ACCOUNTABILITY AS AN OBJECTIVE FOR SECURITY REQUIREMENTS OF E-BUSINESS PROCESS: DIMENSIONS(3)

Each of the parties involved in e-commerce may have a different conception of security in an e-business Process (EBP). In the extreme these requirements may even contradict each other. Example: On the one hand a customer of an online trader wants his personal data such as address, shopping preferences, and credit card number to be kept confidential and deleted after the transaction is completely settled. On the other hand the online trader might be 16 tempted to use these data for marketing purposes or even sell the personal data of its customers to a web marketing company to increase his revenue.

The above considerations clearly show the need to include the dimension parties in our security framework. In a sample scenario that will follow in Section 3 we will restrict ourselves to a B2C example with two parties: customer and merchant.

2.3 Phases of an EBP

Next to security objectives and parties we will include different phases of an EBP in our framework. It is intuitively clear that the security aspects change during the execution of an EBP. E.g. the integrity of prices for products on a web page is important in an early stage, while accountability is an integral component of payment.

Since EBPs are heterogeneous, we have to find a process model that is suitable for most processes in e-business. To be manageable, this model will be on a high level of abstraction. Such a general model has been introduced by Schmid who identifies three phases:

1. During the information phase the parties try to find partners, compare them, clarify their trade relation, and specify the products to be exchanged. These actions are not legally binding.

2. In the contracting phase the parties decide on their partners according to their decision criteria and work out and sign a contract about their trade relation.

3. Finally, in the delivery phase payment and delivery is done and eventually a new transaction is prepared.

The three phases are supposed to be executed in chronological order. Unfortunately, the delivery phase proves to be too coarse for the analysis of security requirements, since the delivery phase combines payment and delivery, which clearly have different security requirements. Therefore, we extend the model of Schmid to the following four phases:

– information

– contracting

– payment

– delivery

Please note that the chronological order of the last two phases depends on the type of EBP. Next to a sequential order – such as prepaid payment systems using coupons or electronic cash and pay-after systems using credit cards – a parallel execution is possible, which is also know as pay-now systems. As mentioned above and as will be shown in the sample scenario in Section 3, security requirements and mechanisms vary according to the phases.

Representative APR 391%. Average APR for this type of loans is 391%. Let's say you want to borrow $100 for two week. Lender can charge you $15 for borrowing $100 for two weeks. You will need to return $115 to the lender at the end of 2 weeks. The cost of the $100 loan is a $15 finance charge and an annual percentage rate of 391 percent. If you decide to roll over the loan for another two weeks, lender can charge you another $15. If you roll-over the loan three times, the finance charge would climb to $60 to borrow the $100.

Implications of Non-payment: Some lenders in our network may automatically roll over your existing loan for another two weeks if you don't pay back the loan on time. Fees for renewing the loan range from lender to lender. Most of the time these fees equal the fees you paid to get the initial payday loan. We ask lenders in our network to follow legal and ethical collection practices set by industry associations and government agencies. Non-payment of a payday loan might negatively effect your credit history.

Calculate APR