Electronic commerce involves buying and selling of products over electronic systems. The electronic systems which offer the channel for trading electronically include the internet and other computer networks. Electronic trading has risen in the recent past greatly. Electronic commerce goes hand in hand with the following innovations; electronic funds transfer, supply chain management, internet marketing, online transaction processing, electronic data interchange, inventory management and the automated data collection systems. The process of trading is done electronically for virtual contents but physical transportation of the items is also involved at some point of trade. (Sandy, 1998)
Risks associated with implementing the electronic commerce
There are several types of risks which are associated with e-commerce that can jeopardise the whole process of trading. Most of the risks experienced during e-trading involve hackers, viruses and interception of billing information. (Miller et al, 1996)
The charity organisation is also not left behind as far as the risks are concerned. Some of the risks that can affect the organisation include:
i. Data threats: these are posed to the software, files and databases by viruses and other malicious software.
ii. Errors by people: Since the organisation’s computers will be connected to the internet, some employees may get some harmful links in the internet and click on them. There could also be cases of accidental deletion of data.
iii. Credit card and payment fraud: Since the transactions are done electronically, cases of payment fraud are likely to occur.
iv. Hacker threat: This will result as a result of the organisation’s computers being connected to the internet.
v. Website defacement: This can result from a change in the corporate image and a change in web messages. This eventually leads to commercial embarrassment and damage to the corporate image.
vi. Risk to corporate information from the internal staff and trading partners which may result into confidential data being exposed to external parties.
vii. Denial of service attacks: This one involves the use of false messages to bring a business system down. Hackers use s group of computers controlled remotely to attack computers which are connected to the internet. This can also have a potential risk in the implementation of the e-commerce by the organization.
viii. Failure of the hardware.
Methods of avoiding or reducing risks associated with the e-commerce
In order to reduce and avoid the risks, there is need to integrate the business operations of the organization and systems managers into the process of risk analysis. In order to analyze the risks effectively, E-Commerce Risk Management (ECRM) can be implemented. The ECRM can identify potential risk events in their early stages and prevent their occurrence thus leading to low management costs. (Goldstein et al, 1998)
In order to counter the risks, the following can be done:
i. Using digital wallet – This is an encryption software that will ensure that information is available to only the legitimate users.
ii. Using Luhn formula – This is a credit card verification algorithm which will help reduce fraud cases and misuse of other people’s credit cards.
iii. Using smart card – this is a personal electronic memory which will be used to verify the identity of the holder before granting access or availing a particular kind of service.
In order to prevent the occurrence of the risks, the following actions need to be taken:
i. Preliminary Risk Assessment. This is a form of a structured meting between the Organization’s senior managers and the systems managers. It helps to highlight the key issues and areas facing the business for further analysis. This system focuses on the outcomes based on errors, omissions and structural weaknesses.
ii. Detailed Risk Assessment. The project team will develop detailed risk scenarios for each Preliminary Risk Assessment. The senior department heads then views the scenarios and preliminary recommendations for approval.
iii. Controls Implementation. In this case, the senior managers who participated in the Preliminary Risk Assessment review the study findings and recommendations. After the review the recommendations are then implemented.
E-commerce is a very important aspect in trading today. It makes work easier and reduces the costs involved during a transaction. However, the use of e-commerce has greater risks than its potential benefits. There is therefore need to counter these risks before they gain their way into the business establishment. (Parker, 1998)
The risk register gives a summary of the kinds of risks likely to be encountered. It shows the category of risk, its likelihood of happening and how it ranks in the organization (the level of danger it posses or how harmful it is viewed). The risk category shows how they are grouped which is based on the causes and the part of system they affect. Risk name identifies the type of risk. The risk number shows how the risk ranks in the organization. Risk number 1 is considered the most harmful while risk number 6 is considered as the least harmful. The probability column shows the likelihood of the risks happening. The higher the number, the more a risk is likely to occur whereas the smaller the number the smaller the chances of a risk occurring. The risk with the highest probability is the hacker threat with a value of 3 while risks with the smallest value are denial-of-service attacks, website defacement and payment fraud which have a value of 1.
Codding, Sandy (November 9, 1998); Web growth creates new liability risks, National Underwriter, 102:33; p 10
DeCovney, Sherree (November/December 1998); E-commerce comes of age, Journal Of Business Strategy
Goldstein, Linda A. Goldstein and Wood, Douglas J. Wood (December 1997); Marketing in cyberspace: Identifying and evaluating the Legal Risks, Telecommunications, 31, p48-53
Hibbard, Justin (December 7, 1998); Mega web sites InformationWeek, p. 75
Kaufman, Leslie (January 18, 1999); Holiday use sours a few consumers on web shopping, New York Times
McCartney, Laton (April 21, 1997); A safety net, IW: The Management Magazine; 246; p74-76
Miller, Holmes E. and Engemann, Kurt J. (1996); A methodology for managing information-based risk; Information Resources Management Journal; 9:2; 17-24
Parker, Donn (1998); Fighting Computer Crime; New York: John Wiley & Sons, Inc.