A transactional-cycle approach to evidence management for dispute resolution
Introduction
Disputes are inevitable in business, and their resolution is necessary in electronic commerce just as it is in any other form of business. But disputes cannot be legally resolved unless the evidence underlying them has been previously recorded. A non-repudiation service establishes evidence and is one type of security service for open systems [6]. We reviewed the literature on information security and found that these services have been less discussed than others, such as authentication. Pertinent international standards on non-repudiation include ISO/IEC 10181-4 [7], 13888-1 [8], 13888-2 [9], and 13888-3 [10], which deal mainly with general concepts of evidence and define the system framework and some mechanisms for non-repudiation. The goal of this type of service is to generate, collect, maintain, make available, and validate irrefutable evidence concerning a claimed event or action in order to resolve disputes about the occurrence of the event or action.
Due to evidence accountability, evidence management is a critical part of the security framework. Previous research [3], [15], [18], [19], [20] dealt with evidence management as a unit of evidence involving a particular event or action; but this fails to pick up the complete context. Given that no business activity is atomic, we must consider a series of activities formed onto a complete transaction, rather than an isolated unit. It follows that evidence does not exist as an atomic piece but as a chain-of-evidence. This concept was originally introduced in law-enforcement. However, we integrate the concept with evidence management to trace accountability of each event or action into the overall transaction.
Section snippets
A business-to-consumer transaction cycle
Business-to-consumer (B2C) activities are an important type of electronic commerce involving: (i) the buyer/payer; (ii) the seller/payee; (iii) the financial institution; and (iv) the delivery authority. Only if money flow and logistics operate in coordination can the activity complete successfully. Tygar [16] discussed atomic transactions in electronic commerce and defined three levels: money, goods, and certified delivery. Money transactions deal with the transfer of funds. Goods transactions
Evidence management
The primary types of consumer problems, according to a report of the OECD Committee on Consumer Policy [4], can be divided into: “I didn’t do it” (unauthorized transactions), “I didn’t receive it”, and “I don’t want it.” Irrespective of the approach taken to settle disputes, the important first step is to establish evidence. Non-repudiation services deal with this and its accountability is a key factor in examining the details and context of a claim. Therefore, we have defined a general
Case study: credit-card payment over SSL
A survey of consumer shopping over the Internet, conducted by ActiveMedia Research and reprinted in [12], shows that most credit card transactions utilize systems based on a Secure Sockets Layer (SSL), which is software incorporated in browsers to protect communication security. However, some (27% in the year 2000) Internet shoppers preferred off-line payment. The implication of this is discussed in [14]; apart from security, consumers had misgivings about follow-up processes after
Conclusions
A new evidence-management methodology and its associated establishing procedures were discussed and then applied to a credit-card-over-SSL transaction case. The concept of chain-of-evidence and the transactional-cycle approach were integrated into the evidence-management methodology. Once each piece of stored evidence was generated, a map could be drawn to trace back the accountability of each event or action along the transactional cycle. We presented a systematic treatment of evidence
Acknowledgements
The authors would like to thank the anonymous referees for their helpful comments on an earlier manuscript of this paper, and to thank Prof. Edgar H. Sibley, the Editor-in-Chief, for his excellent editing work and revisions that substantially improved the quality of this paper. Part of this research was funded by the National Science Council of Taiwan under the contracts of NSC 90-2213-059 and NSC 91-2416-H-182-009; the former contract was conducted by the corresponding author (J.J. Hwang)
Min-Hua Shao is a candidate for doctorate degree at National Chiao Tung University in Taiwan. She received her MBA degree in 1998 with major in information management from National Chengchi University, Taiwan. Her current research interests include information security management and financial services such as Internet banking and payment systems in electronic commerce.
References (20)
- et al.
Effect of store design on consumer purchases: an empirical study of on-line bookstores
Information & Management
(2002) - et al.
Key dimensions of business-to-consumer web sites
Information & Management
(2002) - et al.
Designing a generic payment service
IBM Systems Journal
(1998) - N. Asokan, E.V. Herreweghen, M. Steiner, Towards a framework for handling disputes in payment systems, in: Proceedings...
- et al.
Non-repudiation with mandatory proof of receipt
Computer Communication Review
(1996) - DSTI/CP (Directorate for Science, Technology and Industry/Committee on Consumer Policy), Report on consumer protection...
- A.O. Freier, P. Karlton, P.C. Kocher, The SSL protocol version 3.0, Netscape Communications Corporation, November 18,...
- ISO/IEC, ISO/IEC 10181-1, Information technology—open systems interconnection—security frameworks for open system:...
- ISO/IEC, ISO/IEC 10181-4, Information technology—open systems interconnection—security frameworks for open system:...
- ISO/IEC, ISO/IEC 13888-1, Information technology—security techniques—non-repudiation part 1: general,...
Cited by (5)
Information security management: A state of the art
2012, 17th Symposium of the Association Information and Management 2012, AIM 2012An overview of trust mechanism and applications of e-commerce
2011, International Conference on Management and Service Science, MASS 2011A study on secure and fair escrow services for digital commerce
2010, Proceeding - 6th International Conference on Networked Computing and Advanced Information Management, NCM 2010Current state of information security research in IS
2009, Communications of the Association for Information SystemsEfficient non-repudiation for techno-information environment
2006, 1st International Conference on Industrial and Information Systems, ICIIS 2006
Min-Hua Shao is a candidate for doctorate degree at National Chiao Tung University in Taiwan. She received her MBA degree in 1998 with major in information management from National Chengchi University, Taiwan. Her current research interests include information security management and financial services such as Internet banking and payment systems in electronic commerce.
Jing-Jang Hwang began his academic career in 1976 as an instructor at National Chiao Tung University (NCTU) in Taiwan. He worked at NCTU for more than 25 years until the summer of 2002, and is now a Professor of Chang Gung University. Given leave of absence from NCTU, he studied Business Administration at the University of Cincinnati, and then studied Computer Science at the University of Florida. He received his PhD degree from the University of Florida in 1987. In addition to teaching, he has designed several computerized information systems, which include the administrative and the library systems of NCTU itself, the business system of a securities brokerage firm, and the office automation system of the judicial courts in Taiwan. Since 1990, he has also been involved in research on subjects of cryptography, information security, and electronic commerce, and has contributed research articles, in the English language as well as in the Chinese language, to various magazines and journals. He is now an editor of Computer Standards & Interfaces, a journal published by North-Holland.
Soushan Wu received his PhD in Finance from the University of Florida in 1984. He is currently a Chair Professor and Dean of College of Management, Chang-Gung University, Taiwan. He is also a visiting scholar in Clemson University, Hong Kong Polytechnic University now. His research interests include Management Science, Investment Science, Capital Markets and Information Systems. He has published more than 90 articles in Research in Finance, Financial Management, Asia-Pacific Journal of Finance, International Journal of Accounting and Information Systems, etc. He is now an editor of several academic journals, including Journal of e-Healthcare, Taiwan Management Review, and Journal of Financial Studies.