KnowledgeLeader Blog

    What is Transaction Authenticity?

    Posted by Protiviti KnowledgeLeader on Thu, Feb 15, 2018 @ 03:57 PM

    ""What is Transaction Authenticity?

    Transaction authenticity can be defined as the authentication of a party’s (individual, organization) identity, to ensure that pending transactions and contractual agreements are legal and enforceable.

    To effectively define transaction authenticity, we must establish the meaning of a transaction and then define what constitutes authenticity. In general, a transaction is the transfer or exchange of items, goods or services between a business and its consumers. There are various types of transactions that occur and are performed by organizations and individuals on a daily, weekly and monthly basis. One common transaction involves the sale or purchase of a particular item.

    Another common transaction is an agreement entered into by two or more parties. Traditionally, these types of activities regularly occurred via physical encounters and the exchange of material goods. Electronic transactions are slightly different. Given parties have little or no physical contact with one another. When exchanging goods, services or information electronically, parties involved in the process are often unaware and lack significant knowledge of others.

    To enforce and ensure the validity of transactions, the parties involved must be clearly identifiable and accountable. In-person transactions will continue to occur with reasonable certainty. Entering into a legal contract with another party through face-to-face meetings, along with signed paper documents affirming who they are, also provides reasonable certainty that an individual’s identity is authentic. However, the identity of involved parties in electronic transactions may be unclear, especially as we have defined a transaction as the electronic transmission of data and/or information between a business and its consumers or another business. With information being sent electronically, it is much more difficult to verify and establish the identity of another individual or organization.

    When transferring contract information over the internet, it is difficult for one party to verify the authenticity of the other party’s data. When issues arise related to an electronic transaction, the parties may argue the legality of the agreement. An individual or organization may attribute that particular agreement to a specific party, rather than an imposter using the party's name.

    For example, after making an online deal with “Bob,” “Alice” tries to deny that she was a party to the agreement because it has become unprofitable. “Bob” can block “Alice” from getting out of the bad deal by providing enough evidence to convince a judge, jury or another third party that “Alice’s” denial of the document is false.

    In today’s economy, there is a heavy reliance on and need for online transactions by organizations. Businesses and consumers routinely transmit sensitive and confidential messages (commercial transactions, personal records and contracts) over public networks. With such transactions occurring on a daily basis, the importance of validating, verifying and authenticating a party’s identity and information when performing electronic transactions is crucial. To effectively prove and tie a party’s identity to a particular online transaction or agreement, a methodology and framework that will minimize transaction authenticity risk must be implemented. There are many authentication methods that may be used by an individual or organization to mitigate that risk.

    It is important for organizations to implement an effective security framework to ensure that transactions are authentic. Without one, the end result could be significant losses in revenue and profit, which could be devastating to an organization. It is therefore a leading practice to ensure the authenticity of transactions through leading technology and gain the following:

    • Increased confidentiality in communication, ensuring that messages are read only by authorized recipients.
    • Better assurance regarding the authenticity of the sender's identity.
    • Greater integrity of the message, ensuring that it has not been modified in transit or replaced by a false message.
    • Stronger "non-repudiation," that is, protection against the possibility that the sender can deny sending the message.

     

    To learn more about risks related to transaction authority, view our Transaction Authority Risk Key Performance Indicators (KPIs) tool.

    You might also find these other documents useful in your research:

    Topics: IT Audit, IT Infrastructure, Cloud Computing, IT Risk, IT Controls, Performance Management/Measurement

    Add a Comment:

    About KnowledgeLeader

    KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.

    With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.

    For more information:

     Tour the Site

    Recent Posts

    Posts by Topic

    see all