Ensuring E-trust

FRAMINGHAM (03/10/2000) - There's only one thing that can slow down the Internet and e-commerce growth surge: a loss of confidence among customers about the protection of their privacy and the security of systems. To date, there have been surprisingly few safety problems with online business.

While there are plenty of hackers and crackers causing damage and creating worries about spam, fraud and the misuse of customer data in cookies, all in all, the online world has been safe enough.

But what happens if that changes? Already in this new century, there are plenty of warning signs of problems to come - and they may come very soon.

Internet business success requires alliances between business and technology groups: between marketing and information technology for customer and revenue growth, because customer relationship management is high on this year's agenda; between operations and marketing to ensure process integration in such areas as order fulfillment; and between operations and IT in handling network scalability, for example.

And for customers to trust their online relationships with a company, there must be a major alliance between IT and the financial control and audit function. Yes, IT needs to build proactive links and conversations with the green-eyeshade crew, and the accountants will have to deal with the techies.

This alliance is needed because there has to be a clear organizational responsibility for ensuring a safe and trusting customer relationship.

Financial control and audit have expertise and authority in key areas of security, information access and privacy and the processes for monitoring, controlling and enhancing these critical elements of the trust relationship. IT has the technical expertise and understanding of risk management. It's time for them to get together, because we're entering a potentially dangerous era in regard to customer safety and confidence in e-commerce.

Here are the warning signals: The first is the series of coordinated attacks last month that pumped a gigabit-per-second of messages into the systems of leading e-commerce players, including Yahoo, eBay, ZDNet, Buy.com (apparently timed to coincide with that firm's initial public offering) and Amazon.com.

It's likely that we'll see plenty more attacks on a very large scale with publicly visible results.

The second warning signal was the news that DoubleClick and other firms that collect customer information and route it to retailers and manufacturers are able to go well beyond cookies in associating just about any transaction or query with a specific person. This may be the dark side of customer relationship management, and there's a growing and fairly widespread concern about threats to privacy. Just as with security, where there's a conflict between openness of access and tightness of control, there's a conflict between personalization of service on the one hand and privacy and anonymity on the other.

I don't see all of this as a crisis. Indeed, it's the job of IT and the financial control function to make sure it doesn't become one. That requires a real dialogue.

I recently co-authored a book, Building Electronic Commerce Relationships:

Trust by Design (Prentice Hall, 1999). I thought I had a pretty solid grasp of the security and privacy issues - firewalls, encryption, filters, authentication, public keys, blind signatures and the like.

Writing the book showed me how very little I really know about process design for customer safety, information protection and transaction integrity. I had a lot to learn from my co-authors, particularly Sally Chan, manager of IT audit at the Royal Bank of Canada. Safety is in the details. From my talks with a number of IT and audit professionals, I'm sure that's the case in general with them.

A new alliance between IT and financial control and audit must be made. The foundation of e-commerce is in building and maintaining trusted relationships.

To put customer confidence at risk is to put every element of your company's online business strategy at risk.

Author and consultant, Keen is chairman of Keen Education. He can be reached at peter@peterkeen.com. His book Dot Com to Dot Profit is scheduled to be published in June by Jossey-Bass.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Amazon.comBuy.comDoubleClickeBayJossey-BassKeen EducationYahoo

Show Comments