Greetings,
Some methods you could use to minimise the security risk with encryption or
secure channels in B2B are
1/ Change the business model form POS with prices to contract with prices (
yearly 1 transactions ) and use delivery schedules/call ups/ JITs/POs
without prices. ( many transactions).
Send contracts with prices through a VAN :-) or by post..
Send delivery schedules by EDI with prices as per the contract.
2/ Set up a rebate structure ie we buy at $10 per item if we buy more then
10000 units per annum we receive a discount of 10 % so we get a price of $9.
Our competitors would be trying to beat our $10 price if they get a PO.
> -----Original Message-----
> From: Richard Druckenmiller [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, October 26, 2000 2:00 AM
> To: [EMAIL PROTECTED]
> Subject: Re: XML for EDI book: Any comments?
>
> I your example the opportunity cost lost by company B in sniffing your
> data would outweigh any savings they may receive from finding out what
> Company A's discounts are. Company B would have to have time, hire
> hacks and processing power - bottom line a waste of time and effort -
> there are better ways for company B to find a lower price. They will
> probably go to a competitor of yours who has no qualms of transacting
> commerce over the Internet.
>
> I repeat, avoiding EDI over the Internet because of security concerns is
> ridiculous.
>
> -RD
>
>
>
> "Williams, Ian" wrote:
> >
> > <snip>
> >
> > > Why do you care about someone else's purchase orders or
> > > invoices anyway? - it's a red herring. Avoiding EDI over the Internet
> > > because of security concerns is ridiculous.
> > >
> > > --
> > > Richard Druckenmiller
> > > [EMAIL PROTECTED]
> > >
> >
> > I disagree, it's not a red herring, it's a big nasty shark waiting in
> the wings to bite you due to the basic principle that 'information is
> power'.
> >
> > If company A and B buy goods from me but I give company A a massive
> discount, I don't particularly want company B to find out by sniffing
> around my invoices that I send insecurely over the internet and start
> applying even more price pressure on me.
> >
> > If I buy goods/services from supplier X and have negotiated a good
> discount with them, I don't necessarily want my customers or competitors
> finding out where I've sourced such a good deal or any special terms I've
> negotiated that may be on my orders that I send insecurely over the
> internet.
> >
> > This kind of sniffing may not be profitable at the moment but if
> 'everyone' started sending all their current paper transactions via the
> internet insecurely, you can bet your bottom dollar that a whole industry
> would spring up offering to tell you what your customers, suppliers and
> competitors are doing with other organisations.
> >
> > With the paper-based system we trust our national postal services not to
> pry and sell on information and physical envelopes have signs of
> tampering. With the internet we need to have a similar if not better
> feeling of confidence about the data we send to the outside world. Of
> course there will always be people/companies who are happy to either do
> things insecurely over the internet or to develop bespoke security
> solutions - that's their choice/risk. However, for this whole B2B
> e-commerce 'thing' to take off big-time we MUST have secure transmissions
> even for basic business transactions not just the high risk, high value
> financial transactions.
> >
> > I'm not being unrealistic about the level of protection for the data -
> it will always be possible to decrypt a file given enough time and
> computing power. It just has to be appropriate for that specific type of
> business transaction to make it not worth anyone's effort to decrypt it
> and, no doubt these 'appropriate' levels will increase over time.
> >
> > I repeat, internet security concerns are not red herrings.
> >
> > Kind Regards,
> >
> > Ian Williams
> > EDI Consultant
> > Email: [EMAIL PROTECTED]
> > Phone: +44 (0)1293 778364
> > "This email and any files transmitted with it are confidential and are
> intended solely for the use of the individual or entity to whom they are
> addressed. This communication represents the originator's personal views
> and opinions, which do not necessarily reflect those of Canada Maritime.
> If you are not the intended recipient or the person responsible for
> delivering the email to the intended recipient, be advised that you have
> received this email in error, and that any use, dissemination, forward,
> printing, or copying of this email is strictly prohibited. If you received
> this email in error, please immediately notify the Canada Maritime Help
> Desk on +44 (0) 1293 778225"
> >
> > =======================================================================
> > To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
> > To subscribe, mailto:[EMAIL PROTECTED]
> > To contact the list owner: mailto:[EMAIL PROTECTED]
> > Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
>
> --
> Richard Druckenmiller
> [EMAIL PROTECTED]
>
> =======================================================================
> To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
> To subscribe, mailto:[EMAIL PROTECTED]
> To contact the list owner: mailto:[EMAIL PROTECTED]
> Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
=======================================================================
To signoff the EDI-L list, mailto:[EMAIL PROTECTED]
To subscribe, mailto:[EMAIL PROTECTED]
To contact the list owner: mailto:[EMAIL PROTECTED]
Archives at http://www.mail-archive.com/edi-l%40listserv.ucop.edu/
