IDEAS home Printed from
MyIDEAS: Log in (now much improved!) to save this paper

Control and Assurance in E-Commerce: Privacy, Integrity and Security at eBay

Listed author(s):
  • Rong-Ruey Duh


    (Department of Accounting)

  • Karim Jamal


    (Department of Accounting & Management Information Systems)

  • Shyam NMI Sunder


    (School of Management)

Growth of online auctions and other forms of e-commerce has been hampered by concerns about the privacy, integrity, and security of online transactions. To earn the trust of their participants, new e-commerce organizations, like traditional organizations, have to reach the state of expectations equilibrium or control - a state where the actual behavior of participants corresponds to what others expect them to do. Since e-commerce companies provide electronic platforms where buyers and sellers interact directly with each other (as well as with the platform operator), establishing control in e-commerce enterprises requires broadening of the traditional definition of "internal control" to encompass the activities of "outsiders" such as customers, and suppliers. This paper presents a framework for analyzing the control environment of online auctions and identifies privacy and denial of service attacks as two new classes of risks faced by e-commerce companies. Using the control policies and practices of a leading consumer online auction company (eBay) as an illustrative example, we suggest possible ways of controlling these risks. This analysis identifies the demand for new kinds of assurance services for e-commerce to support privacy, integrity and security of online transactions. E-commerce assurance services available at the end of year 2000 (e.g. WebTrust) fall short of what is needed to establish expectations equilibrium or control in online auction firms. The merits of developing proprietary (e.g., PWC privacy standards) versus industry standards (e.g. WebTrust) for e-commerce assurance services are also discussed.

If you experience problems downloading a file, check if you have the proper application to view it first. In case of further problems read the IDEAS help page. Note that these files are not on the IDEAS site. Please be patient as the files may be large.

File URL:
Download Restriction: no

Paper provided by Yale School of Management in its series Yale School of Management Working Papers with number ysm170.

in new window

Date of creation: 09 Jan 2001
Handle: RePEc:ysm:somwrk:ysm170
Contact details of provider: Web page:

More information through EDIRC

References listed on IDEAS
Please report citation or reference errors to , or , if you are the registered author of the cited work, log in to your RePEc Author Service profile, click on "citations" and make appropriate adjustments.:

in new window

  1. Dhananjay K. Gode & Shyam Sunder, 1997. "What Makes Markets Allocationally Efficient?," The Quarterly Journal of Economics, Oxford University Press, vol. 112(2), pages 603-630.
  2. Shyam Sunder, 2003. "Management Controls, Expectations, Common Knowledge and Culture," Yale School of Management Working Papers ysm337, Yale School of Management.
  3. David Lucking-Reiley, 1999. "Using Field Experiments to Test Equivalence between Auction Formats: Magic on the Internet," American Economic Review, American Economic Association, vol. 89(5), pages 1063-1080, December.
Full references (including those not matched with items on IDEAS)

This item is not listed on Wikipedia, on a reading list or among the top items on IDEAS.

When requesting a correction, please mention this item's handle: RePEc:ysm:somwrk:ysm170. See general information about how to correct material in RePEc.

For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: ()

If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

If references are entirely missing, you can add them using this form.

If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.

If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.

Please note that corrections may take a couple of weeks to filter through the various RePEc services.

This information is provided to you by IDEAS at the Research Division of the Federal Reserve Bank of St. Louis using RePEc data.