THE INFLUENCE OF SCOPE AND
INTEGRATED EXPERIMENTAL
APPROACHES TO SAFE
ELECTRONIC COMMERCE
Dr.S.S.Riaz Ahamed
Principal, Sathak Institute of Technology, Ramanathapuram, Tamilnadu, India. Email:[email protected], [email protected]
ABSTRACT
The Internet has emerged as an appliance of every day life, accessible from almost every point on the planet. Students across the world are discovering vast treasure troves of data via the World Wide Web. Doctors are utilizing Tele-medicine to administer off-site diagnoses to patients in need. Citizens of many nations are finding additional outlets for personal and political expression. The Internet is being used to reinvent government and reshape our lives and our communities in the process. Electronic Commerce is thus conducting of business communication and transactions over networks and through computers. Most restrictively defined, electronic commerce is the buying and selling of goods and services, and the transfer of funds, through digital communications. Electronic Commerce also includes all inter-company and intra-company functions such as, marketing, finance, manufacturing, selling, and negotiation that enables commerce and utilize file transfer, e-mail, EDI, FAX, video conferencing, workflow, or interaction with a remote computer, including the World Wide Web.
Keywords: American National Standards Institute (ANSI),Secure Electronic Transactions (SET). 1.1 INTRODUCTION
E-commerce requires reliable and robust servers in order to store large amounts of digital content and to distribute the same to consumers. These servers are multimedia storage servers which are large information warehouses handling various contents, ranging from books, newspapers, advertisement catalogs, movies, games, and x-ray images. These servers must handle large-scale distribution, guarantee security and complete reliability. Digitized content eliminates the bulkiness and mechanical unreliability found in the past storage equipment. Frequently requested or accessed content can be stored on relatively expensive chips; content requested less often can be stored on less expensive media like optical disks or magnetic disks. Observers and proponents articulate the thesis that the security issue must be addressed quickly in order for companies to start investing in electronic commerce. There are indications that merchants are taking a wit-and-see attitude in electronic commerce on the Internet until either there is a dominant standard or there is universal software that will support a variety of encryption and transaction schemes. The market is looking for a comprehensive solution (in a software product) that the merchants and banks can use to support all functions. Computer security has several fundamentals goals.
Secure Commerce Requirements
Requirements Description Content security The ability to send information across the Internet in a manner in which
unauthorized entities are not able to read the contents.
Signature The ability to specifically identify the entity associated with the information. Many things may be signed: contents, the message, and, frequently, several signatures may be imbedded in a single message or information unit.
Content integrity The ability to identify modification to the covered information.
Nonrepudiation of origin The ability to identify who sent the information originally versus which intermediary forwarded it.
Nonrepudiation of receipt The ability to identify that the information was received by the final addressed destination in a manner that cannot be repudiated. The information has been opened and interpreted to some degree.
Nonrepudiation of delivery The ability to identify whether the information was delivered to an appropriate intermediary in a manner if cannot repudiate.
Key management The functionality necessary to create, distribute, revoke, and mange the public/private keys.
Secure Transport Protocols
Netscape Communication’s Secure Sockets Layer system and the CommerceNet ‘s Secure HyperText Transfer Protocol offers security by means of transferring information through the Internet and the World Wide Web. SSL and S-HTTP allow the client and servers to execute all encryption and decryption of Web transactions automatically and transparently to the end user. SSL works at the transport layer and it is simpler than S-HTTP which works at the application layer and supports more services (such as firewalls and generation and validation of electronic signatures).
S-HTTP
S-HTTP is a secure extension of HTTP and it is developed by the CommerceNet Consortium. S-HTTP offers security techniques and encryption with RSA methods, along with other payment protocols. S-HTTP supports end-to-end secure transactions by incorporating cryptographic enhancements in transferring the data at the application level for secured transport, but in HTTP authorization mechanisms, the client is required to attempt access and be denied before the security mechanism is employed. S-HTTP incorporates public-key cryptography from RSA Data Security in addition to supporting traditional shared secret password and Kerberos-based security systems.
S-HTTP allows Internet users to access a merchant’s Web site and supply their credit card numbers to their Web browsers; S_HTTP encrypts the card numbers, and the encrypted files are the sent to the merchant. Then, S-HTTP decrypts the files and relays back to the users browsers to authenticate the shoppers’ digital signatures. The transaction proceeds as soon as the signatures are verified.
SSL
Netscape Communication developed the Secure Sockets Layer (SSL) protocol and it is a security protocol that provides privacy over the Internet. The data transmission in client/server applications to communicate cannot be altered or disclosed by using the SSL Protocol. The authentication is permanent in Servers and clients are optionally authenticated. The technology has support for key exchange algorithms and hardware tokens. The strength of SSL is that it is application-independent. HTTP, Telnet, and FTP can be placed on top of SSL transparently. SSL provides channel security (privacy and authentication) through encryption and reliability through the message integrity checks (secure hash functions).
SSL, uses a three-part process.
First, information is encrypted to prevent unauthorized disclosure.
Second, the information is authenticated to make sure that the information is being sent and received by the correct part.
Finally, SSL provides message integrity to prevent the information from being altered during interchanges between the source and sink.
restriction should go away. MasterCard and Visa, as well as many other large corporations, have endorsed SSL for financial transactions.
1.2 SECURE TRANSACTIONS
Payments are the important factor of any transaction and Internet hardware/software vendors has put their efforts in concentrating the factor in secured way. They have made a variety of announcements in the past couple of years related to the support for the most popular security payment protocols. Three methods have evolved in the recent past. Netscape Communications Corporation and Microsoft Corporation have promoted their respective payment protocols and installed them in World Wide Web browsers and servers.
1. SEPP has been championed by MasterCard and Netscape and by other supporters; the American National Standards Institute (ANSI) is fast-tracking SEPP as a standard for the industry.
2. STT was developed jointly by Visa and Microsoft as a method to secure bankcard transactions over open networks. STT uses cryptography to secure confidential information transfer, ensure payment integrity, and authenticate both merchants and cardholders. Confidentiality of information is ensured by the use of message encryption; payment information integrity is ensured by the use of digital signatures; cardholder account authentication is ensured by the use of digital signatures and cardholder credentials, merchant authentication is ensured by the use of digital signatures and merchant credentials; and interoperability is ensured by the use of specific protocols and message formats. 3. At this juncture, it appears that SET will become the industry de facto standard. SET has emerged
recently as a convergence of the previous standards and has a lot in common with SEPP. SET is expected to be rapidly incorporated into industrial-strength “merchantware” already available from Netscape, Microsoft, IBM, and other software sellers.
1.3 SECURE ELECTRONIC PAYMENT PROTOCOL
IBM, Netscape, GTE, CyberCash, and MasterCard have cooperatively developed SEPP- an open, vendor-neutral, nonproprietary, license-free specification for securing on-line transactions. Many of its concepts were rolled into SET, which is expected to become the de facto standard.
There are several major business requirements addressed by SEPP. 1. To enable confidentiality of payment information. 2. To ensure integrity of all payment data transmitted.
3. To provide authentication that a cardholder is the legitimate owner of a card account.
4. To provide authentication that a merchant can accept MasterCard branded card payments with an acquiring member financial institution.
SEPP is the electronic equivalent of the paper charge slip, signature, and submission process. SEPP takes input from the negotiation process and causes the payment to happen via a three-way communication among the cardholder, merchant, and acquirer. SEPP only addresses the payment process; privacy of nonfinancial data is not addressed in the SEPP protocol-hence, it is suggested that all SEPP communication be protected with encryption at a lower layer, such as with Netscape’s SSL. Negotiation and delivery are also left to other protocols.
Process of SEPP
SEPP assumes that the cardholder and merchant have been communicating in order to negotiate terms of a purchase and generate an order. These processes may be conducted via a WWW browser, alternatively, this operation may be performed through the use of electronic mail, via the user’s review of a paper or CD-ROM catalog or other mechanisms.
The SEPP system is composed of a collection of elements involved in electronic commerce.
Cardholder- This is an authorized holder of a bankcard supported by a issuer and registered to perform electronic commerce.
Merchant- This is a merchant of goods, services, and/or e-products who accepts payment from them electronically and may provide selling services and/or electronic delivery of items for sale.
Acquirer- This is a (MasterCard member) financial institution that supports merchants by providing service for processing credit-card based transactions.
Certificate management system- This is an agent of one or more bankcard associations that provides for the creation and distribution of electronic certificates for merchants, acquirers, and cardholders.
These elements for Web commerce exist today and interact through existing mechanisms, with the exception of the certificate management system. In the SEPP systems, these components acquire expanded roles to complement existing functionality into the electronic commerce context.
Several basic transaction messages are required in a SEPP-based environment; when variations to the canonical flow occur, additional data will be required in the supplementary messages.
Messages for SEPP-compliant processing of payment transactions
Purchase Order Request
Authorization Request
Authorization Response
Purchase Order Inquiry
Purchase Order Inquiry Response Additional messages for on-line customer
Initiate
Invoice
Purchase Order Inquiry Response
Messages for off-line transactions or transactions sent to merchant not on-line with the acquirer
Purchase Order Response
In simplified form, the transaction occurs as follows. The buying cardholder begins the transaction by sending the merchant an Initiate message. The merchant responds with an Invoice message containing information used by the buying cardholder to validate the goods and service and the transaction information. The buying cardholder then prepares a Purchase Order Request which contains goods 0and service order validation information and the buying cardholder’s payment instructions which are encrypted in a manner so as to only be decrypted by the acquirer. The merchant receives the Purchase Order Request, formats an Authorization Request, and sends it to the acquirer. The Authorization Request contains the confidential cardholder payment instructions. The acquirer processes the Authorization Request. The acquirer then responds to the merchant with an Authorizations Response. The merchant will respond to the buying cardholder with a Purchase Order Response if a Purchase Order Response message was not previously sent. At a later time, the buying cardholder may initiate a Purchase Order Inquiry ( this transaction is used to request order status from the merchant) to which the merchant will respond with a Purchase Order Inquiry Response.
SET Secure Electronic Transaction
Setting the Stage for Safe Internet Shopping Internet shopping - an enticing concept.
It's the world's largest shopping mall, open 24-hours a day. Just about anything you need or want can be purchased on the Web and delivered right to your door.
Yet in spite of the convenience offered by the Internet, some consumers are reluctant to take advantage of this new shopping mode. They may question an Internet retailer's authenticity, and they may be uncomfortable giving their credit card number over the Internet.
That's why MasterCard is taking a leadership role, working to ensure that using your MasterCard in cyberspace will be as easy and safe as using it in your local store. MasterCard is committed to SET Secure Electronic Transaction TM, soon to be the new standard for secure online shopping. SET will provide a safe and reliable payment process that's also convenient, spontaneous, and universal.
Until SET becomes widely available, MasterCard has some suggestions and programs to help you learn more about being a smart online shopper. MasterCard is introducing the Shop Smart! decal, making it easy for you to identify merchants who are using today's most widely-accepted standards for safeguarding Internet transactions. Within this area of MasterCard's web site, you can learn more about SET, and find out how to be a smart online shopper today.
Experience an Internet shopping spree demonstration using SET.
View the directory of merchants that currently support SET transactions sorted by country or by product.
MasterCard's Shop Smart! decal makes it easy to identify merchants who recognize the value of secure transactions today.
Common sense tips for shopping online today.
Internet Fraud Watch
SET Development Technologies
SET Secure Electronic Transaction at Visa Visa Leads the Way
SET
SET Secure Electronic Transaction LLC
(Membership, Software Compliance Testing, Vendor Information, SETCoTM Web Site) Visa Leads the Way
On February 1, 1996, Visa International and MasterCard announced, with others in the industry, the development of a single technical standard for safeguarding payment card purchases made over open networks. This standard is called the SET SECURE ELECTRONIC TRANSACTIONTM specification. This specification, also known as the SETTM specification, includes digital certificates - a way of verifying the actual cardholder is making the purchase - and will provide financial institutions, merchants, and vendors with a new and safe way of getting the most from the emerging electronic commerce marketplace.
SET - with digital certificates - is as revolutionary as credit cards themselves were back in the 1960s, and is poised to be just as pervasive. We at Visa encourage you to learn about this amazing technology and how it will shape your world. If you would like to review in detail the business and technical sections of SET, click on SET Secure Electronic Transaction LLC. If you would like general information on Visa electronic commerce, read on.
1.4 SET
SET SECURE ELECTRONIC TRANSACTION is a specification designed to utilize technology for authenticating the parties involved in payment card purchases on any type of online network, including the Internet. SET was developed by Visa and MasterCard, with participation from leading technology companies, including Microsoft, IBM, Netscape, SAIC, GTE, RSA, Terisa Systems, and VeriSign. By using sophisticated cryptographic techniques, SET will make cyberspace a safer place for conducting business and is expected to boost consumer confidence in electronic commerce. SET focuses on maintaining confidentiality of information, ensuring message integrity, and authenticating the parties involved in a transaction.
The significance of SET, over existing Internet security protocols, is found in the use of digital certificates. Digital certificates will be used to authenticate all the parties involved in a transaction. SET will provide those in the virtual world with the same level of trust and confidence a consumer has today when making a purchase at any of the 13 million Visa-acceptance locations in the physical world.
SET - with digital certificates - is as revolutionary as credit cards themselves were back in the 1960s, and is poised to be just as pervasive. We at Visa encourage you to learn about this amazing technology and how it will shape your world. If you would like to review in detail the business and technical sections of SET, click on SET Secure Electronic Transaction LLC. If you would like general information on Visa electronic commerce, read on.
SET Secure Electronic Transaction LLC
On December 19, 1997 a new corporate entity called SET Secure Electronic Transaction LLC (a.k.a. SETCo), was formed by Visa and MasterCard to provide the structure that will govern and direct the future development of the SET Secure Electronic TransactionTM protocol, as well as other key functions that are required to support the implementation of this standard. Agreements are scheduled to be finalized in the second quarter of 1998 with American Express and JCB Co., Ltd. to become full partners in SETCo.
will work together to facilitate the adoption of the SET protocol, thereby opening the Internet marketplace and providing greater security for online transactions processed across open networks such as the Internet.
The SET protocol, originally developed by Visa, MasterCard and several technology partners starting in February 1996, is an advance over other Internet security technologies due to its use of digital certificates and encryption technology which enable consumers and merchants to verify the authenticity of the parties involved in a card transaction across the Internet. In addition, SET provides more secure protection of the card numbers and other confidential information sent across the Internet.
As the SET 1.0 protocol was finalized, an infrastructure based on this new technology began to emerge to support large scale usage. For example, software vendors have begun to create the software that consumers, merchants and financial institutions will need in order to take advantage of the security that SET offers, and many Visa and MasterCard Member financial institutions around the world conducted limited scale pilot tests during 1997 in an effort to better understand the requirements for implementing and supporting the use of SET technology.
SETCo is focusing initially on the following two electronic commerce initiatives in support of the SET infrastructure:
The creation, management and maintenance of an Industry Root Key Certificate Authority, which will manage the Industry Root Key - a component of all software that complies with the SET protocol.
The coordination of SET Software Testing and Compliance Services, with Tenth Mountain Systems, Inc., to ensure that the software used by consumers, merchants and payment card companies is fully compliant with the published SET protocol. Only software that passes all aspects of this testing program will be eligible to display the SET trademarks.
The four payment brands plan to meet on a regular basis and will focus on other SET initiatives and activities as needed. The development of new versions of the SET protocol will be initiated by SETCo with the close cooperation of technology partners and financial institutions that are willing to contribute to the joint effort. 1.5 CERTIFICATE FOR AUTHENTICATION
A digital certificate is a foolproof way of identifying both consumers and merchants. The digital certificate acts like a network version of driver’s license – it is not credit, but used in conjunction with any number of credit mechanisms, it verifies the user’s identity. Digital certificates, which are issued by certificate authorities such as VerSign and CyberTrust, include the holder’s name, the name of the certificate authority, a public key for cryptographic use, and a time limit for the use of the certificate. The certificate typically includes a class, which indicates to what degree it has been verified. For example, verisign’s digital certificates come in three classes. Class 1 is the easiest to get and includes the fewest checks on the user’s background: only his or her name and e-mail address are verified. For class 2, the issuing authority checks the user’s driver’s license, social security number, and date of birth. Users applying for a class 3 certificate can expect the issuing authority to perform a credit check using a service such as Equifax. In addition to requiring the information required for a class 2 certificate.
Table: certificate classes
Summary of
confirmation of identity Issuing authority private key protection Certificate applicant and subscriber private key protection Applications implemented or contemplated by users
Class 1 Automated
unambiguous name and e-mail address search PCA: trustworthy hardware; CA: trustworthy software or trustworthy hardware PIN protected encryption software recommended but not required
Web browsing and certain e-mail usage
Class 2 Same as class 1,plus automated
enrollment
information check and automated address check
PCA and CA: trustworthy
hardware
PIN protected encryption
software required
Individual and intra and intercompany e-mail, online subscriptions, password replacement, software validation
Class 3 Same as class 1, plus personal presence and ID documents plus class 2 automated ID check for individuals; business
records for organizations
PCA and CA: trustworthy hardware PIN protected encryption software required; hardware token recommended but not required E-banking, corporate database access, personal banking, membership-based online services, content integrity services, e-commerce server, software validation.
1.6 SECURITY ON WEB SERVERS AND ENTERPRISE NETWORKS
Financial transaction security is a major concern for businesses that offer products or services over the Internet. However, there is also the need for security of the merchant host. This is necessary in order to protect (1) files containing buyer’s information that might reside on the accessible web server; and (2) the overall information platform of the organization.
Two general techniques are available:
1. host- based security capabilities; these are means by which each and every computer on the system is made impregnable.
2. security watchdog systems which guard the set of internal inter-connected systems. Communication between the internal world and the external world must be funneled through these systems. These watchdog systems that deal with security within an organization’s own enterprise network are called firewalls. A firewall allows a business to specify the level of access that will be afforded to network users. Proxies support transactions on behalf of a client in a two step manner.
In general, both methods are required.
An Internet site can set up an anonymous FTP site that allows any outside user to access files at the site. This could be as a stand alone system which is updated only by off-line means or by a physically separate port; or, it could be a system outside the firewall called a bastion. In either case, the host could allow access to all files on the system or to a subset of files. In any event, the access must be at the lowest level of security, otherwise a hacker might either alter or delete files, use that system to jump off to another system, or create denial or service. This must be accomplished using host security mechanisms; the firewall comes into play if the FTP system is located on the organization’s network, for ease of updating.
Host security considerations
Host security is a discipline that goes back to the 1960s. mainframes were perhaps endowed with more rigorous security capabilities than their successors. With even low-end PCs becoming servers, host-based security has suffered for a number of reasons ranging from corporate apathy, to lack of knowledge on the administrator’s part, lack of products, and lack of machine power for running the security packages and the daemons.
organizational losses if some important data is compromised, lost, or improperly disseminated. These reasons should be enough to motivate organizations to develop sound security policies. This discussion focuses only on the matter of not allowing hackers to break in to a web server and compromise the financial information of the organizations web commerce customers.
Table: Some web commerce host security techniques Open access to the company web page to support e-commerce
Configure an external bastion host to function as the public access web server (this could also support other functions, such as FTP)
Universal anonymous access to a FTP server for downloading catalogs and product information
Configure an external bastion host to function as the public access FTP server (this could also support other functions, such as web).
Restricted access to an FTP server to allow preferred customers to downloadd e-products, software, and patches
Configure an external bastion host to function as the FTP server. Or, configure an internal FTP server behind a packet filter; this allows only preferred customers access to the server; and supports full logging of all requests and files transferred.
One-time password support for one-time sales specials, electronic coupons, frequent customers, and so on.
Configure an external bastion host with authentication mechanisms. Or, configure an internal proxy server running advanced authentication schemes such as security dynamics secured card for all return- customers.
1.7 ENTERPRISE NETWORK SECURITY
A firewall supports communication-based security to screen out undesired communications which can caused havoc on the host. Host-based security is a critical element of overall computer security, although it does not scales easily; nonetheless, it must be employed. Ideally, an administrator uses all available tools, including host security and communication gateway security. It is like having two locks on a door: both methods should be used for increased assurance. The firewall deployment in the enterprise network must support the following capabilities:
1. all traffic between the inside and outside must transit through the firewall; and
2. only authorized traffic based on the security policy is allowed transit. The firewall itself must be immune to penetration.
Firewalls act as a single focus for the security policy of the organization and support advanced authentication techniques such as smart cards and one-time passwords. In addition, they prevent the release of informato9n such as DNS and finger information. Furthermore, they provide an identifiable location for logging alarms or trigger conditions.
Firewalls are typically configured to filter traffic based on one of two design policies:
Permit, unless specifically denied. This is weaker because it is impossible to be aware of all the numerous network utilities you may need to protect against. Specifically this approach does not protect against new Internet utilities.
Deny, unless specifically permitted. This is stronger because the administrator can start off with a blank permit list and add only those functions that are explicitly required.
1.8 CONCLUSION
Electronic commerce promises to empower consumers and producers alike with the ability to engage in mutually satisfactory interactions, providing fulfillment in real time over the Internet for the exchange of products, services, or information ("goods"). Fulfillment in real time, offering a complete, self-directing, interactive order processing capability, is the true promise of electronic commerce for business. No technology that is capable of delivering such a promise will remain under-utilized for long.
1.9 REFERENCES
[4] Deise, M. V., C. Nowikow, P. King and A. Wright. 2000. Executive's Guide to E-Business: From Tactics To Strategy. John Wiley & Sons.
[5] McCreary, L. 2008. What was privacy? Harvard Business Review (October): 123-131.
[6] Chapman, Merrill R., In search of stupidity: over 20 years of high-tech marketing disasters (2nd Edition) , Apress, ISBN 1-59059-721-4
[7] Janal, D. S. 1995. Online Marketing Handbook. New York: Van Nostrand Reinhold. ISBN: 0442020589
[8] Arnold, V. 2006. Behavioral research opportunities: Understanding the impact of enterprise systems. International Journal of Accounting Information Systems 7(1): 7-17.
[9] Interactive Advertising Bureau. 2005. Interactive Advertising Basics 2005: 28 Reasons to Use Interactive Advertising. [10] Reid, Robert H. (1997). Architects of the Web: 1,000 Days that Built the Future of Business. John Wiley & Sons. Chapter Seven:
'Hotwired - Publishing on the Web' (pp 300-308) ISBN 0471171875
[11] Strauss, J. and F. Raymond. 1999. Marketing on the Internet: Principles of Online Marketing. New Jersey: Prentice Hall Inc. [12] Sheehy, D. E. 2002. Discussion of An experimental examination of alternative forms of web assurance for business-to-consumer
e-commerce. Journal of Information Systems (Spring Supplement): 55-57.
[13] Shields, M. G. 2001. E-Business and ERP: Rapid Implementation and Project Planning. John Wiley & Sons. [14] Anderson, P. and E. Anderson. 2002. The new e-commerce intermediaries. MIT Sloan Management Review: 53-62. [15] Anthony, J. H., W. Choi and S. Grabski. 2006. Market reaction to e-commerce impairments evidenced by website outages.
International Journal of Accounting Information Systems 7(2): 60-78.
[16] Cronin, M. J. 2000. Unchained Value: The New Logic of Digital Business. Harvard Business School Press.
[17] David, J. S. 2003. Discussion of Information transfer among internet firms: The case of hacker attacks. Journal of Information Systems : 83-86.
[18] Deak, E. J. 2004. Economics of E-Commerce and the Internet with Economic Applications Card. South-Western Educational Publishing.
[19] Knapp, M. 2003. E-Commerce: Real Issues and Cases. South-Western Educational Publishing. [20] Memp, P. 2006. Avatar-based marketing. Harvard Business Review (June): 48-57.
[21] Mensah, N. and L. Velocci. 2006. Market reaction to e-commerce impairments evidenced by website outages: Discussant comments. International Journal of Accounting Information Systems 7(2): 82-86.
[22] Miller, D. 2001. Rod Hoover: Royal & Sun Alliance sheds light on e-business and the state of insurance. Strategic Finance (March): 44-47.
[23] Monahan, S. J. 2002. Discussion of The value relevance of revenue for internet firms: Does reporting grossed-up or barter revenue make a difference? Studies on Accounting, Entrepreneurship and E-Commerce. Journal of Accounting Research: 479-484. [24] Mooney, J. L. and W. D. Pittman. 1996. A guide to electronic commerce. Management Accounting (September): 43-47. [25] Cucuzza, T. G. and J. Cherian. 2001. The internet and e-business: Trends and implications for the finance function. Journal of Cost
Management (May/June): 5-14.
[26] Daigle, R. J. 2004. Discussion of: SportsStuff.com: A case study of XML technologies, e-business processes, and accounting information systems. Journal of Information Systems: 75-77.
[27] Dalton, D. 1999. Is e-business for you? Strategic Finance (March): 74-77.
[28] Anthony, J. H., W. Choi and S. V. Grabski. 2006. Market reaction to e-commerce impairments evidenced by website outages authors' response. International Journal of Accounting Information Systems 7(2): 87-90.
[29] Murthy, U. S. and S. M. Groomer. 2004. A continuous auditing web services (CAWS) model for XML-based accounting systems. International Journal of Accounting Information Systems (5): 139-163.
[30] Murthy, U. S. and S. M. Groomer. 2004. Reply to the discussions of ‘A continuous auditing web services (CAWS) model for XML-based accounting systems’. International Journal of Accounting Information Systems (5): 175-181.
[31] Norris, G., J. R. Hurley, J. Dunleavy and J. Balls. 2000. E-Business and ERP: Transforming the Enterprise. John Wiley & Sons. [32]O'Donnell, E. 2006. Discussion of the influence of scope and timing of reliability assurance in B2B E-Commerce. International Journal
