“…A number of studies (e.g., Aldridge, et al, 1997;Bhimani, 1996;Furnell and Karweni, 1999;Gefen, 2000;Ratnasingham, 1998) have discussed the basic securitycontrol requirements in risky technologies which may be divided into five categories, namely: authentication (communicating or transacting parties are who they claim to be), non-repudiation (neither of the party should be able to deny having participated in a transaction after the fact), confidentiality (warrants all communication between trading parties to be restricted to parties involved in transaction), privacy protection (ensures that personal information about customers collected from their electronic transactions is protected from disclosure without permission) and data integrity (data under transmission is not created, intercepted, modified or deleted illicitly). These requirements are accomplished by various technologies, such as encryption, third-party certificates, digital signatures, and compliance with privacy policy (Aldridge, et al, 1997;Garfield and McKeown, 1997;Ratnasingham, 1998).…”