Distributed DOS
when the three-way handshake
needed to establish an Internet (DDOS)
connection occurs, the final can take the form of Smurf or SYN
acknowledgement is not sent by attacks, but distinguished by the vast
the DOS attacker, thereby tying-up number of zombie computers hi-
the receiving server while it waits. jacked to launch the attacks.
3 Security, Assurance
and Trust

Encryption

Digital Authentication

Firewalls

Seals of Assurance
 Security, Assurance and Trust

Encryption
A computer program
transforms a clear message
into a coded (ciphertext) form
using an algorithm.
 Security, Assurance and Trust

Digital Authentication
Digital Signature
electronic authentication technique that ensures that the transmitted message originated
with the authorized sender and that it was not tampered with after the signature was
applied

Digital Certificate
like an electronic identification card that is used in conjunction with a public key encryption
system to verify the authenticity of the message sender
 Security, Assurance and Trust
Firewalls
Network Level Firewalls
low cost/low security access
control
uses a screening router to its
destination
does not explicitly authenticate
outside users
penetrate the system using an IP
spoofing technique
Application Level Firewall
high level/high cost customizable
network security
allows routine services and e-mail
to pass through
performs sophisticated functions
such as logging or user
authentication for specific tasks
 Security, Assurance and Trust

Seals of Assurance
Trusted third-party organizations offer seals of assurance
that businesses can display on their Web site home pages:

BBB
TRUSTe
Veri-Sign, Inc
ICSA
AICPA/CICA WebTrust
AICPA/CICA SysTrust
4
Implications
for the
Accounting
Profession
Implications for the Accounting Profession

Privacy Violation
 Implications for the Accounting Profession

Privacy Violation- Major Issues

sharing or
a stated
selling of
privacy policy ability of individuals
and businesses to information
verify and update
information captured
what information is consistent
about them
the company application of stated
capturing privacy policies
 Implications for the Accounting Profession

Continuous Auditing
intelligent control agents
auditors review
transactions at heuristics that search electronic
transactions for anomalies
frequent
intervals or as
they occur
 Implications for the Accounting Profession

Electronic Audit Trail

electronic
transactions no paper audit
generated trail
without human
intervention
 Implications for the Accounting Profession

Confidentiality of data
open system designs
allow mission-critical
information to be at the
risk to intruders
 Implications for the Accounting Profession

Authentication
in e-commerce systems,
determining the identity
of the customer is not a
simple task
 Implications for the Accounting Profession

Nonrepudiation
repudiation can use digital
lead to signatures and
uncollected digital
revenues or certificates
legal action
 Implications for the Accounting Profession

Data Integrity
determine whether data
has been intercepted
and altered
Implications for the Accounting Profession

Access Controls
prevent unauthorized
access to data
 Implications for the Accounting Profession

Changing Legal Environment

provide client with
estimate of legal
exposure