Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Ljupco Sharkovski]

Dear Cornelio,

Thank you very much for your information and suggestion. I very much
appreciate your effort to help us here in Macedonia to prove our
credibility in e-commerce. This problem has been discussed by many
people including some foreign donors here, but no one has known what
approach to take to solve the problem So this is very valuable
information for us. I will present this information and the opportunity
to our Chamber of Commerce, where I am Vice President. I will also
start the procedure for following this suggestion through the
institutional process. When we have a result I will send this
information to GKD so other countries can gain from our experience.

Again, thank you very much. If I am able to help you in any way from
Macedonia, please let me know.

Kind regards,

Ljupco Sharkovski


On Monday, October 4, 2004, Cornelio Hopmann wrote:

> Dear Mr. Sharkovski,
> 
> I do understand perfectly your frustration, yet don't share your opinion
> - or perception - that there are just some powerful anonymous groups out
> there, which intentionally try to harm Macedonia by putting it on a
> black list. Why should they? (And by the way, this IMHO applies to
> almost any developing country, therefore Macedonia may serve just as an
> example).
> 
> Under current conditions, there are just 2 "recognized" public entities
> that - on the state level - may give you "credentials":
> 
> (a) the US-government (Departments of State and Commerce in their
> country-profiles and related info, see for instance
>
 tion%20Technology%20Sector.pdf> which in fact makes quite critical
> observations with respect to laws and ICT in Macedonia).
> 
> (b) the EU-commission (Commissioner for commerce) in Brussels.
> 
> Even though not publicly admitted, both are obviously say "modulated" by
> general political interest, yet they don't operate anonymously. And
> there are the private risk-assessment agencies like Standard & Poors or
> the respective risk-assessment departments of banks and [public] trade-
> or export-risk assurance companies.
> 
> Hence the only way out - in your situation and similar situations in
> other countries - is to engage at least one of these public entities and
> at least one of the private ones in a more formal assessment of your
> conditions and then distribute their assessment (like percentage of
> risk-penalties in trade-assurance contracts etc.).
> 
> Unfair? Yes! Avoidable? Definitively no!
 




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Siobhan Green]

We have discussed a lot of the problems for e-commerce in developing
countries but not a lot about the individual work arounds for both
buying and selling through e-commerce.

Trying to think like a businessman, it sounds like the problems related
to e-commerce and security can be divided into:

1. payment systems

2. methods to verify identity and build trust (for resolution of
problems, quality, trust, branding)

3. shipment/tracking that goods and services are actually delivered

4. privacy for transactions (i.e. you don't want your competitors know
prices/locations, etc)

>From what I know (and that is rather limited) there are a variety of
work arounds, including partnering with bigger, more well known
companies (such as eBay or Amazon) to sell goods, or find individual
responses (like finding a friend with a US-based credit card to process
payments).

I would love to hear of other work arounds that developing country
entrepreneurs use to overcome the security issues with e-commerce.


Siobhan Green
www.sonjara.com




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Femi Oyesanya]

In a message dated 10/4/2004, Barry Coetzee <[EMAIL PROTECTED]> wrote:

> In economies where the total number of e-commerce transactions are in
> the 1000's there is no point in installing or using any technology that
> costs more than a couple of thousand US$. It would not be sustainable.


Furthermore, If the cost of protecting the IT Asset is more than the
asset, why invest at all in Security mechanisms?




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Nabil El-Khodari]

I believe that the problem facing developing countries is not one of
'systems' or 'technical'; it is the lack of 'enforceable' laws that
handles cyber-crime in particular and the lack of the rule of law in
general.

Until such laws are in place and it is evident that they are enforced,
we can cry 'wolf' all we want.

Sincerely,
  
Nabil El-Khodari
Founder/Treasurer
Nile Basin Society
Tel.: +1 (647) 722-3256
Fax: +1 (647) 722-3273   

http://nilebasin.com
http://nilebasin.net
http://nile.ca  
108 Waterbury Dr.
Toronto, Ontario, M9R 3Y3
Canada   


"If the people will lead, the leaders will follow."
   - Dr. David Suzuki




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Barry Coetzee]

Dear GKD Members,

Everything (in developing economies) MUST comply with "sustainable and
appropriate".

In economies where the total number of e-commerce transactions are in
the 1000's there is no point in installing or using any technology that
costs more than a couple of thousand US$. It would not be sustainable.

However, even developing economies are part of the planet. An important
part of their development is to institute systems that will put them in
synch with the rest of planet so that they can trade (and pay off their
debts). The technology would be appropriate.

ALL universisal cyber-security protocols are designed to meet the
specific requirements of developed economies. I can make that statement
because the cost of implementing them usually is un-sustainable.

Furthermore, paranoid legal requirements that have been forced on the
world since 9/11 have made the administrative and other "overheads" on a
transaction so huge that any system would need massive volumes to pay
them off. Developing economies do not have these volumes.

So what do we do? We cannot do nothing. The reason for this is that
crooks always move to the weak point in the system. If the developed
world is successful with their expensive security systems and the weak
point becomes the developing world then they would have succeeded in
exporting fraud, etc. into the developing economies and we would have to
accept that we are, indeed, basket cases. So this is not an option. We
have to find sustainable and appropriate ways of implementing
cyber-security while still using the same systems that everyone else
uses, ie Visa, MasterCard, Sprint, etc.

I like the eBay / reputational suggestion below. The problem is that
eBay does not settle to any developing world. They welcome you as a
buyer, but they will not settle you as a merchant. This is the problem
with private systems. Individuals and profit margins make the rules.

What we have been experimenting with is the "Management of Risk" as
opposed to the "Prevention of Risk". Prevention is proving too expensive
and too high an overhead for our infrastructure. However, with so few
transactions, maybe we can just insure against the risk. Or, maybe,
change our pricing so that we can build up a pool to "fund" risk when it
happens. Believe it or not, this works out much cheaper than
implementing some of the security protocols like EMV, 3D Secure, VbyV,
etc.

There is something we are doing on the "reputational" side. We are
moving away from universal "VeriSign" type certificates and starting to
issue our own, cheaper certificates. This works very well and we have
found that there are very few rejections of these certificates. It is
incumbent on the "Issuer" to ensure that their reputation does not cause
users to reject the certificate.

I would love to hear if anyone has ony other ideas on how to approach
these issues.

  

On Wednesday, September 29, 2004, [EMAIL PROTECTED] wrote:

> Femi Oyesanya wrote:
>
>> Organizations in developing Countries ought to adopt International
>> Certification and accreditation standards. For example, ISO 11799.  The
>> challege is finding qualified expertise to implement adoption of these
>> standards.
>
> I suppose Femi's suggestion could work for fairly established firms, but
> it would simply raise the barriers to small e-business development. Why
> don't we take the cue from empirical cases? Take eBay for example. While
> there have been cases of grand abuses (e.g., the laptop sale scandal a
> year or two back), it has remained a very popular site for incidental or
> systematic e-businesspersons.
> 
> Trust is built by repeated transactions - and eBay aptly recognizes this
> by appending the net positive feedback you have from previous
> transaction partners (buyers and sellers) to the name you use on the
> site. A first-timer at eBay would readily be viewed with suspicion. Many
> sellers avoid this risk by declaring outright they will not transact
> with anyone not having positive feedback. It becomes increasingly
> important then to maintain a good reputation (i.e., net positive
> feedback) to gain the trust of new buyers/sellers and maintain that of
> previous ones. Your reputation becomes the de facto certification of
> good business practice, and presumably, security.
> 
> From this rudimentary - if naive - case, what is seemingly important for
> developing countries are two things: 1) In lieu of harping on security
> for each individual firm, it might be better to ensure security at the
> marketplace - i.e., where transactions are conducted; and 2)  the
> guarantee of security is not in keeping information closed, but rather,
> transparent - open and accessible.




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Olu Olatidoye]

Dear Colleagues,

I am sure there are several ongoing projects addressing the issue of
Information Technology in the institutions of learning in the so-called
developing countries. Of course Africa as a continent can still use more
of such work force training.

The issue is not that of allowing a country to do E-Commerce, but that
of having the proper framework for proper and secure implementation,
that will allow for global virtual enterprise. As pointed out by the
Moderator:

> Cyber-security is essential to e-commerce. Businesses must establish
> trust with their potential customers. Countries need to prevent
> cyber-fraud that can cripple e-commerce activity. Yet, developing
> countries face special obstacles in their efforts to safeguard their
> companies' e-commerce activities. Many lack a legal infrastructure that
> can thwart digital crime. These countries also have conditions that
> foster cyber-crime: many people with sophisticated computer skills and
> very low incomes, in an environment of expanding organized crime.

The e-Centers, as Electronic Commerce Resource Centers, can draw on any
sector of the society, especially the small and medium-sized enterprise
(SMEs) in Africa. The involvement of the government is very essential
because the policies and legal framework have to be coupled with the
business standards and enforcement. In addition, the government is the
biggest customer in most of the African countries. Therefore, all the
stakeholders that understand running of a Virtual Enterprise
infrastructure should be attracted to come up with a viable solution in
each country. As I pointed out in my previous e-mail, in the US, out of
the seventeen Electronic Commerce Resource Centers (ECRC), only two of
the centers are run by Universities, the rest are run by private
business enterprises with technology hubs, and they were all funded and
supported by the government at the inception.

A Virtual Enterprise needs the cooperation of all the stakeholders, be
it government, educational institution or business entities, to build
trust with their customers and create a legal framework that can thwart
digital crime. The industrial environment of today consists of numerous
organizations working together as a virtual enterprise. As I pointed out
in my previous e-mail, the Global Trade and Investment Management
Network (GTIM) group in Nigeria and US are taking measures in working
with stakeholders in building trust among members and seeking
partnerships with organizations interested in cyber-security for Africa.

I thank you for your input.


Best Regards,

O. Olatidoye 
GTIM US Coordinator 


On Wednesday, September 29, 2004, Ajay Gupta wrote:

> I do believe the first and most critical step towards a allowing
> developing countries (e.g., countries on the African continent) to more
> fully take part in electronic commerce and the deployment of a secure IT
> infrastructure is to institute educational training programs in
> Information Technology and the Secondary and Post-Secondary level.
> 
> E-Centers and CSIRTs can more easily be implemented by educational
> institutions that are developing the necessary and qualified work force
> in the first place.
> 
> Further, the educational institutions, if self-managed, provide at least
> one degree of separation between governments and the e-Centers and
> CSIRTs often raising the credibility of the latter organizations.




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Cornelio Hopmann]

Dear Mr. Sharkovski,

I do understand perfectly your frustration, yet don't share your opinion
- or perception - that there are just some powerful anonymous groups out
there, which intentionally try to harm Macedonia by putting it on a
black list. Why should they? (And by the way, this IMHO applies to
almost any developing country, therefore Macedonia may serve just as an
example).

Under current conditions, there are just 2 "recognized" public entities
that - on the state level - may give you "credentials":

(a) the US-government (Departments of State and Commerce in their
country-profiles and related info, see for instance
 which in fact makes quite critical
observations with respect to laws and ICT in Macedonia).

(b) the EU-commission (Commissioner for commerce) in Brussels.

Even though not publicly admitted, both are obviously say "modulated" by
general political interest, yet they don't operate anonymously. And
there are the private risk-assessment agencies like Standard & Poors or
the respective risk-assessment departments of banks and [public] trade-
or export-risk assurance companies.

Hence the only way out - in your situation and similar situations in
other countries - is to engage at least one of these public entities and
at least one of the private ones in a more formal assessment of your
conditions and then distribute their assessment (like percentage of
risk-penalties in trade-assurance contracts etc.).

Unfair? Yes! Avoidable? Definitively no!

Yours sincerely,
Cornelio



On Friday, October 1, 2004, L Sharkovski <[EMAIL PROTECTED]>
wrote:

> I think perhaps some on the GKD list have missed the problem that my
> compatriot in Macedonia is describing. The point, for us at least, is
> not that there is rampant cyber-criminality in Macedonia that the
> government has failed to prevent. The point is that it is just as safe
> to buy from Macedonia, or sell to Macedonians online, as it is from any
> other country. Yet the organization Exportbureau.com has alleged that
> there are online fraud schemes based in Macedonia and has placed
> Macedonia on their list of Suspect Shipping or Contact Addresses. There
> is no contact address or information listed on THEIR website, so it is
> extremely difficult to determine who this group is and where they reside
> (although, after some research, we believe they reside in Taiwan).

..snip...
 
> It is bitterly ironic that Macedonia -- a very small country with
> relatively low cyber-density compared with the industrialized countries
> in Western Europe and the US -- is accused of being major sources of
> cyber-fraud. In a world of cyber-criminality, what percentage of that is
> Macedonian? I will tell you: Zero.
> 
> Yet our companies are shut off from access to major e-commerce channels.
> So it is not an issue of lack of laws or lack of enforcement. It is an
> issue of too much power in the hands of groups that seem to be informal
> arbiters of which countries are "secure" enough for e-commerce.
> Furthermore, they are completely inaccessible and unaccountable. They do
> not reply to our requests for evidence of their accusation. And there is
> no way for us to counter their accusation other than trying to publicize
> our security through discussions like this one. It is difficult for us
> to convey how frustrating and damaging this situation is for us. In many
> ways, this type of baseless accusation, which harms our economy, is just
> as lawless as the accusation they are making.

..snip...




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[L Sharkovski]

Dear GKD Colleagues,

I think perhaps some on the GKD list have missed the problem that my
compatriot in Macedonia is describing. The point, for us at least, is
not that there is rampant cyber-criminality in Macedonia that the
government has failed to prevent. The point is that it is just as safe
to buy from Macedonia, or sell to Macedonians online, as it is from any
other country. Yet the organization Exportbureau.com has alleged that
there are online fraud schemes based in Macedonia and has placed
Macedonia on their list of Suspect Shipping or Contact Addresses. There
is no contact address or information listed on THEIR website, so it is
extremely difficult to determine who this group is and where they reside
(although, after some research, we believe they reside in Taiwan). 

Yet computer fraud has been part of the Macedonian Criminal Code since
March 2004. Perhaps even more importantly, the fact is that companies in
Macedonia use the same cyber-security systems as every other company in
the world. I own a major firm in Macedonia that provides e-commerce
solutions to our customers, as well as web portals, online databases,
etc. We don't build our own security systems - we use worldwide
standard systems. For example we use standard Visa and Mastercard
online security systems, and have been using them for four or five years
and have never had a single problem. The point is that when we buy
something online, or someone from another country buys from us, we are
all using the same system -- with the same level of security.

It is bitterly ironic that Macedonia -- a very small country with
relatively low cyber-density compared with the industrialized countries
in Western Europe and the US -- is accused of being major sources of
cyber-fraud. In a world of cyber-criminality, what percentage of that is
Macedonian? I will tell you: Zero.

Yet our companies are shut off from access to major e-commerce channels.
So it is not an issue of lack of laws or lack of enforcement. It is an
issue of too much power in the hands of groups that seem to be informal
arbiters of which countries are "secure" enough for e-commerce.
Furthermore, they are completely inaccessible and unaccountable. They do
not reply to our requests for evidence of their accusation. And there is
no way for us to counter their accusation other than trying to publicize
our security through discussions like this one. It is difficult for us
to convey how frustrating and damaging this situation is for us. In
many ways, this type of baseless accusation, which harms our economy, is
just as lawless as the accusation they are making.

We all -- but especially developing countries -- definitely need an
international formal, clear procedure for establishing national
cyber-security credentials, so that all countries have a rational,
accessible way to make it clear that they are secure, and can provide
assurances to their suppliers and customers that they are safe places to
do business with online.


L Sharkovski
Einsof
Macedonia
<[EMAIL PROTECTED]>




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Leo D. Waters]

Dear GKD Members,

Based on its sheer size and endowed resources, Nigeria is a power house
of economic gain for determined investors (locally and internationally).
However, economic frauds are rife in the country's system as it seems to
have become a culture to conduct business dubiously. Also, the growth of
Internet use verges on exponential.

On the flip side however, this presents vast opportunites for economic
security providers to establish credible measures to make e-commerce a
truly safe medium to conduct transactions in Nigeria. Is anyone really
looking into this? I'd like to help.


Leo Waters


=

Best regards & God bless,

Leo D. Waters
Tel: +234(0)805.506.7103, or +234(0)802.338.1628




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Cornelio Hopmann]

Dear Colleagues,

(1) Commerce at a distance with shortened transaction-times, was well
started about 150 years ago by an invention called the "Telegraph" and
the respective world-wide network.

(2) May I recall that the very Credit Card (as handsome substitute for
the much older Credit Letter) was originally invented to allow
separation of buying and paying.

(3) May I again recall that trustworthy merchant-agents as middlemen
appear centuries ago to allow for advanced/delayed partial payments.

(4) May I finally recall, that countries branded as "unsafe" for
e-commerce are normally already branded as "unsafe" for any commerce at
a distance or with delayed/advanced payments (I don't know of any
exception).

Corollary: countries are branded as "unsafe" for commerce normally and
mostly not for the lack of laws, regulations, standards, certificates or
whatever but for the lack of law-enforcement.

I do doubt that a public sector unable or unwilling or not ready to
implement unbiased and timely law-enforcement on ordinary subjects will
do so with respect to eCommerce, which renders laws, regulations,
standards, certificates or whatever for eCommerce simply and plainly
"useless".


Yours truly,

Cornelio



On Thursday, September 30, 2004, Sam Lanfranco wrote:

> The hallmark of e-commerce is that it involves a transaction that takes
> place across time and space, and in the first instance involves a
> virtual transaction (the order, the payment, etc.) with the good or
> service to follow. This is in contrast to a commerce transaction at a
> time and a place, where frequently the produce is examined (book,
> appliance) and received or consumed (food, parking) at the time of the
> purchase.
> 
> It comes as no surprise that fraud artists try to take advantage of this
> temporal and spatial distance to engage in deception. In the past the
> same has been done via postal service, telephone service, fax, and any
> transactions venue where there is a degree of seperation between the
> perpetrator and the intended victim. Scams and fraud can go in both
> directions, with either the buyer or the supplier as the victim. For
> developing and transition economies, newly emerging on the global
> economic stage, the larger victim is the growth of their e-commerce
> sectors.
> 
> However, what is different about e-commerce is that the distances can be
> greater but the speed of transactions is faster. This has a negative
> side, but it also has a positive side. The negative side is that it is
> harder for the client (consumer, buyer, etc.) to carry out due diligence
> with respect to the integrity of the supplier, and it is harder for the
> supplier to prove (or build) a reputation for trust and integrity. Both
> factors cause reluctance on the part of potential clients and stiffle
> the growth of the e-commerce sector.

..snip...





This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Marta A.Tomovska]

Dear GKD Members,

This discussion on cyber-security and e-commerce is a very crucial and
immediate one for us in Macedonia.

I work with Unet, the first ISP in Macedonia, which currently serves
more than 15,000 customers with Internet connectivity services, more
than 1,000 customers with web design, development and maintenance
services, and more than 1,000 customers for Domain registration
services.

We are registering domains for our customers under the .mk extension and
also top level domains under .com, .net, .org, .biz extensions. To
register the top level domains we are using the services of a few American
companies' websites like Secureserver.net, Securepaynet.net,
Cheap-DomainRegistration.com, Domain-name-store.com, Registrar.host.net,
Turbosales.com, Searchhostdirectory.com, Domainlinks.com,
Virtualvision.net, Domains.compuweb.com etc.

We are paying these organizations for domain registration for periods of
at least 1 year. For that period of time, we are supposed to have access
to our registered domains in order to manage them, renew them, change
their DNS's etc.

In June of this year, when we tried to log into
Cheap-DomainRegistration.com, we have noticed that we cannot access
their login page. We sent an e-mail to their support team, but there was
no reply. Then we used our hotmail e-mail account and we received the
following answer:


> Thank you for writing customer support. We are unable to process
> transactions originating from the following countries: Bulgaria,
> Indonesia, Malaysia, Nigeria, Pakistan, Romania, Vietnam, Ghana,
> Macedonia
> 
> Also, the US Government asks that we do not conduct business with these
> nations: Cuba, Iran, Iraq, Libya, North Korea, Sudan, Syria
> 
> If your credit card is from one of these countries, or if you reside in
> any of these countries, you will not be able to view or complete a
> purchase from our website. I apologize for any inconvenience this may
> cause you. We recommend either using a connection that does not use a
> local IP address (such as through a internet cafe for example), or
> contact a trusted party outside of your area to log in and approve
> domain name transfers to move your domain to a registrar that you can
> access. 
> 
> Regards,
> 
> Nick P.
> Customer Service
> 480-624-2500


This is not just an isolated case. Please check what yahoo says:
http://store.yahoo.com/vw/warsigoffrau.html

It is evident that Macedonia is blacklisted and anyone with a Macedonian
IP address is blocked from access to all the above and many more
commercial websites.

There are many problems and issues of lack of fairness related to this
situation. One of the problems is that we -- and our customers as well
-- are not receiving the services we and they have paid for.

An additional problem is that there is no chance to re-register already
registered domains with another company, so a number of Macedonian
websites will become unavailable on the net very soon!

And of course, the worst and biggest problem is that we have restricted
access to the global network and therefore, are not able to have fast
information exchange with the world, which, if added to the current
situation on the Macedonian Internet market (raised prices for telephony
services from the Incumbent monopoly fixed line provider), will keep us
in the dark age.

While doing some investigation on the net covering this problem, I have
found one very interesting reading at the following address:

I recommend you to check it!

Perhaps the worst part of this terrible problem is that we are working
tremendously hard here in Macedonia trying to build our country's
economy. We are a small country and our economic future depends on our
becoming part of the global economy. We have apparently been accused of
not having enough cyber-security but it is as though the entire country
is accused and punished for cyber-fraud! I can assure you that if there
is any type of cyber-fraud from Macedonia it is far, far smaller than it
is in any developed country. We are accused but there is no way for us
to clear our name! The accusation just floats around the world on the
Internet and there is no judge or jury or even global administrative
body who we can appeal to and prove our innocence and regain our right
to enter into e-commerce with all the other nations. There is no process
or procedure we can take (that we know of) that will let us fight this
blacklist and clear our name!  After everything we have been through in
the past decade, this is a terrible blow to us and our hopes for
building our economy.

Finally, we have a message for anybody concerned with this problem or
who has a good will and belief in our country's potential. Please,
please help us by lobbying to the responsible instances or institutions
in the world to delete Macedonia from the IP blacklists. Let us know
what information you need to help us clear our name and b

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Zoya Naskova]

Dear GKD Members,

I have not followed this discussion closely. So, I am not sure if anyone
has talked about Banks and banking processes and structures.

Ultimately, people are willing to use e-commerce to a large extent due
to the protection credit card companies offer. In my experience, banks
in some developing countries are not customer-service oriented, and
therefore they do not promote customer security.


Zoya Naskova




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Sam Lanfranco]

On Monday, September 27, 2004, Global Knowledge Dev. Moderator asked:

> When countries are branded as "unsafe" for e-commerce, what can innocent
> companies do to rescue their own e-commerce efforts?

The hallmark of e-commerce is that it involves a transaction that takes
place across time and space, and in the first instance involves a
virtual transaction (the order, the payment, etc.) with the good or
service to follow. This is in contrast to a commerce transaction at a
time and a place, where frequently the produce is examined (book,
appliance) and received or consumed (food, parking) at the time of the
purchase.

It comes as no surprise that fraud artists try to take advantage of this
temporal and spatial distance to engage in deception. In the past the
same has been done via postal service, telephone service, fax, and any
transactions venue where there is a degree of seperation between the
perpetrator and the intended victim. Scams and fraud can go in both
directions, with either the buyer or the supplier as the victim. For
developing and transition economies, newly emerging on the global
economic stage, the larger victim is the growth of their e-commerce
sectors.

However, what is different about e-commerce is that the distances can be
greater but the speed of transactions is faster. This has a negative
side, but it also has a positive side. The negative side is that it is
harder for the client (consumer, buyer, etc.) to carry out due diligence
with respect to the integrity of the supplier, and it is harder for the
supplier to prove (or build) a reputation for trust and integrity. Both
factors cause reluctance on the part of potential clients and stiffle
the growth of the e-commerce sector.

Previous postings to this thread have focused on the role of governments
in promoting the integrity of the e-commerce sector, either via internal
policies, or adherence to international standards. That is well and good
but presumes that national governments have that "top down"
administrative ability and power, when many do not.

There is a second avenue that should not be minimized, one that involves
a "bottom up" strategy. The same digital venue that makes e-commerce
possible across time and space also makes collaboration possible across
time and space. E-commerce ventures residing in locations where they are
likely to be tarred with a negative brush - because of location - can
consider strategic alliances with relevant e-commerce service providers
that are located elsewhere, and that have "brand name" acceptance. This
need not be a subservient relationship, nor a permanent relationship,
but it can be a stepping-stone relationship that allows a country's
e-commerce sector to grow to the level where it can stand on the world
stage in its own right.

One of the strengths of the digital venue is that it supports
collaboration across time and space. Collaboration in the building of an
e-commerce sector will likely produce a healthy national, but globally
positioned, e-commerce sector faster than trying to just go it alone and
hope for governmental "top down" policy help.


Sam Lanfranco
Distributed Knowledge Project
York University




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Fola Odufuwa]

On Monday, September 27, 2004, Global Knowledge Dev. Moderator asked:

> When countries are branded as "unsafe" for e-commerce, what can innocent
> companies do to rescue their own e-commerce efforts?

The reality is that the biggest credit card companies are owned by
financial institutions primarily domiciled in the developed world. And
it is only natural for these companies to view transactions from
anywhere else but from the localities of their member-owners as
"unsafe".

When countries are (rightly or wrongly) branded unsafe it immediately
creates a herd effect within the economies and country groups where the
"branding" originated. Innocent companies within those countries are not
even given a chance to prove their innocence as they are typically
grouped with their branded country.

In my opinion, it is primarily the duty of the governments of the
affected countries to make every effort to get decertified both offline
and online. Business may also need to aggregate into a strong lobby
group to ensure that government officials spearhead the campaign to
secure a "seat" at the cyber table.

The process of labelling countries needs also to be more transparent.
Legitimate businesses ought not be made to suffer for the structural
deficiencies of the environments within which they operate.


Fola Odufuwa
ED

--
eShekels Limited
West Africa Office
13th Floor, Left Wing
Nigeria Stock Exchange House
2/4 Customs Street 
Lagos, Nigeria
Tel: +234-1-8116899
Fax: +234-1-2642852
Web: www.eshekels.com 
__
eShekels is one of Africa's premier technology research and content
management firms




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Cressman, Gordon M.]

I agree. The challenge would not be finding the ISO compliance
expertise, but paying for it. ISO standards are useful reference points
and provide some assurance in environments that can afford compliance.
The also generate their own economy through the legions of consultants
who help businesses achieve certification. The burden on SMEs in
developing countries would be a significant drag.

-gmc
  
Gordon M. Cressman
RTI International
Turning Knowledge Into Practice
[EMAIL PROTECTED]
+1 919 541-6363
+1 919 271-7003 Mobile
+1 202 354-4840 Internet Fax


On Wednesday, September 29, 2004, [EMAIL PROTECTED] wrote:

> Global Knowledge Dev. Moderator asked:
> 
> > 5) How can organizations in developing countries get certified in order
> > to build trust among potential e-customers? Do certification agencies
> > have a responsibility to support cyber-security in developing countries?
> 
> To which Femi Oyesanya replied:
> 
> > Organizations in developing Countries ought to adopt International
> > Certification and accreditation standards. For example, ISO 11799. The
> > challege is finding qualified expertise to implement adoption of these
> > standards.
> 
> 
> I suppose Femi's suggestion could work for fairly established firms, but
> it would simply raise the barriers to small e-business development.

   ...snip...





This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Ajay Gupta]

Dear GKD Members,

I am an educator in the areas of Computer Security, Cyber Crime,
Computer Forensics and IT Security Policy, therefore, I will admit a
potential bias in my thoughts on the matter under discussion here.

I do believe the first and most critical step towards allowing
developing countries (e.g., countries on the African continent) to more
fully take part in electronic commerce and the deployment of a secure IT
infrastructure is to institute educational training programs in
Information Technology and the Secondary and Post-Secondary level.

E-Centers and CSIRTs can more easily be implemented by educational
institutions that are developing the necessary and qualified work force
in the first place.

Further, the educational institutions, if self-managed, provide at least
one degree of separation between governments and the e-Centers and
CSIRTs often raising the credibility of the latter organizations.

I hope my comments on this list have been helpful. I welcome any
response or further discussion.


Thank you,
 
Ajay Gupta, CISSP
Director of IT Security Services
[EMAIL PROTECTED]


On Tuesday, September 28, 2004, Olu Olatidoye wrote:

> The e-Center solution is based on the proven Electronic Commerce
> Resource Centers (ECRC) framework with the proper infrastructure adapted
> to the cultural environment in African countries.
   
   ...snip...

> I see a need for e-Centers in Africa, because if one link of the Global
> economy pipeline is unsecured, then the rest of the pipline is
> vulnerable. This calls for a collective solution.

   ...snip...

> As simple as this may sound to the members of this forum, about ten
> years ago, in the US, there had to be a Value Added Network (VAN)
> provider to handle the secured business transaction environment which
> later led to more companies handling their own data as the internet
> became more secure. There is a need for e-Centers in African Countries
> that will focus on the EC/EDI and Cyber-Security infrastructure. Some of
> the functions of the e-Centers will be and not limited to, 1) Education
> and Training, 2) Outreach and Technical Support 3) Technology
> Development that will address EDI. The continent of Africa can draw on
> existing expertise in the E-Commerce infrastructure industries, with
> special regard to the cultural environment. However, most of the time,
> due to the greed of some government officials in some countries or lack
> of understanding, they deal only with vendors that will sell them
> equipment and not a solution.

   ...snip...

> Along with the establishment of e-Centers, what any country in Africa
> will also need are Computer Security Incident Response Teams (CSIRT).
> The main role of a CSIRT is to create trust links between itself and its
> constituency, on one hand, and between itself and the other CSIRTs.

   ...snip...

> With the progressive development of networks and information systems in
> Africa, the continent needs to develop CSIRTs. Unless she does so,
> information systems in Africa will be an attractive choice for all the
> hackers in the world, because they will know they can use them and abuse
> them without any risk of being discovered.




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[hgrageda]

On Monday, September 27, 2004, Global Knowledge Dev. Moderator asked:

> 5) How can organizations in developing countries get certified in order
> to build trust among potential e-customers? Do certification agencies
> have a responsibility to support cyber-security in developing countries?

To which Femi Oyesanya replied:

> Organizations in developing Countries ought to adopt International
> Certification and accreditation standards. For example, ISO 11799.  The
> challege is finding qualified expertise to implement adoption of these
> standards.


My opinion:

I suppose Femi's suggestion could work for fairly established firms, but
it would simply raise the barriers to small e-business development. Why
don't we take the cue from empirical cases? Take eBay for example. While
there have been cases of grand abuses (e.g., the laptop sale scandal a
year or two back), it has remained a very popular site for incidental or
systematic e-businesspersons.

Trust is built by repeated transactions - and eBay aptly recognizes this
by appending the net positive feedback you have from previous
transaction partners (buyers and sellers) to the name you use on the
site. A first-timer at eBay would readily be viewed with suspicion. Many
sellers avoid this risk by declaring outright they will not transact
with anyone not having positive feedback. It becomes increasingly
important then to maintain a good reputation (i.e., net positive
feedback) to gain the trust of new buyers/sellers and maintain that of
previous ones. Your reputation becomes the de facto certification of
good business practice, and presumably, security.

>From this rudimentary - if naive - case, what is seemingly important for
developing countries are two things: 1) In lieu of harping on security
for each individual firm, it might be better to ensure security at the
marketplace - i.e., where transactions are conducted; and 2)  the
guarantee of security is not in keeping information closed, but rather,
transparent - open and accessible.




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Femi Oyesanya]

Organizations in developing Countries ought to adopt International
Certification and accreditation standards. For example, ISO 11799.  The
challege is finding qualified expertise to implement adoption of these
standards.

Femi Oyesanya


On Monday, September 27, 2004, Global Knowledge Dev. Moderator asked:

> 5) How can organizations in developing countries get certified in order
> to build trust among potential e-customers? Do certification agencies
> have a responsibility to support cyber-security in developing countries?




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Nihat Dincmen]

Dear GKD Members:

The thread is very rich in content and context and I would like to thank
all the participants and also take the chance to deliver my appreciation
to the Moderators.

Global E-commerce System + Developing Nations Adaptability to the System
+ NGOs that gather E-Commerce Businesses are realistic headlines; thus
the policy prescription will be critical for success and adaptability
and also the Leadership of Chief Information Officers (CIO's) in these
Countries will carry great responsibility and critical mission. As I
believe some members have already participated in the recent conference
on the Roles of CIO, this topic will gain greater importance in the near
future.

Credit Card Companies, I believe, will transform their business model
and will operate in Multi Access Portals; via Internet + Mobile
Telephony + Digital TV. Some examples are seen already; I would love to
share my prior experiences in one consultancy project that we have lead
for the convergence platform of the three parts of the Multi Access
Portal.

In addition, what will be the components of a Global E-Commerce System?

-  What will be the cluster definitions?

-  How about the SME concentration; should SME's be prioritized in the
implementation and adaptation to the future Global E-Commerce System?  

These are some questions that I wanted to bring to our attention.

Once again thank you GKD members and I look forward to contributing to
the development network.


Nihat Dincmen
World Wide Welcome Inc.
Founder
WWW Inc.
[EMAIL PROTECTED]



On Monday, September 27, 2004, "Global Knowledge Dev. Moderator" asked:

> 1) Who must take what steps to build global e-commerce systems? WTO?
> Donors? Transaction companies such as Paypal and Visa? Governments?
> Private firms?




This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Bogdan Manolea]

Dear GKD Members,

My name is Bogdan Manolea and I work as a Legal Adviser for RITI dot-Gov
(Romanian Information Technology Initiative), a 3-year project funded by
USAID - part of the dot-Com alliance, and implemented in Romania by
Internews.
See more about our project at 

I will try to answer part of these question, based on our expertise so
far.


On Monday, September 27, 2004, "Global Knowledge Dev. Moderator" asked:

> 1) Who must take what steps to build global e-commerce systems? WTO?
> Donors? Transaction companies such as Paypal and Visa? Governments?
> Private firms?

I would say that the transaction companies have very little interest to
expand their business in the developing countries. I know the experience
from Paypal that has been more than reluctant to expand in Romania (but
also in other SEE countries), even though a lot of businesses have shown
their interest in promoting their business model.

But let me mention that there are no "global e-commerce systems" yet
available. And this raises questions in the developing countries private
sector.

What system to adopt? A system based on credit-card processing? Can that
be a good solution, when the people in these countries do not have the
habit of buying with the credit-card and when the credit/debit cards
are used by 90% of the population to withdraw cash from ATMs ?

A system based on electronic money? Paypal has been a very successful
solution in US, but in Europe - even though there is an e-money
directive, the market has not been so eager to promote such systems
(except probably moneybookers.com)

If such global e-commerce systems could be set up by governments, with
involvement of the transaction companies and the major private firms -
then what a developing country will need is just clear conditions which
state what needs to be accomplished in order to access this system.


> 3) Within countries, who must take what measures to build cyber-security
> and trust among consumers? The government? NGOs? Businesses? Citizens?

If you are talking about cyber-security related to e-commerce the answer
should be: the businesses together with NGO's - or even e-commerce
businesses gathered in an NGO. However, in the developing countries with
a young private sector, the consumers trust more the system where the
government (the state) is involved. I wouldn't support a government-run
trusting system, but it could be an advantage if such a system could be
endorsed or supported by the state.


> 4) What solutions are working? Are there tools and techniques that have
> been effective and would be appropriate for developing countries?

I think that the trustmark system has not been developed and tested
enough in the developing countries. It could be a good solution to
create trust in e-commerce. Some newcomers in the credit card processing
system have tried to use the VISA and MasterCard names as a trustworthy
mark.


> 5) How can organizations in developing countries get certified in order
> to build trust among potential e-customers? Do certification agencies
> have a responsibility to support cyber-security in developing countries?

Usually, the companies are complaining that there are not (enough) local
certification agencies and therefore they need to go abroad and pay a
lot for a certification.

The Romanian Ministry of IT&C (see www.mcti.ro) has tried to back up
such a system for Home-banking and Internet-banking applications in
order to increase confidence - basically all the banks who have such
systems are required to have an independent IT security audit on their
product, based on which they receive a confirmation from MCTI. The
number of users of these application has increased, but it is still too
early to say if such a system is the best solution possible.


> 6) When countries are branded as "unsafe" for e-commerce, what can
> innocent companies do to rescue their own e-commerce efforts?

Unfortunately, Romania is one of countries that is on the black list on
some e-companies due to fraud problems.

The situation is causing problems for 2 categories:

- consumers that are not allowed to buy from international e-shops (e.g.
  amazon.com, godaddy, etc).
- companies that are trying to promote e-commerce applications in
  Romania face problems of mistrust not only from consumers, but also from
  the banks who refuse to implement such a system.

What can be done?

* first - to stop cybercrime and Internet frauds as much as possible.
Good legislation is just one step. Implementing that legislation is the
most difficult part though.
* second - to work on proving that secure solutions can be developed for
e-commerce. This a hard and long process, but it can be done. The banks
will be convinced sooner or later that e-commerce is a good business for
them, too. And the consumers will follow the banks. But that needs a lot
of time and effort involved.



Regards,

Bogdan Manolea
Legal Coordinator
RITI dot-Gov - Romanian Information Technology Initiative

Re: [GKD-DOTCOM] Cyber-Security and E-commerce

[Olu Olatidoye]

Dear Colleagues,
 
The following is my observation and comment on Cyber-Security and
E-Commerce. I will start with the extract from the Moderators' note of
last week and give some suggestions on the need for e-Centers in Africa.
The e-Center solution is based on the proven Electronic Commerce
Resource Centers (ECRC) framework with the proper infrastructure adapted
to the cultural environment in African countries.
  

On Monday, Sept. 20, 2004, Global Knowledge Dev. Moderator wrote:

> Although cyber-security is a global issue, organizations, governments
> and individuals in developed countries have a clear advantage in
> addressing such threats. They have easier access to information about
> new threats, as well as the means to counter them. They also have more
> resources available to prevent security violations.
> 
> In contrast, developing countries often lack the information and
> resources necessary to protect themselves. Many lack the infrastructure
> (both physical and legal) to prosecute cyber-crimes effectively, leaving
> their citizens vulnerable to fraud and exploitation. Furthermore,
> violations of cyber-security may be more damaging to developing
> Countries. For example, if a country is perceived (rightly or wrongly)
> as a source of online fraud, all companies in that country will have
> difficulty doing business globally.
 

I see a need for e-Centers in Africa, because if one link of the Global
economy pipeline is unsecured, then the rest of the pipline is
vulnerable. This calls for a collective solution.

How do you treat a malady whose root cause you do not know? How does a
country enforce a law on encryption or Public Key Initiative (PKI) when
they don't know the source or how it's architecture came about? I
believe we now have serious problems to address on cyber security, and
this is why we're raising some of the key questions in this forum. As we
all know, prevention is better than cure. Most of the present E-commerce
situations in some emerging markets in Africa are as a result of the
governments and the business communities putting the horse before the
cart. Without proper infrastructure in place that lays the foundation
for e-commerce the problem we are seeing today will persist. Problems
such as the '419' frauds in Africa are now compounded by improper use,
misguided e-commerce infrastructure, and inadequate planning of
information technologies.

In the US, the former President, Mr. Clinton initially mandated
executive branch agencies and departments to begin using Electronic
Commerce and Electronic Data Interchange (EC/EDI) in October 1993.
Subsequently, a Federal law was passed in October 1994, entitled the
Federal Acquisition Streamlining Act of 1994, which required the entire
Government to begin using EC/EDI. The Electronic Commerce Resource
Centers (ECRC) were formed as part of the early infrastructure that
prepared businesses to be able to transact business electronically.
Seventeen centers were created, well funded, and ran effectively for
over ten years. I was involved with the Atlanta Electronic Commerce
Resource Center (AECRC), which after the government funding, I continued
to direct the ECRC at Clark Atlanta Univeristy (CAU). Each of the
centers addressed some of the problems we are seeing today in the
developing countries, and the ECRC helped to influence the e-commerce
architecture, infrastructure and necessary legislation that affect the
'Virtual Enterprise'. The ECRC group only addressed the infrastructure
in US without much consideration for the Global Supply Chain because of
their mandate.

In 2001, I pointed out at one of the Global Knowledge Partnership (GKP)
annual meetings (March 22-23) in Geneva, the need to establish proper
E-Commerce infrastructure in Africa. In the recent past, some of the
countries in Africa jumped into addressing the telecommunication
infrastructure problems with no understanding of what it takes to
address the Virtual Enterprise that supports the 'Network Enabled
Business Practices' such as 1) Electronic Data Interchange, 2)
Integration of EDI and Internal Systems, 3) Technical Data Exchange, 4)
Distributed Collaborative Engineering, 5) Product/Process Data Driven
Manufacturing, 6) Outsourcing over the NII and 6) Virtual Enterprise. As
you can see from the E-Commerce continuum, most of what leads to the
full Virtual Enterprise infrastructure are lacking in the African
countries because the government and the business communities in these
countries need to understand  what it takes to put the infrastructure in
place - Not the shot gun approach that most of the countries are
embarking upon. Electronic Commerce combines communication technologies,
such as X.400 and EDI to provide the automated exchange of business
information.


What is Electronic Commerce?

Electronic Commerce (EC) is the paperless exchange of business
information using Electronic Data Interchange (EDI), Electronic Mail
(E-Mail), computer bulletin boards, FAX, Electron

[GKD-DOTCOM] Cyber-Security and E-commerce

[Global Knowledge Dev. Moderator]

  Cyber-Security and E-commerce

Cyber-security is essential to e-commerce. Businesses must establish
trust with their potential customers. Countries need to prevent
cyber-fraud that can cripple e-commerce activity. Yet developing
countries face special obstacles in their efforts to safeguard their
companies' e-commerce activities. Many lack a legal infrastructure that
can thwart digital crime. Yet these countries also have conditions that
foster cyber-crime: many people with sophisticated computer skills and
very low incomes, in an environment of expanding organized crime. The
financial lure of cyber-crime can outweigh that of legitimate
e-commerce. The challenge is particularly daunting for developing
countries that lack representation in international merchant and bankers
associations, and use accounting norms unlike those of the dominant
economic powers.

Clearly, developing countries need more effective approaches to address
this challenge. They need better communication with other countries, to
collaborate and move quickly when cyber-crime threatens. Countries
accused of poor cyber-security must establish their innocence or prove
they are taking the steps needed to ensure security. Everyone involved
in promoting e-commerce -- from businesses to the development community
-- must find effective means to build cyber-security so that e-commerce
can flourish.


Key questions:

1) Who must take what steps to build global e-commerce systems? WTO?
Donors? Transaction companies such as Paypal and Visa? Governments?
Private firms?

2) Are there examples of public-private partnerships that have increased
cyber-security?
 
3) Within countries, who must take what measures to build cyber-security
and trust among consumers? The government? NGOs? Businesses? Citizens?

4) What solutions are working? Are there tools and techniques that have
been effective and would be appropriate for developing countries?

5) How can organizations in developing countries get certified in order
to build trust among potential e-customers? Do certification agencies
have a responsibility to support cyber-security in developing countries?

6) When countries are branded as "unsafe" for e-commerce, what can
innocent companies do to rescue their own e-commerce efforts?





This DOT-COM Discussion is funded by the dot-ORG USAID Cooperative
Agreement, and hosted by GKD. http://www.dot-com-alliance.org provides
more information.
To post a message, send it to: <[EMAIL PROTECTED]>
To subscribe or unsubscribe, send a message to:
<[EMAIL PROTECTED]>. In the 1st line of the message type:
subscribe gkd OR type: unsubscribe gkd
For the GKD database, with past messages:
http://www.GKDknowledge.org