Undoubtedly, the advantages of electronic transacting have embedded this concept into the strategies of virtually all the companies wishing to survive the next decade. Electronic transacting offers the opportunity to drive down costs; streamline processes for faster turnaround time in an increasingly competitive global market and could be far safer, especially in fraud prevention, than real world transactions.
Electronic transacting is often seen as Internet-based commerce only, but this is not the case. Electronic transacting is something that we are already critically dependant on in our business and involves any system that will transact, transmit, process or store electronic information. Examples of such other systems are our ERP systems for supply chain management, financial systems and approval systems (workflow).
Since these are all business systems, they have to pass the same tests for risk management as any real world commercial process would. In a real world transaction, the following questions are always asked by the business:
* Who am I doing business with (track record, viability etc)?
* What are we going to do together (explicit details of business dealing)?
* Is the contract signed (risk management through contract)?
* Do I have my copy of the contract (evidence)?
* Do I need to insure against loss?
It should be immediately apparent that the typical real world business risk management logic is only partially followed, if at all, in the electronic world. In the event of a dispute where a party has suffered loss in an electronic system, the same real world dispute resolution process will kick in to resolve it, remembering that the benefit of the doubt will always lie with the accused party. You will have to prove what you agreed to, submit evidence to prove the facts of the dispute and also prove the integrity of the evidence if doubt exists.
It is this last point, which creates the unseen commercial risk. It is almost impossible to prove the integrity of any electronic evidence due to the ease with which it can be altered in an undetectable manner by employees that have legitimate access to the system. Add to this the statistic that probably 70% of fraud cases involve employees and this immediately means that business is being done without any possibility of proving the facts in case of a dispute, which in turn means that the contract cannot manage the business risk.
This commercial vulnerability is simple to manage however through the introduction of electronic signatures, or rather digital signatures created with Public Key technology. The real value of a digital signature lies in its persistence after a transaction has occurred and its ability to give undoubted credibility (prove absolute integrity) of the evidence of the transaction (logs, e-mails, word documents, spread sheets, etc). This can be taken further in terms of the ECT Act, which could also add the accountability to the transaction that a real world signature would have implied on a paper contract.
If standard commercial risk management logic is therefore followed, along with the relatively simple addition of digital signatures, the way forward is open for the business to benefit from the potential in electronic systems with even less risk than real world commercial transactions. This also allows a board of directors to demonstrate that they have actively taken steps to manage the business risks associated with information systems as required by the King Report describing good corporate governance. Apart from a nice to have, the implementation of digital signature technology is an imperative.
Share
NamITech Ltd is the secure technology provider within the established Nampak group of companies, focusing on a number of key market areas to provide leading-edge technology solutions.
NamITrust is the newly established enterprise security service provider within the NamITech Limited group, specialising in the monitoring and management of security in the digital domain. This focused division offers comprehensive managed security services including managed PKI, intrusion detection and non-repudiation of transactions. NamITrust operates out of the only seven tier secure facility in Africa.
At the heart of the company is the provision of secure end-to-end business solutions and the development and implementation of value-added applications stemming from the intelligent use of smart cards and the latest technology. NamITech`s core areas of expertise are secure card technology, payment solutions and enterprise security solutions. Trust is embedded in all its business solutions and NamITech brings accountability to the converging world of electronic transacting and commerce.
Editorial contacts