Definition of E-commerce
E-commerce is the electronic exchange of commercial information between business to business (B2B) or between business to customers (B2C). The exchange includes commercial information sent via email and websites, and also information sent through traditional communication channels such as Value Added Networks (VANs).
Limitations of Traditional E-commerce: VAN-based EDI
Electronic Data Interchange (EDI) refers to the exchange of electronic business data, such as purchase orders and invoices, between computer applications. A goal of the exchange is to eliminate paper and human intervention. EDI requires a network connection between two trading partners exchanging business documentation. Traditionally, this connection has required a dedicated leased line or a dialup connection to a VAN. Through standardization, EDI allows all suppliers and their trading partners to link their computing infrastructures without worrying about the differences in their respective organizations and technology system architectures.
EDI has resulted in significant competitive advantages and benefits to its users, including lower costs, better responsiveness to customers, improved distribution and production channel management, reduced cycle times, better access to transaction status and reduced payment cycles. However, EDI exists only in situations where trading partners send and receive large numbers of EDI documents on a regular basis, with enough volume to justify the substantial costs associated with establishing a dedicated VAN system. Such large users have been prevented from doing business electronically with smaller companies that cannot afford EDI. For many small and mid-sized companies, the necessary investments in EDI hardware and software and monthly VAN connection fees make EDI cost-prohibitive.
Limitations of Manual Ordering Processes
To overcome these shortcomings, large and small organizations are being forced to utilize manual ordering processes for some of their customers, in a manner very similar to the way smaller firms conduct business. The average cost to process a document in a manual environment ranges anywhere from U.S.$50 to U.S.$75. These costs include labor, materials and estimates for the inherent flaws that exist in manual ordering processes such as:                Possibility of losing the order itself;        Possibility of re-keying errors;        Delivery delays due to slower processes;        Inability of customer to check order status;        Inability of customer to check shipment accuracy; and        Inability of customer at time of order to determine price changes, obsolete inventory status and product availability.Limitations of HTML-based Internet Ordering Processes        
Much of the information required for e-commerce is already resident on the Web as it is by far the largest repository of information in the world. However, much of this information is maintained in hypertext mark-up language, or HTML documents.
HTML, due to its inherent ability to hyperlink, is the essential technology that launched the Web. Although HTML has many advantages for the user, it also has many limitations, the most significant of these being that there is no standard mechanism to describe data maintained in HTML. Consequently, users or computer applications do not have a structured way to query and manipulate the data contained in HTML documents.
Orders may be received electronically via the Internet but because they are received as “structure-less” documents, orders must be manually re-keyed into legacy systems for further processing and fulfillment.
Eliminating the E-commerce Bottleneck
Today, EDI is primarily used by large organizations dealing with other large organizations. Any business entity that wishes to conduct business with smaller clients must utilize other ordering methods. The Internet does not yet represent the perfect solution because it does not enable orders to be automatically processed by legacy systems due to the shortcomings of HTML.
Procuring Goods Requiring a Verifiable Chain of Custody
In contrast to many goods, the possession and distribution of narcotics, controlled drugs and substances are controlled in the public interest typically to prevent misuse or abuse. The purchase and sale of such goods among, for example, manufacturer, licensed dealer, value-added supplier and pharmacist or other qualified practitioner is typically regulated to facilitate secure ordering and accountability. In Canada, the industry is federally controlled by the Minister of National Health and the Health Protection Branch of Health Canada. In the United States, federal regulation is primarily the responsibility of the Drug Enforcement Agency (DEA).
The central issue with respect to an ordering system for narcotics, controlled drugs and substances is the prevention of diversion and loss. The historical regulatory framework for ordering and delivering of such substances mandates a “chain of custody” approach in a paper environment for authentication and verification. At all times, the controlled goods are considered to be the responsibility of the qualified person who has last signed for the goods at the time of a change in custody. For example, in order that a licensed dealer may fill an order for a narcotic, controlled drug or controlled substance from a pharmacist, it is the responsibility of the licensed dealer to authenticate the person to whom the goods are being transferred. The licensed dealer must also verify that the person has ordered the particular goods in the particular quantity to be transferred. It is further a necessity for the licensed dealer to ensure, upon delivery, that the person making the order acknowledges its receipt in a timely manner.
By means of signed and dated written orders and receipts, as well as record retention, licensed dealers may supply and pharmacists and other practitioners may receive narcotics, controlled drugs and substances.
It is desirable to facilitate electronic procurement of such goods over a communications network such as the Internet to take advantage of efficiencies achieved with e-commerce, particularly EDI systems, as previously discussed. A proposed electronic system must provide levels of assurance at least as effective as that offered by current primarily paper-based systems. Such an electronic ordering system should comply with any applicable regulatory requirements.
Ideally, an electronic ordering system must provide means to authenticate and verify orders and be limited to use for electronic ordering only by qualified persons (e.g. pharmacists). The electronic ordering system must provide an equivalent to a “signed receipt” confirming receipt of the drugs ordered and the system must be able to produce reports for audit purposes.
A threat risk assessment of the electronic system is also recommended. The assessment may be carried out in accordance with Guide to Threat Risk Assessment for Information Technology, November 1994 from the Royal Canadian Mounted Police. The Threat Risk Assessment must address the following areas:                User Security:                    Due diligence process to validate identity of pharmacist;            Authentication of the ownership of digital certificate;            Safeguarding the validity of personal identification codes;            Safeguard against loss of personal identification codes.                        System Security:                    Protection of private encryption keys;            Safeguards against tampering with (ship-to address, amounts shipped);            Confirmation of receipt of order.                        Database Security:                    Security of internal system database against tampering.                        Encryption and Backup:                    Methods used and reliability;            Certification Authority.                        Physical Security:                    Web Server—source code security and redundancy.                        Network (Internet) Security:                    Safeguards against unauthorized user access.                        
One example of an e-commerce system for processing business transactions is disclosed in U.S. Pat. No. 5,970,475 for an Electronic Procurement System and Method for Trading Partners issued Oct. 19, 1999 of Barnes et al. The patent discloses a plurality of users within a trading organization to procure goods or services from pre-determined suppliers. Each user is assigned a level of authorization by an administrator at the organization that limits the nature of the goods/services that may be ordered. The system also allows for automated payments from a financial institution upon delivery. The system does not address the particular requirements for procuring goods requiring a chain of custody such as narcotics or other controlled substances. There is no concern in Barnes et al. for diversion or loss of goods ordered.