Journal of Internet Security

[Home] [Current Edition] [Compendium] [Forum] [Web Archive]
[Email Archive] [Guestbook] [Subscribe] [Advertising Rates] Icon

Implicit Trust Levels in EDI Security

By Ms Pauline Ratnasingham
Department of Information Systems, University of Melbourne, Australia.
E-mail: paura@studentmail.dis.unimelb.edu.au

Abstract

The article builds on a model of evolution of technology in electronic commerce and trust relating to EDI. Trust is an important antecedent for successful business relationships, in particular for EDI trading partners where trust was found to be implicit. Trust was seen in pre-contractual agreements and trading procedures. Furthermore, EDI trading partners are screened before selected, and are based on their previous engagements, reputation and past experiences. Findings of a pilot case study indicate that level of a trading partner�s trust in EDI risk assessment is medium to high as control mechanisms were implemented before trading.

Key words: Electronic-Data-Interchange (EDI), Value-Added-Networks (VANs), trading partner trust.

Introduction

EDI is the movement of standard structured data of computer applications from different locations. This article aims to report that trust in EDI is implicit. Three components make up the EDI software. They include: document mapping, data translation and communications. Document mapping links messages sent by trading partners via third-party network called Value-Added-Networks (VANs). These networks come with equipment needed to communicate electronically and contain value added services such as; EDI translation standard, international connections, and connection to other third party networks.

The Human-Centered Architecture in EDI

EDI unlike other types of information technology innovations cannot be adopted and used unilaterally. Hence organizations motivated to implement EDI must find trading partners to form strategic alliances via cooperative arrangements. EDI demands cooperation and commitment from its trading partners in order to increase the level of confidence. Confidence in the trading partner cooperation is the perceived level of certainty that a trading partner will pursue mutually compatible interests in the alliance, rather than opportunistically.

Evolution of Trust and the stages of its Development

According to Lewicki and Bunker (1996), trust develops in stages over a period of time, with deterrence-based being the first and identification based as the last stage having the highest trust. Further the development of trust is the same for all types of relationships whether, romantic, manager-employee, or among peers and trading partners engaged in electronic commerce. Trust is an important antecedent in EDI, as procedural changes may introduce certain vulnerabilities.

Levels of Trust (1,2,3)

(3) Stable Identification-based trust (few relationships)

(2) Stable Knowledge-based trust (many relationships)

(1) Stable Deterrence/Calculus-based trust � (some relationships)

Time

Figure 1

The Stages of Trust Development (adopted from Shapiro, D; Sheppard, B.H and Cheraskin, L., 1992).

Types of Trust

There are three forms of trust, and one form of trust leads to another form of trust.

1. Deterrence-based trust is where trading partners (suppliers) do what they say they will do because of a fear of punishment (cancellation of contracts), if they do not perform consistently. The threat of punishment is seen as a negative factor, whereas in calculus based trust the achievement of a reward is seen as a positive factor.

2. Knowledge-based trust: is linked to knowledge of the other trading partner (that is the trustee), which allows the trustor to understand and predict the behavior of the trustee. The key factor at this level of trust is the information derived out of a relationship over time that allows one trading partner to predict the behavior of another trading partner.

3. Identification-based trust: is based on empathy and common values with the other trading partner�s desires and intentions to the point that one trading partner is able to act on or as an agent for the other with the evolution of time. Identification based trust tend to revolve around a common task rather than based on the individual cues from trading partners such as standard processes in EDI

Studies that followed the trust model later suggested that the first stage (deterrence based trust) links willingness to trust to the belief, that there is a credible threat of punishment for failure to cooperate. The second stage (knowledge-based trust) is when trading partner�s dispositions are well known, that their behavior can be reliably predicted. Again this model is consistent with rational choice motivations. The third stage (identification-based trust) occur when trading partners have taken on the needs and desires of other trading partners as their personal goals and acted in ways to consider joint gains.

Pilot Case Study

Findings of an initial pilot case study within an EDI automotive industry revealed that trust relationships among their trading partners was crucial in their risk assessment process. Further, previous research highlights that control mechanisms have an impact on trust levels.

The study took place in a number of stages. Firstly, existing documents relating to EDI risk assessment process was analyzed (audit report, internal security policy). Then a semi-structured questionnaire relating to trust, EDI perceived risks and controls was used during a number of interview sessions. As the questions consisted of both open and closed type questions, the interviews at times led to informal discussions. Hence, qualitative rich data was collected and this helped to form causal links between security and trust in EDI. The findings indicated that as trust levels increase the amount of risks and controls decrease. Further, most of the risks identified were business risks relating to timely delivery of goods (non-delivery and delayed delivery), and confidentiality of the messages, rather than security risks relating to the technology.

EDI, once implemented requires minimal change as, message syntax, procedures for conflict resolution, trading processes are all pre-arranged. Trading partner agreement, VAN agreement, EDICA Code of Practice (EDICA, 1990, 1991), EDI standards (ANSI X12, EDIFACT), internal policies and procedures and legal agreements serve to provide initial trading arrangements. These contracts serve as a framework, from which cooperation between trading partners proceed and open up to the possibility of new inter-organizational cooperative agreements.

High trust was seen in the anticipated behavior of a trading partner and the extent where trading partner conforms to the expectations of the other, for example, delivering goods on time at the right place. Hence, there is a reciprocal relationship between consistency (repeated ties) and trust, which gave evidence to the prospect of continuity in a relationship that took place by renewing contracts.

In fact most EDI organizations do not undertake a regular audit check due to the following factors:

They are willing to depend on their trading partners, (suppliers) as they are cooperative and committed.

Their suppliers are monitored by means of a performance quality check list.

They have been trading with their trading partners for many years (more than 10 years).

Their trading partners are large reputable Australian organizations.

Their trading partners share similar strategic goals and are within the same industry-sector.

The frequency and consistency of communication is high (that is they do not rely on EDI as their only means of communicating). Telephone, fax and email were also used in addition to EDI, for confirming orders and solving discrepancies. In short, immediate action will be taken if a discrepancy occurs. Further, trading partners meet regularly (at least once a month) to discuss any trading procedures as it is in their best interest.

The Material Requirements Schedule consisting the quantity to order, type of delivery, and the Advance Shipping Notice showing time, and date of delivery are all prepared twelve months in advance. It is highly crucial and significant that motor vehicle parts get delivered on time in order for the car assembly line to undertake an ongoing production smoothly.

Positive trust in EDI is seen as consistency and assurance between what a trading partner says and actually does. It implies that the trading partners are dependable and follow their promises, thus developing high levels of cooperation which in turn reinforce trust.

Importance and Benefits of Trust in EDI

A number of efficiency benefits that follow from trust in cooperative relationships include being:

able to draft detailed contracts (such as the trading partner agreement) that can be costly and time consuming if done formally,

able to expand the realm of feasible alliances and allow trading partners to enter into partnerships that may otherwise have been deemed impossible even with detailed equity contracts; and

able to reduce transaction costs.

Further, trust increases confidence and security in a business relationship, promotes open substantive and influential information exchange, assists in managing uncertainties, and ensures further opportunities for coordination and cooperation among trading partners.

Conclusion

EDI security must be planned, engineered, and monitored from design to implementation stages. Hence, the impact of EDI risks and its influence on trust are vital when considering the business continuity of EDI organizations. There are a number of ways for EDI organization to achieve high levels of trust among their trading partners. They include:

Implementing a legal document with reference to the detailed level processes in EDI that must be made acceptable in court,

Conforming to EDI message standards,

Using authentication security (cryptography),

Having a help desk support, and

Implementing features to reduce the likelihood of duplicate payments.

Therefore, trust is seen important not only in interpersonal relationships but also in inter-organizational relationships such as EDI, and we can conclude from this study that the level of trust in EDI is medium to high. Future research on an extensive scale via a survey is required in order to confirm this generalization. Alternatively, a low level of trust not only will discourage the formation of a strategic alliance but will also lead trading partners to view each other with suspicion and obvious deleterious effects in their working relationships. Therefore, uptake of business to business electronic commerce via Internet web-based systems must encourage positive trust among trading partners.