Dear GKD Members, Everything (in developing economies) MUST comply with "sustainable and appropriate".
In economies where the total number of e-commerce transactions are in the 1000's there is no point in installing or using any technology that costs more than a couple of thousand US$. It would not be sustainable. However, even developing economies are part of the planet. An important part of their development is to institute systems that will put them in synch with the rest of planet so that they can trade (and pay off their debts). The technology would be appropriate. ALL universisal cyber-security protocols are designed to meet the specific requirements of developed economies. I can make that statement because the cost of implementing them usually is un-sustainable. Furthermore, paranoid legal requirements that have been forced on the world since 9/11 have made the administrative and other "overheads" on a transaction so huge that any system would need massive volumes to pay them off. Developing economies do not have these volumes. So what do we do? We cannot do nothing. The reason for this is that crooks always move to the weak point in the system. If the developed world is successful with their expensive security systems and the weak point becomes the developing world then they would have succeeded in exporting fraud, etc. into the developing economies and we would have to accept that we are, indeed, basket cases. So this is not an option. We have to find sustainable and appropriate ways of implementing cyber-security while still using the same systems that everyone else uses, ie Visa, MasterCard, Sprint, etc. I like the eBay / reputational suggestion below. The problem is that eBay does not settle to any developing world. They welcome you as a buyer, but they will not settle you as a merchant. This is the problem with private systems. Individuals and profit margins make the rules. What we have been experimenting with is the "Management of Risk" as opposed to the "Prevention of Risk". Prevention is proving too expensive and too high an overhead for our infrastructure. However, with so few transactions, maybe we can just insure against the risk. Or, maybe, change our pricing so that we can build up a pool to "fund" risk when it happens. Believe it or not, this works out much cheaper than implementing some of the security protocols like EMV, 3D Secure, VbyV, etc. There is something we are doing on the "reputational" side. We are moving away from universal "VeriSign" type certificates and starting to issue our own, cheaper certificates. This works very well and we have found that there are very few rejections of these certificates. It is incumbent on the "Issuer" to ensure that their reputation does not cause users to reject the certificate. I would love to hear if anyone has ony other ideas on how to approach these issues. On Wednesday, September 29, 2004, [EMAIL PROTECTED] wrote: > Femi Oyesanya wrote: > >> Organizations in developing Countries ought to adopt International >> Certification and accreditation standards. For example, ISO 11799. The >> challege is finding qualified expertise to implement adoption of these >> standards. > > I suppose Femi's suggestion could work for fairly established firms, but > it would simply raise the barriers to small e-business development. Why > don't we take the cue from empirical cases? Take eBay for example. While > there have been cases of grand abuses (e.g., the laptop sale scandal a > year or two back), it has remained a very popular site for incidental or > systematic e-businesspersons. > > Trust is built by repeated transactions - and eBay aptly recognizes this > by appending the net positive feedback you have from previous > transaction partners (buyers and sellers) to the name you use on the > site. A first-timer at eBay would readily be viewed with suspicion. Many > sellers avoid this risk by declaring outright they will not transact > with anyone not having positive feedback. It becomes increasingly > important then to maintain a good reputation (i.e., net positive > feedback) to gain the trust of new buyers/sellers and maintain that of > previous ones. Your reputation becomes the de facto certification of > good business practice, and presumably, security. > > From this rudimentary - if naive - case, what is seemingly important for > developing countries are two things: 1) In lieu of harping on security > for each individual firm, it might be better to ensure security at the > marketplace - i.e., where transactions are conducted; and 2) the > guarantee of security is not in keeping information closed, but rather, > transparent - open and accessible. ------------ This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides more information. To post a message, send it to: <[EMAIL PROTECTED]> To subscribe or unsubscribe, send a message to: <[EMAIL PROTECTED]>. In the 1st line of the message type: subscribe gkd OR type: unsubscribe gkd For the GKD database, with past messages: http://www.GKDknowledge.org
