Control and Assurance in E-Commerce: Privacy, Integrity, and Security at eBay

Abstract

Concern about privacy, integrity, and security of online transactions hampers absorption of e-commerce technologies as a normal way of doing business. To gain acceptance and trust of their participants, all organizations much achieve control or expectations equilibrium - a state where participants choose to do what others expect of them. Establishing control in e-commerce requires us to expand the traditional view of internal control to encompass the activities of customers, suppliers, and other "outside" users of their electronic platforms. We present a framework for analyzing control in online auctions. Privacy, authentication, and denial-of-service attacks are three classes of risk especially prevalent in e-commerce. Using the control practices of eBay as an illustrative example, we suggest possible ways of controlling these