E-Commerce: The Credit Executive's Latest Challenge

During 1998, many credit executives were focusing on the changes in revenue recognition brought about by SOP 97-2 (see Business Credit, Sept. 1988, SOP 97-2 and Revenue Recognition: Should Credit Executives Know or Care What it Is?).

In 1999, the most important business development to affect credit executives may well be E-Commerce (electronic commerce)

You would have to have been off-planet for the past several months not have heard about E-Commerce. E-Commerce is one of the hottest issues to hit the internet and commercial businesses since its birth.

Up to now, our knowledge of E-Commerce has primarily been confined to use by consumers for the purchase of products or services offered by a variety of purveyors; QVC, E-Trade, On-Sale, E-Bay, Autobytel and numerous catalog houses such as Lands End, Eddie Bauer, Laura Ashley and Victoria’s Secret to name a few.

As the costs associated with using the internet for commercial transactions decreases, and the technology required to support such transactions improves, more and more commercial firms are setting up their own internet storefronts to distribute their products and/or services to other businesses. For the corporate or business purchaser, the seeds of internet commerce were planted in EDI (Electronic Data Interchange). Through already-established dedicated networks between business suppliers and their customers, standardized documents move from computer to computer without being touched by human hands. Putting EDI on the web is now considered as an inexpensive and familiar method of expanding the concept of electronic business.

Customer demands are driving the speed at which vendors provide "on-line" capabilities for doing E-Business. Available software and hardware can now bridge the gap between a company’s internal systems and interactive web applications. Using present-day technology, companies are able to move away from one-way paper-based documents; i.e., purchase orders, to interactive applications that provide value added communications for customer relations.

How big will E-Commerce be? According to a special report published by Merrill Lynch in April 1999, retail sales on the internet should be between $35 billion and $75 billion by 2002. Some sources estimate that business to business transactions over EDI is already about $250 billion annually.

Just think of how labor-intensive the present "order-to-cash process" is: order entry/administration; manufacturing/distribution; shipping; billing; credit approval/collections and cash application

Through an internet store-front, E-Commerce provides your customers with a virtual portal to your company, enabling them to: check availability of products or services; place orders; receive order acknowledgment; receive shipping advice; track order status; receive billing; make payment and retain transaction records.

Many credit professionals may be concerned that the growing popularity of E-Commerce may do away with the need for their expertise. Presently, this appears doubtful. However, most assuredly, the manner in which credit professionals do their jobs will change when their employers initiate E-Commerce. They definitely will have to keep pace with the latest technology. As an example, credit checking will have to be done simultaneously with order receipt. Software presently exists which will perform credit risk analysis, set a credit limit and/or approve an order without human intervention. While some of the daily routines that credit executives are accustomed to performing are becoming automated, nothing will re-place the personal interaction required to maintain good customer relations. Additionally, companies may be required to make fundamental changes in the way they behave as organizations, the way they view themselves and, changes in what things they define as valuable. The challenge that management faces in doing E-Commerce is to maintain a corporate culture that is strong enough to perpetuate innovation and loyalty, but flexible enough to withstand great change.

E-Commerce is not without its own pitfalls; security issues, theft and fraud are just three areas that quickly come to mind. There are also the administrative, support and capacity issues that are unique to this type of operation.

E-Commerce can be broadly categorized into three categories:

1) User-interactive systems

2) Electronic Mail

3) Electron Data Exchange

User-interactive systems are those in which people are connected on-line to other computer systems using a connection that is supplied by a company owned and controlled network or that is supplied by a network provider (Internet Service provider). These connections are used for the exchange of information either via an electronic bulletin board for static information that is to be shared by a group. The other major used of networks today is E-mail that not only contains data like contracts and other proprietary information that may be business critical. All of these forms of communications are in a structured, internationally standardized format. Not all communications are initiated by humans, these systems also have computer driven functions that may automatically reply or forward information based upon content. Electronic Data Interchange (EDI) and Electronic File Transfer (EFT) are two such automated systems.

When planning for E-commerce, a company must be concerned with data theft, data modification, privacy and other legal and liability issues that revolve around confidential information. There are other issues like authentication of users and systems, no-repudiation of data, levels of client and employee access to systems, and capacity that need to be considered before any implementation of a system can begin. There are internal issues that will also need to be resolved like, system support, response to hackers or other potential intrusions, system monitoring and financing. All of this must be answered before the system is put in place to ensure proper security is implemented.

The Internet provides the TCP (Transmission Control Protocol) and the IP (Internet protocol) address for server’s worldwide to be able to identify each other based on a standard addressing system. It provides communication and application services to an international based of business, consumer, education, research, government sites and other organizations. Utilizing an IP address, each user can be granted various levels of access through a virtual storefront. Setting up specific filters and routing on your Web servers and Firewall accomplish this. Firewalls allow authenticated users controlled access to your database. They force traffic of a specific type to go to a specific location and if they are doing stateful inspection of the data, can even spot bad data or other packet data that is used to hack into a system.

Stateful inspection is important for a firewalls functionality to be able to determine if the packet of data traveling through is in fact the actual format that is expected. This means that the e-mail packet that is being moved through your firewall is in fact in the correct format, size and type to be e-mail packet and not another type of packet that has been disguised to look like e-mail by an intruder. This is why UDP traffic is so dangerous, it has no state and is simply an open port that allows any type of traffic through. UDP communications is used for example by real time audio.

Use of Routers in front of and behind firewalls further enhances the capabilities of your system to protect it’s self via address translation. This is to say that the address that is seen on the Internet is not the actual address of the equipment inside your firewall.

Through the use of encryption software, and digital certificates users can secure their individual data better and the merchant can be assured of authenticity of the client. Encryption should be used from before the connection is made so that passwords and ID’s do not pass across you network in the clear where they can be recorded and then re-used. Digital certificates not only authenticate the transmission of data, they also prevent the data from being transmitted more then once. User authentication and application authentication aids in the safe movement of mission critical data.

Secure Electronic Transmission (SET) is a standard for electronic commerce that has been developed by Visa and Master Card. The intent of this standard has several implications. It standardizes the encryption (DES) to be used. It sets up standards for implementations of digital certificates and other controls that will be used for the protection of e-commerce traffic.

The primary problem with e-commerce today that is also not being address is management of digital certificates and possibly the use of electronic tokens. Management of these systems is business critical and needs to be supported from highest levels of management to be successful. The complete architecture of a network and all of its access points needs to be identified and then a structure for secure communications needs to be built.

The above diagram outlines a simple network that will give internal users the ability to connect to the outside world without compromising the corporate web pages. For the purposes of security, these systems should be separated so that if one system is compromised the whole system is not made accessible. By utilizing this architecture, a higher performance will also be available for all involved parties. This diagram is for architecture only and is not a logical design. Logically, the Authentication servers will be located between the firewalls and the Web servers or the internal user community.

Once the connections to complete the transactions has been built the next part of the model will need to be added. How are you going to verify funds, verify address, and authenticate the buying party as actually being the one purchasing the product? Some of this can be resolved by adding outside resources to automate the verification of funds and the verification of location of the purchaser. Verification of the actual buyer is still today and will be in the future a very difficult task. The implementation of Smart Cards and the use of Biometrics will resolve most of these problems. However, as these forms of technology continue to evolve, users will face problems yet to be identified.