IDEAS home Printed from
   My bibliography  Save this paper

Control and Assurance in E-Commerce: Privacy, Integrity and Security at eBay


  • Rong-Ruey Duh

    () (Department of Accounting)

  • Karim Jamal

    () (Department of Accounting & Management Information Systems)

  • Shyam NMI Sunder

    () (School of Management)


Growth of online auctions and other forms of e-commerce has been hampered by concerns about the privacy, integrity, and security of online transactions. To earn the trust of their participants, new e-commerce organizations, like traditional organizations, have to reach the state of expectations equilibrium or control - a state where the actual behavior of participants corresponds to what others expect them to do. Since e-commerce companies provide electronic platforms where buyers and sellers interact directly with each other (as well as with the platform operator), establishing control in e-commerce enterprises requires broadening of the traditional definition of "internal control" to encompass the activities of "outsiders" such as customers, and suppliers. This paper presents a framework for analyzing the control environment of online auctions and identifies privacy and denial of service attacks as two new classes of risks faced by e-commerce companies. Using the control policies and practices of a leading consumer online auction company (eBay) as an illustrative example, we suggest possible ways of controlling these risks. This analysis identifies the demand for new kinds of assurance services for e-commerce to support privacy, integrity and security of online transactions. E-commerce assurance services available at the end of year 2000 (e.g. WebTrust) fall short of what is needed to establish expectations equilibrium or control in online auction firms. The merits of developing proprietary (e.g., PWC privacy standards) versus industry standards (e.g. WebTrust) for e-commerce assurance services are also discussed.

Suggested Citation

  • Rong-Ruey Duh & Karim Jamal & Shyam NMI Sunder, 2001. "Control and Assurance in E-Commerce: Privacy, Integrity and Security at eBay," Yale School of Management Working Papers ysm170, Yale School of Management.
  • Handle: RePEc:ysm:somwrk:ysm170

    Download full text from publisher

    File URL:
    Download Restriction: no

    Other versions of this item:

    References listed on IDEAS

    1. David Lucking-Reiley, 1999. "Using Field Experiments to Test Equivalence between Auction Formats: Magic on the Internet," American Economic Review, American Economic Association, vol. 89(5), pages 1063-1080, December.
    2. Dhananjay K. Gode & Shyam Sunder, 1997. "What Makes Markets Allocationally Efficient?," The Quarterly Journal of Economics, Oxford University Press, vol. 112(2), pages 603-630.
    3. Shyam Sunder, 2003. "Management Controls, Expectations, Common Knowledge and Culture," Yale School of Management Working Papers ysm337, Yale School of Management.
    Full references (including those not matched with items on IDEAS)


    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.

    Cited by:

    1. Sunder, Shyam, 2002. "Regulatory competition among accounting standards within and across international boundaries," Journal of Accounting and Public Policy, Elsevier, vol. 21(3), pages 219-234.
    2. Karim Jamal & Michael Maier & Shyam Sunder, 2003. "Privacy in E-Commerce: Development of Reporting Standards, Disclosure, and Assurance Services in an Unregulated Market," Journal of Accounting Research, Wiley Blackwell, vol. 41(2), pages 285-309, May.
    3. Baron, David P., 2001. "Private Ordering on the Internet: The eBay Community of Traders," Research Papers 1709, Stanford University, Graduate School of Business.
    4. Shyam Sunder & Michael Maier & Karim Jamal, 2004. "Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Practice in the U.S. and the U.K," Yale School of Management Working Papers amz2630, Yale School of Management, revised 01 Nov 2004.
    5. Shyam Sunder, 2001. "Standards for Corporate Financial Reporting: Regulatory Competition Within and Across International Boundaries," Yale School of Management Working Papers ysm245, Yale School of Management, revised 01 Apr 2002.
    6. repec:eee:aumajo:v:18:y:2010:i:2:p:81-92 is not listed on IDEAS

    More about this item


    E-commerce; Online auctions; Control; Assurance; Privacy; Integrity; Security;

    JEL classification:

    • M49 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Accounting - - - Other
    • M40 - Business Administration and Business Economics; Marketing; Accounting; Personnel Economics - - Accounting - - - General


    Access and download statistics


    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ysm:somwrk:ysm170. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (). General contact details of provider: .

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service hosted by the Research Division of the Federal Reserve Bank of St. Louis . RePEc uses bibliographic data supplied by the respective publishers.