A few web sites of interest to Procurement Professionals that I have used or referenced in my presentations.

The only thing growing faster than electronic commerce is electronic fraud.
Here are some references and ideas to help you be prepared.
Obviously some of the articles are out of date, the old hyperlinks no longer work and information is more readily available from other sources.  I've left parts that might be of interest for people new to the profession who want to see the issues that affected us back in the day... when we used to have to use carbon paper to make copies and "press hard" was the most common footer on office forms.

index:  bball.gif (924 bytes) B2B E-Commerce  bball.gif (924 bytes)Computer Fraud & Scams(How to find out & who to report to) bball.gif (924 bytes)Computer Virus bball.gif (924 bytes)Computers & Internet  bball.gif (924 bytes)Security & Privacybball.gif (924 bytes)Articles bball.gif (924 bytes)Purchasing References (new page) bball.gif (924 bytes)EC References (new page) bball.gif (924 bytes)Mailing Lists

ID Theft Resources

  • FTC ID Theft Specialist 1-877-438-4338
  • National Consumer Credit Reporting Agencies 1-800-353-0809

Computer Fraud & Scams

AllWhoIs  Find out who really owns that web site.
Better Business Bureau
Computer Crime and Intellectual Property Section
US DOJ resources and information
Computer Security News Daily
Federal Trade Commission
FBI Fraud Center
Internet Fraud Watch
Internet Fraud Council
How to detect and remove ransomeware
(Alliance of business and government to promote information security) 
Know Fraud
National Fraud Center
Scam Busters
Urban Legends Reference Pages
A great place to explore all of those oddball warnings we receive
Yahoo Computer Virus Business News
Examples of email scams by  --- Michael Horowitz

bball.gif (924 bytes) Return to index



CERT Computer Security Coordination Center 
The big daddy of Internet Security and research
CERT Computer Virus Resources 
A very comprehensive list of information and links
Computer Associates Virus Encyclopedia 
Snopes Chain Letter information
E-HOAX ZDNet's resource for debunking hoaxes and myths. Check here before you forward any virus messages!
Microsoft AtHome Computer Security Information 
McAfee Online Virus Information Library
ShieldsUp Internet Connection Security for Windows Users by Steve Gibson, Gibson Research Corporation. A lot of good reading about Internet Security. (You'll have to click on the link from Gibson's home page) 
Surf the Internet Safely
Contains descriptions of email scams, spyware and viruses.
Symantec AntiVirus Research Center
Trend Micro Virus Encyclopedia

bball.gif (924 bytes) Return to index



AllWhois.com Find out who owns a web domain
Acronym Finder Can't figure out what an Acronym means, try this!
Altavista Search Engine
Electronic Frontier FoundationProtecting Rights in the Electronic frontier
Google Search Engine 
IRT Information and resources for web technology
Lockheed Martin On-call computer technical support 
The Langa List My favorite email newsletter about computer topics
Network Solutions Locate and register a Domain Name  
Supply Chain Link Resources and references for managing the supply chain
Newbie-U A great how to site for new users
Whatis.com Computer Terms Defined
Woody's Office Watch News, tips and information

bball.gif (924 bytes) Return to index


Security & Privacy Resources

CDT Guide to Online Privacy
CERT Coordination Center
Computer Security Resource Center
Counterpane Internet Security
Digital River - Secure Encrypted Software Distribution
Electronic Privacy Information Center
HDA's Internet Security Liability Coverage
Invincible Data Systems, Inc.: PGP (or Pretty Good Privacy)
Journal of Internet Security
N2H2 Internet Filtering
National Computer Security Association
Pacific First Computers
PenOp Home Page
Privacy Rights Clearinghouse
Private Express Secure Document Delivery
Security Space Internet security news and resources
Secured Electronic Transactions (SET)
The State Public Interest Research Groups
Firewall appliance

bball.gif (924 bytes) Return to index



Opt Out An informative discussion about a "parasite" software application by Gibson Research. 
The Online Con by Jeffrey Rothfeder
PC World, July 1999
A great review of Internet scams and fraud
Purchasing Cards and E-Commerce
by Mike Taylor, C.P.M, May 1999
by Mike Taylor, C.P.M., August 1999

bball.gif (924 bytes) Return to index


Purchasing Cards and E-Commerce
by Mike Taylor
reprint from NAPM Columbia Basin Newsletter May1999

Some thoughts on using Purchasing Cards for Internet Ordering.

Many people have been hesitant to allow use of company Purchasing cards for Internet ordering. The Internet tales of credit card theft, fraud and loss are not all wrong . There have been and still are problems with using credit cards on the Internet. However, also consider that there are also many problems using credit cards in person and on the telephone.

Do the benefits of using credit cards outweigh the risks? Obviously! We continue to use our credit cards a lot. Internet ordering is becoming a big business and there are many advantages to allowing a user to make the purchase while they are already on the Internet locating the source. Does that mean we can jump in and start using credit cards for Internet ordering without a worry? NO! Companies should have a healthy concern for Internet security and privacy risks. While caution is needed, I think there are ways to mitigate the risks and take advantage of this important tool. We can take steps to evaluate the issues, address concerns and train users. At a minimum we should provide information and training to employees before letting them use credit cards on the Internet. The worst mistake we can make is to assume that everyone will use common sense or read the fine print.

Here are a few topics for your training programs:


The biggest issue with credit cards on the Internet is not that someone will overhear you say your card number, but that someone will "overhear" your card number electronically. When you send a message via the Internet, many computer servers between you and the supplier touch and store the message. Strings of numbers that look like credit card numbers can be intercepted, downloaded and posted in newsgroups for everyone to use. The big risk is not just an interception of your card number, but of many hundreds or thousands of numbers from an Internet server or vendor's computer. Is this a real threat? Just ask one of the bigger Internet Service Providers (Netcom), who several years ago lost thousands of card numbers to a hacker. [Read a great book about Internet hacking: Take Down, the True Story of the Capture of Kevin Mitnick, ]

On the other hand, stop and think for a moment about what happens to your credit card information when placing a phone order. The highly-paid(?) telephone sales clerk enters your card number into a computer which may transmit it electronically to several locations for processing and storage. Once that company has your card number the risks are about the same between using the phone and using the Internet. The real trick is to avoid a problem between your computer and the sales company. 

You can mitigate this risk by only sending your credit card number when communicating with a "Secured" web site. Web sites can be configured to transmit and receive encrypted information using a Secured Socket Layer (SSL). SSL makes it much harder for anyone to intercept and decode information. If you are using a recent version of Netscape or Internet Explorer, your software will show you when the link is "secured" by displaying a message and an icon of an unbroken key or locked padlock. When the key or padlock is closed, the link is reasonably secure. When transmitting a credit card number using an SSL protected web site, the message is encoded so a criminal will have a much harder time stealing the number. 


In addition to credit card numbers, hackers and scam artists can use information about individuals and companies in many ways to cause problems and cost us money. Information collected about buyers by web sites is a valuable commodity that is often sold to the highest bidder. Junk email , free offers, un-ordered shipments, and telemarketing calls are some of the results of information leakage. Remember the old telephone scam that went something like this; "... your president Mr. X ordered a case of our super duper light bulbs and asked that I call you for the PO number...."

In more fraudulent cases, scam artists use their knowledge of company officials and ordering processes by attempting to collect for shipments that were never sent, sell cases of poor quality merchandise at inflated prices, leverage lower level employees into thinking that manager whatshisname had agreed to the request and worse. Tell someone your bank account and social security numbers and they can order credit cards in your name or apply for loans and leave you stuck with the bills. 

Whenever a web site asks for information about us, our company or our processes, we should ask several questions: 1) Why do they need the information? 2) What else could it be used for? 3) Do I trust this company to not disclose or sell the information? 4) Is the information business sensitive?  Before placing an order, signing up for a free drawing or responding to a survey, we should stop and think. Much of a buyer's "instinct" about what not to say has been learned the hard way during many years of hard knocks in the buying profession. First time "buyers" (credit card holders) on the Internet may not realize what they could be getting into.

We can mitigate this risk by making sure users deal with reputable and established companies. That the vendor web site has a clear and, complete privacy policy. (example: We don't distribute information about our customers to anyone.) Purchasing people should also share their experience and knowledge about possible scams and frauds with all employees who will be involved with Internet ordering.  


People who are not familiar with how the Internet works can easily assume that only large companies will have large and fancy web sites. NOT TRUE! In this medium, you can't judge the size and reputability of a company just by the appearance. It's not like comparing a store-front shop to a high-rise office building. Appearance means nothing. Twelve year old kids have large and fancy web sites. One-person sweatshops with many impressive pages of pictures and catalogs exist all-over the Internet. Hackers can borrow a company logo from a legitimate web site and create a look-alike Internet location that is nearly impossible to detect. In addition, web sites can exist anywhere in the world and look just the same as if they are next door.

How can we protect ourselves and make sure we are using a credible and reliable company? Check references. Notice details like lack of a street address or contact person on the web page [Maybe they don't want to be contacted or have a shipment returned]. Look for words or phrases that are out of place [ "Our circuit breakers are really gnarly"] Cross reference the company to other known sources of information like the Thomas Register or Dun and Bradstreet. People should also be reminded to review warranty and return policies. If the vendor doesn't clearly post it on the web site, then it may not exist. 


Liability for loss and fraud in one of the other issues that we should address in training users. What should they do when a card is lost or they suspect there is a problem. Give them clear direction, guidance and reporting requirements. Even if they only suspect there is a problem, timely action should be taken to investigate and protect your company's rights. What should they do if a strange charge shows up on the reconciliation report? What problems have other people had that should be shared with all users?

Speaking of protecting your company's rights; when the credit card agreement is first negotiated, we as buyers should make sure that liability for fraud or misuse is clearly addressed as part of the contract. Other issues to consider discussing with the credit card issuer include security of the files, records, help in investigating fraudulent vendors and assistance in training users.

bball.gif (924 bytes) Return to index



(c)  Mike Taylor, C.P.M, August 1999
reprint from NAPM Columbia Basin Newsletter

One of the big growth areas of Internet Commerce is Internet fraud. As more money is spent online, it attracts scam artists. Just as in the "paper" world, Internet fraud can take many forms. Pyramid schemes, bait-and-switch marketing, credit card fraud, shoddy merchandise, phony companies and more. Each fraud is made just a little easier because people are impressed by the bells and whistles of the multimedia Internet and forget the basics.

On the Internet, a company, which doesn't exist, can look legitimate, appear impressive and attract a lot of attention. Many twelve-year old kids can create web sites with logos, pictures and cute graphics that look every bit as good as those created by million-dollar corporations. Don't believe me? Try this:


As purchasing people know, the best way to protect yourself against a scam artist is by making sure that you are always dealing with an established and reputable company. Fortunately, the Internet makes the job of checking a company's credentials a lot easier. Unfortunately, the Internet also makes it much more important.

Here are a few ways to use the Internet to check on the authenticity of vendors.

1- Examine the web site carefully. Does it contain misspellings and grammar errors? Is there a street address? Is there a contact name and phone number? Is the area code in a different country or is it a "900" bill-by-the minute? If the web site looks like they donít want to be contacted, ask yourself why?

2- Check an on-line directory service to see if the company is listed and if the information matches the web site. Look in both the white page listings as well as the yellow or business pages. Try sites like www.bigbook.com or www.anywho.com . Watch out for look-alike names that arenít exactly the trademark. (Grunger Electronics, Ingersoll-Rind, etc.)

3- Check to see if the company has a Dun and Bradstreet number. www.dnb.com. Look for an icon that says, "check to see if my company already has a D&B number" www.dnb.com/dunsno/list.htm

4- Check to see if the company is listed by the small business administration. www.sba.gov

5- Search the web using several different search engines for the company name. For most well established companies you expect to find articles, community activities, technical papers, seminars or conferences, etc. You may even find some complaints, consumer protection notices or legal references. My favorites: www.altavista.com or www.dogpile.com

6- Check the Better Business Bureau web site for listings and comments about the company. www.bbb.com/

7- Take a look at one of the web sites devoted to competitive business intelligence. If you are working on a big deal, maybe a few ounces of prevention are worth the cost. Try this site: www.fuld.com/index.html. Also, check out the great business information link page at Fuld: www.fuld.com/i3/index.html

8- Send the company an email. Does anyone respond?

9- Call customer service. Is anyone at home?

10- Request references. A good company is usually happy to showcase satisfied customers and satisfied customers are usually happy to put in a good word for good vendors.

11- Check the web address of the company. Does it have a domain indicator for another country? If so, you may be talking to the wrong place, and/or a company that may be out of reach of domestic contract laws.

12- Is there a foreign company or foreign government involved in your transaction? Try this really fun link for information: www.odci.gov/cia/publications/pubs.html

All of these are ways to validate the identity of your new supplier and protect yourself against scam artists, but be careful. No search is foolproof. As we learned in purchasing 101; Caveat Emptor. Here's a different way to say it:

ďA century ago, P.T. Barnum said a sucker is born every minute.
On the Internet, that birthrate is a lot higher.Ē
Jeffrey Rothfeder,  PC World, July 1999

bball.gif (924 bytes) Return to index

MLTWEB is owned by Michael L. Taylor, C.P.M.  Mail:  
Materials prepared by Mike may be shared for supply chain education, provided that this source is credited and no fee is charged. The rights for any other use are withheld.
Copyright;  Michael L. Taylor, C.P.M.