Call Now

Get The App


Risks and Controls

Risk is possibility of loss can be intentional or un-intentional.Risks associated with e- commerce transactions are high compared to general internet activities.


Risk includes the following:

  • Problem of anonymity:There is need to identify and authenticate users in the virtual global market where anyone can sell to or buy from anyone.
  • Repudiation of contract: There is possibility that the electronic transaction  in  the form of contract, sale order or purchase by the trading partner or customer maybe denied.
  • Lack of authenticity of transactions: The electronic documents that are produced during an e-Commerce transaction may not be authentic and reliable.
  • Non-recognitionofelectronic transactions: e-Commerce transactions, as electronic records and digital signatures may not be recognized as evidence in courts of law.
  • Quality issues: There are quality issues raised by customers as the original product differs from the one that was ordered.
  • Problem of piracy: Intellectual property may not be adequately protected when such property is transacted through e-Commerce.
  • Delay in goods and Hidden Costs: When goods are ordered from another country,  there are hidden costs enforced by Companies.
  • Needs Access to internet and lack of personal touch: The e commerce requires an internet connection which is extra expensive and lacks personal touch.
  • Infrastructure: Not only digital network, There is a need of other infrastructure like roads and railways are required for faster delivery.
  • Denial of Service: Service to customers may be denied due to non- availability of


system as it may be affected by viruses etc.

  • Lack of audit trails: Audit trails in e-Commerce system may be lacking and the logs  may be incomplete.
  • Data Loss or theft or duplication: The data transmitted over the  Internet  may  be  lost, duplicated, tampered with.
  • Security and credit card issues: There is cloning possible of credit cards and debit  cards which poses a security threat.
  • Attack from hackers: Web servers used for e-Commerce maybe  vulnerable  to  hackers.
  • Privacy and Security: Issues of security, hacking and security concerns.



  • Internal control, as defined in accounting and auditing, is a process for assuringachievement of an organization’s objectives in operational effectivenessand efficiency, reliable financial reporting, and compliance with laws, regulations and policies.
  • For example:
    • Company may have a policy to force employees to change their passwords every 30 days.
    • A CA firm may not allow office staff access to social sites during office hours.



  • User
  • E-commerce vendors
  • Technology Infrastructure
  • Internet/ Network
  • Web Portal
  • Payment Gateway


In an e-business environment, controls are necessary for all persons in the chain, including-

  • Users: This is important to ensure that the genuine user isusing the e-commerce/ m- commerce platform. There is risk if user accounts are hacked and hackers  buy products / services.
  • Sellers / Buyers / Merchants:  Many e-commerce businesses have lost huge amount  of moneyas they did not have proper controls put in place.
  • Government: Governments across the world and in India have few critical concerns vis-à-vis electronic transactions, namely:
    • Tax accountingof all products / services sold.
    • All products / services sold are legal. There have been instances where narcotics drugs have found to be sold and bought through electronic means.
  • Network Service Providers: They need to ensure availability and security of network.Any downtime of network can be disastrous for business.
  • Technology Service Providers: These include all other service providerother than



network service provider, for example, cloud computing back-ends, applications back-endsand like.

  • Logistics Service Providers: Logistics service providers are the ones who are finally responsible for timely product deliveries.
  • Payment Gateways: E-commerce vendors’ business shall run only  when  their payment gateways are efficient, effective and foolproof.


Each participantneeds to put in placepolicies, practices and procedures to protect from e-com/ m-comrelated risks.

These will include the following:

·Educating the participant about the nature of risks.

  • Every participant needs to be educated / sensitized towards risk associatedwith such transactions.
  • Organizations need to put in place infrastructure / policy guidelinesfor the same.

These policies may include the following:

  • Frequency andnatureof education programs.
  • The participants for such program.

For example: All bank in India, allowing on line payments put ads on their website “Dos and Don’ts for online payments

  • Communication of organizational policies to its customers: To avoid customer dissatisfaction and disputes, it is necessary to make the following information clear throughout your website:
  • Privacy Policies: These should be available through links on website.
  • Information security: Create a page that educates customersabout any security practices and controls.
  • Shipping and billing policies: These should be clear, comprehensive and availablethrough a link on the home page during online purchase.
  • Refund policies: Establish and display a clear, concise statement of a customer’s refundand credit policy.

·Protect your e-Commerce business from intrusion.

  • Viruses: Check your website for viruses daily
  • Hackers: Use software to regularly assess the vulnerability of your website.
  • Passwords: Ensure regular change of passwordsand IDs of former employees are deactivated.
  • Regular software updates: Your site should always be up to date  with  the  newest versions of security software.
  • Sensitive data: Consider encrypting financial informationand other confidential data (using encryption software).

·Ensure Compliance with Industry Body Standards.

–  All e-Commerce organizations are required to  be  complying with and adhere to  the rules outlined by the law of land. In India RBI, has been releasing these standards from time to time.

Explore All Chapters