In today's competitive marketplace, service providers are constantly evaluating their businesses to see how they can offer new services, build customer loyalty and streamline their internal business processes. Under many circumstances, the solutions focus on just one part of the business. But there is something that service providers are actively pursuing that address es many of these areas: electronic commerce.

For service providers, e-commerce solutions are ideal for building stronger relationships with their customers to create loyalty and reduce churn. E-commerce can also improve business processes and reduce operating costs by converting paper-based processes into on-line transactions that can be faster, more accurate and traceable. Most important, e-commerce can help service providers transition from the "providing pipe" business model and offer value-added services to differentiate themselves in an increasingly competitive market.

Examples of potential e-commerce applications include using the Internet to support customer self-service activities such as account maintenance, ordering and provisioning, bill rendering and trouble reporting; using the Internet to procure both network and non-network equipment from suppliers; and supporting business trading communities as a value-added service.

Robust e-commerce solutions E-commerce is maturing to the point where it is no longer a limited trial or side project for companies. It has evolved beyond simply putting up a Web site with a listing of services offered; it's becoming an extension of service providers' existing systems that are in use every day.

Therefore, it is imperative that e-commerce applications have the reliability and security that service providers-and ultimately their customers-have come to expect from their existing systems. Furthermore, the new e-commerce solutions must interface with those existing systems. Because service providers will be using these systems to make crucial decisions to run their business based on the information coming out of the overall system, they need to trust these systems as much as they trust their existing ones.

Simply put, these solutions need to be robust-especially in applications where business and residential customers have direct access. Customers will view these as an extension of their existing service where they have come to expect close to 100% uptime, reliability and accuracy.

Consequently, for service providers, robust means the following:

Available, reliable and scalable. The system is up and running when required, including when scaled up to provide support for more applications and users.

Manageable and easy to maintain. The system includes provisioning, administration and monitoring capabilities and can be repaired without going off-line. Secure and support transactional integrity. The system protects sensitive information from unauthorized access and disclosure, ensures secure transmission and maintenance of data, and also ensures accuracy and completeness of information.

Transaction integrity and security are key factors when it comes to servicing customers and running a reliable e-commerce business. Reliable solutions need to handle security issues such as authorization and confidentiality. Without this, the validity of the transaction may be questioned, fraud might occur, and payments for certain transactions might be lost or diverted.

In addition, transactions must maintain integrity as well as be non-refutable, so a party cannot deny the origination of the transaction. In terms of transaction integrity, the proper controls need to be implemented to ensure that a transaction reaches the appropriate entities for processing and accounting.

For example, if a customer places an order for a second phone line through a Web-based e-commerce system, the order needs to be routed to the service provider's appropriate voice service order processing and service activation systems so the customer's order is fulfilled. Or, for a procurement system, controls need to be in place to ensure that the data in a supplier's catalog is properly maintained and updated.

Figure 1 shows a high-level view of an electronic procurement system that connects a company with one of its suppliers over the Internet. Auditors evaluating this system would ask questions regarding controls needed to ensure:

bullet Completeness and accuracy of input and update so that data doesn't get lost or corrupted.

bullet Timeliness of data so that orders are received in a prompt fashion.

bullet Database integrity for ensuring data is accurate and complete.

bullet Data processing accuracy for computer programs processing data.

bullet Data reasonability to ensure that a customer really didn't place 1 million orders.

bullet Data retention so that when the system goes down midway in processing a transaction, it isn't lost.

In Figure 1, the catalog is hosted on the buyer side. The seller may have direct access to the catalog system in order to update information. After the selling organization fulfills an order from the buyer, payment validation may be required. This requires payment gateways to credit card and other clearinghouses.

In addition, links to transport and logistic systems are included in electronic procurement solutions to ensure product delivery. Information about the transaction then needs to be sent to update both buyer and seller back-end systems, as well as the general ledger. Transaction data can then be transported to data warehouses or repositories, where mining and business intelligence tools can efficiently generate detailed activity reports.

Varied applications Service providers are in various stages of implementing e-commerce systems. Two examples of applications include customer self-service and electronic procurement.

Customer self-service. These solutions enable service providers to service both their business and residential customers on-line. Examples include order management, in which a customer can enter order information for a new service or change an existing service; bill rendering or payment, in which a customer can obtain information on current usage and pay a bill; and trouble management, under which a customer can enter information for a network trouble report or obtain information about a previously reported problem on-line.

On-line self-service solutions provide another channel to service customers, in addition to voice and interactive voice response, and can provide significant cost savings as well as aid in customer retention. Ideally, these services should integrate into the service provider's legacy environment for true automation (Figure 2).

Procurement solutions. Service providers would use this solution to streamline the purchase of both their network and non-network equipment. In the procurement scenario, the buying organization (the service provider) links to the catalogs of their sellers for network and non-network equipment. The service provider employee places an order and routes it internally through the organization for authorization. The order is then forwarded to the supplier and the item is sent. Besides lowering costs associated with purchasing, this solution gives the buyer better control over their asset information (Figure 3).

Offsetting managing risk Until the advent of e-commerce, business that was conducted electronically was typically conducted over a private, dedicated network that was established by two or more acknowledged business partners. These private networks were based on an overall contract between the parties that specified key protocols and transaction and dispute-resolution principles, so there were few unknowns and security wasn't a major issue. This led to large, costly, customized private networks.

Changes in standards and economics-and the fact that the Internet has a global reach-are driving businesses to use the public data infrastructure to conduct business. However, in the current environment, where security concerns threaten to inhibit the widespread proliferation and acceptance of e-commerce, companies engaging in e-commerce most likely will need to prove to their customers that they employ sound and secure business practices and controls.

The American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants addressed this issue by creating the WebTrust seal and considering other forms of systems assurance. By assessing e-commerce Web sites to assure that they meet AICPA- and CICA-defined criteria for transaction integrity and information protection, WebTrust hopes to break down the barriers to mainstream acceptance of e-commerce.

WebTrust places the risk of e-commerce into two categories: transaction integrity risks (where transactions are altered or deleted) and security/information protection (where information is not protected and unauthorized disclosure results). When businesses are dealing with unknown entities, Web Trust also points to a third category: business process risk, which refers to unsound business practices-for example, a company that does not fill the order, offer warranties or accept returns.

WebTrust is one of a family of forthcoming assurance products, several of which will impact e-commerce. The AICPA's emerging new system assurance products-System Assurance, System Reliability and others-are creating a framework for Web transactions and a standard methodology for analyzing and evaluating the key factors in proper business practices and controls. By deploying robust solutions that provide for security and transaction integrity, service providers will be well prepared to address the types of issues that might arise from current or potential customers or auditing organizations.

Preparing for the e-future The proliferation of the Internet as an e-commerce tool continues to be fast-paced and aggressive-and with it comes rapid innovation. Nobody wants to be left behind. That's why service providers want to do more than just make information available on-line to their potential customers; they want to make a sale. While e-commerce is the obvious solution, there is far more to "setting up" shop on the Internet than just creating an electronic storefront.

Business partners and end customers will require assurances that a service provider's e-commerce system is secure. In addition, supplier and customer organizations must have the appropriate controls for limiting access to authorized users, as well as to protect an organization's confidential information. Also, transaction integrity must hold up to the audit process so that critical information is not lost. Solutions that focus more on the catalog capabilities than the back-end issues may fall far short of meeting these requirements.

Successful service providers have always demanded security and transaction integrity from the systems that support their sales and procurement activities. There's no reason to expect that they would settle for anything less in the new world of e-commerce.