The distant and impersonal nature of the online environment and the implicit uncertainty of using a global open infrastructure for transactions have rendered risk as an inevitable element of e-commerce. Two forms of uncertainty are naturally present in online transactions, (a) behavioral uncertainty, and (b) environmental uncertainty. Also there are risks as technology-driven risks derived from the underlying infrastructure and relational risks resulting from the trading partner.
Behavioral uncertainty arises because Web retailers have the chance to behave in an opportunistic manner by taking advantage of the distant and impersonal nature of e-commerce and the government’s inability to adequately monitor all transactions. Examples of opportunistic behavior by Web retailers include product misrepresentation, false identity demonstration, denunciation of warranties, and outright fraud. Therefore, behavioral uncertainty primarily creates
- Economic risk because of the possibility of monetary losses.
- Personal risk because of potentially unsafe products.
- Seller performance risk because of imperfect monitoring.
- Privacy risk because of the opportunity to disclose private information.
On the other hand, environmental uncertainty mainly exists because of the unpredictable nature of the Internet technology that is beyond the full control of the Web retailer or the consumer. While retailers have an important influence on the security of the transaction medium through encryption, authentication, and firewalls, there is still a possibility for third parties to compromise the transaction process. Examples of environmental uncertainty include theft of credit card information, breach of private information, and stealing of personal information by hackers. Hence, environmental uncertainty mainly includes (i) economic risk and (ii) privacy risk.
When engaging in an online transaction process, consumers are rightfully alarmed about the different types of risks present. However, since risk is difficult to be captured as an objective reality, we have the notion of perceived risk, which is defined as the consumer’s subjective expectation of suffering a loss in pursuit of a desired outcome. Without loss of generality, the proposed forms of behavioral and environmental uncertainty should collectively behave since a consumer has certain overall expectations regarding the Web retailers’ behavior and their ability to protect critical information. Moreover, the risk increases from information sharing to product purchase.
Exposure Level
The exposures, ranging from obvious theft of data and service to more subtle risks, include:
--Information theft, the appropriation of data transmitted over computer networks or stored in networked computers. This could include credit card numbers, customer lists or marketing information that could be used by competitors.
--Malicious code, including computer viruses, "Trojan Horse" programs or computer software vandalism.
--Denial of service, or failure of transactional services that have been promised to customers. This risk includes slow down or failure of Internet servers during extremely high volume of interaction.
--Repudiation, or denial of service due to programming or network error. This risk is particularly high for companies that deal with price and time-sensitive transactions such as security dealing.
--Access violations or failure of computer security.
--Programming errors in software used to rate, store or transmit transactions. Programming errors in commercial software have created security breaches that allow unapproved access to information stored by financial programs.
--Social engineering, or various human activities to misuse trust to obtain access, passwords, services or other unapproved value from a computer system.
The exposure level can be calculated by examining the following elements of risk:
- Charge-backs – the risk of refunds on merchant account
- Forecast turnover figures – higher turnover can generate higher exposure
- Average transaction size – if one sells/buys very high value items (diamonds, cars) this will influence the risk analysis of his transaction
- Time from payment to order fulfillment – The longer it takes to dispatch goods to a customer, the greater the risk
- Length of trading record – a start-up company (with whom the customer is transacting) presents more risk than a well established business
- Business sector classification – different sectors have more or less risk associated with them (for example, CDs can be resold but a flight needs the purchaser to turn up in person)
Rating factors
- Average transaction value: this is the normal size of transactions that go through one’s electronic payment system.
- Transaction frequency: This determines what charge is suitable for the volume of transactions carried out; 100 x Rs. 10.00 transactions per month are very different from 10,000 x Rs. 30.00 transactions per month.
- Perceived security risk: As for example, in E-commerce, most providers (especially banks) will place one’s business into a security classification when assessing his application. Easy to resell items like CDs and footballs then might fall into a lower risk category than a business selling, say, holidays where the customer has to turn up to take the holiday.
- Exposure level: This reflects the perceived risk of refunds and fraud in one’s business.
Some of the internationally available products are as follows:
- Electronic Data Processing Insurance that extends beyond general business liability policies
- Specialized Network Security Insurance
- Media Liability Insurance
- Patent Infringement Insurance
- Computer Software and Services Errors & Omissions Insurance
- Product Liability Insurance
- Director's and Officer's Insurance
Among the e-Insurance products listed above, many view Director's & Officer's (D&O) coverage as a must for publicly traded dot.com companies exposed to allegations of SEC violations. When lawsuits alleging fiscal irresponsibility, mismanagement, violations of security laws, or other wrongful acts occur, corporations, directors, and officers may be at risk. D&O Insurance protects corporate assets, as well as the personal assets of directors and officers.
Experts also advise any company using the Internet to dispense professional advice or sell services or products to consider Computer Software and Services Errors & Omissions (E&O) Insurance. Those most in need are firms whose professional advice, services, or products, if flawed, could cause financial loss to the consumer.
International Products:
Some of the internationally available insurance products are
- Directors & Officers
- Employment Practices Liability
- Fiduciary
- Crime
- Miscellaneous E&O (Errors & Omissions)
- Cyber E&O Liability coverage.
Among the most common and costly e-risks facing the business community:
- (1) Business interruptions caused by hackers, cyber thieves, viruses, and internal saboteurs;
- (2) six-figure litigation costs and million-dollar settlements stemming from employees' inappropriate e-mail and Internet use;
- (3) Claims that products or services advertised on the Web fail to deliver;
- (4) Web-related copyright and trademark lawsuits; and
- (5) Patent infringement claims with defense costs averaging $1 million and judgments running into the hundreds of millions of dollars.
A new General insurance scheme /policy to cover e-risk
Being in e-business brings you a host of opportunities that just aren’t available to offliners, but it has its fair share of challenges too. Have you thought about the losses and liabilities that you could incur simply by being online?
Worrying figures from a DTI survey suggest otherwise. Less than eight per cent of e-businesses in the UK have any specific e-risk insurance. Professional indemnity insurance is notoriously difficult to secure, especially if you’re in a business with a strongly perceived element of risk.
A new product specialising in e-risk underwriting, has been specially developed for SMEs to close this gap.
Features
The policy is aimed at companies employing fewer than 30 people and it indemnifies businesses against losses and liability claims for up to £500,000. This policy will cost £950 a year and there’s an excess of £2,500.
Items that are covered include:
- Third party libel and slander claims due to email or website content
- Claims by employees on breaches of confidentiality
- Claims for your own losses from damages caused by computer viruses or hack attacks
- Legal expenses incurred in the enforcement of your intellectual property rights on the internet
David Walsh, managing director of Click for Cover says, "Fifty-six per cent of UK businesses are either not covered by any insurance policy for damage arising from IT security breaches – or do not know whether they are covered.”
Target group
Club Esurance has been designed to be affordable and simple for both SMEs and brokers to use. A number of business types will not be eligible for cover, including application service providers, broadcasters, internet e-marketplaces, domain name registrars, internet portals, internet search engines, internet service providers, internet hosts… the list goes on.
The premium to be charged
It should be about 25% more than the normal premium given that there will not be too many policy holders giving rise to a higher risk.
Profit margin etc
Given high usage and low costs along with extra premium the profit margin would be great.