V.2.2.2 Digital Certificate

The study result reports that only one (1) among six (6) assessed institutions has a certificate server installed. This means that in most of these banks, electronic transactions are not signed. This implies high risk of data falsification and transaction repudiation because the integrity of data can't be guaranteed.

Commercial banks in DRC must implement digital certificate infrastructure to ensure electronic transactions to be signed digitally to enforce their integrity.

V.2.2.3 Antivirus

All the assessed IT systems have antivirus software installed and managed to clean and fix all virus infection.

V.2.2.4 Authentication and Authorization

The study result reveals existence of authentication and authorization facilities in all the assessed companies. However the physical access control to the computers systems hosting very sensitive data need to be addressed.

V.2.2.5 Contingency plan

E-payment systems, by their nature, must be accessible and available any time. Their availability is one of the sine qua non conditions for an effective use in e-commerce transaction.

Despite the fact that backup facilities exist for data and power source, there is no written plan for business continuity. So in case of failure, the e-payment systems can't be recovered in acceptable delay.

To illustrate this argument, during our research, one of the mobile company assessed experienced a fire incident at one of its data center and the m-payment system was affected during a period of five (5) days.

The availability of the e-payment system requires commercial banks and mobile operators offering m-payment services to implement contingency plan to improve the system recovery.

To answer to the main research question, from the conclusions given above, it appears that the security of e-payment systems, according the CIA concept used for this study, is yet to be implemented. However, the two main fields of improvement are the integrity which is to be enforced by the implementation of certificate servers and the availability which must be sustained by a development of business contingency plans to guarantee a quick recovery of the system in case of failure.

Page | 52

V.3. Recommendations

The main objective of this research was to investigate the security of e-payment systems in the Democratic republic of Congo (DRC) to assess their readiness for an effective development of e-commerce.

The security concept of the information system being wide, the study focused on three major concepts; confidentiality, integrity and availability.

In order to contribute really on the development of e-commerce, commercial banks are recommended the following points:

1. The top management has to make sure that security plan is developed in the bank regarding the e-payment system mostly to ensure that e-payment system guarantee confidentiality, integrity of electronic transactions, and availability of the e-payment system to allow its effective use in e-commerce transaction.

2. The top management has to integrate the security of the information system among the priority of their future IT infrastructure.

3. The e-commerce development will bring new business opportunity for the banks and e-payment system is one of the strategic components to ensure a competitive advantage in the sector. Therefore, plan must be developed to anticipate the growth of this business in short term. Therefore, improvement of security of e-payment system must be addressed as a priority action.

4. E-payment systems must be developed with the aim to reduce and fight against the main issues faced by the e-payment systems reported in this study such as fraud, theft, unavailability and disclosure of sensitive information.

V.4. Page | 53

Areas for further research

There are still many areas to cover in the field of the security of the e-payment systems which can interest researchers such as identity management, development of security policies and procedures, regulation of the electronic transactions.

However, this study illustrated some other capabilities to develop for an effective e-commerce development in the country. Among these capabilities, support services for e-commerce such as order fulfillment, logistics, and the development of the security systems are other areas of interest for further studies.

This study has a merit of being among the first in the country because the e-commerce development is yet in its inception phase. It will be therefore subject to criticism for improvements to ensure that existing e-payment systems be leveraged for an effective development of e-commerce in the country.

V.5. Study limitations

The conclusion and recommendations of this study are to be considered within the specific limitations and conditions under which the research has been conducted such as sample of informants, data collection method and the data analysis.

The seizing of the sample took into account only commercial banks and mobile operator companies offering e-payment services in Kinshasa, capital city of the DRC. The low response rate for this research is to be considered also among the limitations from the conclusion drowned for this study.

The responses received are related to the data collection method used and the kind of questions used for the assessment. This study used closed-end questions built from the check list provided by ISO 27001 frameworks. Not all the check lists have been used for this research but only few of them considered as more relevant for the CIA security concept used in this study.

The study uses the quantitative analysis method based on the likert scale data collected through the questionnaire. According to the research question, the research uses two mains statistical analysis tools such as means and mode to assess the security capabilities observed. The limitations of this method with such kind of assessment based on checklist are that correlation or regression analysis can't be done because conclusions are directly linked to scores corresponding to likert scales.

Page | 54

6: References and bibliography

Abhay N. Mishra and Ritu Agarwal (2010). Technological Frames organizational capabilities, and IT use: An empirical investigation of electronic procurement. Information System Research, Vol 21 No 2, pp 249-270

Anthony Tarantino (2008). Governance, risk, and Compliance Handbook: Technology, Finance, environmental and international guidance and best practices. Wiley & sons, New Jersey (USA)

Aurelio Raverini (2010). «Information technology capability within small-medium enterprises». PhD Thesis. School of Computer and security science of computing, health and science. Edith Cowan University, Petth, Australia

Candance Deans P. (2005). E-commerce and M-commerce Technologies. IRM Press. Hershey (USA)

Collis, D.J., Beath, C.M.; and Goodhue, D. (1996). Develop long-term competitiveness through IT assets. Sloam management review, 38, 1 pp 31-45

Collis, D.J. (1994) research Note: How valuable are organizational capabilities? Strategic management Journal, 15, 8 pp 143-152

Council of Europe (2011). Summary of the main messages and outcomes of the conference prepared by the Council of Europe Secretariat. «Our internet - our rights, our freedoms». Toward the Council of Europe Strategy on Internet governance 20122015 [Online]. Available from http://www.coe.int/informationsociety/conf2011/viennaconferencesummaryen.pdf [Accessed 12/06/2013]

David A. Montagne (2010). Essentials of Online payment security and fraud prevention In: Essentials series. 1^st Edition. Wiley & Sons, New Jersey (USA)

Donald O'Mahony and Michael A. Pierce (2001). Electronic payment systems for e-commerce, Artech House Print on demand, 2 Sub editions. ISBN-10 1580532686 (UK)

Efraim Turban and D. King (2011). Electronic Commerce 2012: A managerial and social network perspectives, 7th Edition. Pearson-Prentice Hall:USA

Prof Gabriel Jacobs (2012). A brief outline of research expectations and processes. Robert Kennedy College, Unpublished.

Page | 55

Ganesh D, Bahatt and Varun Grover (2005). Type of information technology capabilities and their role in competitive advantage: An empiric study. Journal of Management Information systems Vol 22, No 2, pp 253-277

Gary P. Schneider (2011). Electronic Commerce, 9^th edition. Cengage Learning, Boston

Graham Curtis and David Cobham (2005). Business Information Systems. Analysis, Design an Practice. Fifth Edition. Prentice Hall (Financial Time), Harlow (UK)

IT Governance Institute (2003). Board Briefing on IT Governance. 2^nd edition. It Governance Institute. Rolling Meadows, IL USA.

IT Governance Institute (2006). Information security governance: Guidance for Boards of Directors and Executive Management. 2^nd edition. It Governance Institute. Rolling Meadows, IL USA.

Jeffrey A. Ogden, Paul Benjamin Lowry, Kenneth J. Petersen, and Phillip L. Carter (2008). «Explaining the Key Elements of Information Systems-Based Supply-Chain Strategy That Are Necessary for Business-to-Business Electronic Marketplace Survival,» Supply Chain Forum: An International Journal, vol. 9(1), pp. 92-110.

Available from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1464522.
[accessed 28/04/2013]

Jeffrey Scott Ray (2011). «Using Effective E-Commerce Strategies to Improve Organizational Performance». Social science Network [Online]. November, 20 2011. Available from http://papers.ssrn.com/sol3/papers.cfm?abstractid=2115064 [Accessed 21/04/2013]

Kenneth C. Laudon and C. Guercio (2011). E-Commerce 2012, 8th Edition. Pearson-Prentice Hall. New Jersey (USA)

Kenneth C. Laudon and Jane P. Laudon (2006). Management information systems, Managing the digital firm, 10th edition. Pearson education inc, New Jersey, USA

Kevin Zhu (2004). The complementarity of Information technology infrastructure and e-commerce capability: A resource-based assessment of their business value. Journal of management of Information system. Summer 2004, Vol 21, No 1 pp 167 -202

Lior Fink (2011). How do IT capabilities create strategic value? Toward greater integration of insights from reductionistic and holistic approaches. European Journal of Information systems (2011) 20, pp16-33

Page | 56

Mirza K. Baig, Hussein Raza, Umer Farooq (2011). «E-commerce adoption. A comparative study of Sweden and Pakistan». Master Thesis. Linkopings University, Stockholm

Monideepa Tarafdar&Steven R. Gordon (2013). «How information technology capabilities influence organizational innovation: Exploratory findings from two case studies». Available from http://is2.lse.ac.uk/asp/aspecis/20050014.pdf. [accessed 28/04/2013]

Neil F. Doherty (2009). «The role of IS capabilities in delivering sustainable improvements to competitive positioning». Journal of Strategic Information Systems 19 (2009) 100-116.

Nikhilesh Dholakia and Nir Kshetri (2005). «World Trade Point Federation: Bringing E-Commerce Capabilities to Developing Nations» Social science research network.[Online] International Journal of Cases on Electronic Commerce (IJCEC), Vol. 1, No. 1, pp. 39-53. Available from http://papers.ssrn.com/sol3/papers.cfm?abstractid=846464 [accessed 28/04/2013]

Nikhilesh Dholakia and Nir Kshetri (2005). «Social science research network. Mobile Commerce as a Solution to the Global Digital Divide: Selected Cases of e-Development.» November, 13 2005 [Online]

Available from http://papers.ssrn.com/sol3/papers.cfm?abstractid=847184 [accessed 28/04/2013]

Paul Beynon-Davies (2002). Information systems. An introduction to informatics in organisations. Palgrave MacMillan, New York

Ravichandran T. and Chalermsak Lertwongsatien (2005). Effect of IS resources and capabilities on firm perspective: a resource-based perspective. Journal of Management Information system, Vol 21 no 24, pp 237-276

Rosli Mohamad and Noor Azizi Ismail (2009). «Social science research network. Electronic Commerce Adoption in SME: The Trend of Prior Studies, published in Journal of Internet Banking and Commerce, August 2009, vol. 14, no.2. Available from http://papers.ssrn.com/sol3/papers.cfm?abstract id=1521290## [accessed 28/04/2013]

Sheril L. Jackson (2010). Research Methods. A modular approach, 2d edition. Cengage Learning, Boston

Ting-Peng Liang and Jun-Jer You (2011). Resource-based view in IS research: A meta-analysis. Pacifi Asia conference on Information system, Pacis 2009 proceedings

Timothy P. Layton (2007). Information security: Design, implementation, measure, and compliance. Auerbach publications, Floride (USA)

Turban E., King D., Lee J., Viehland D. (2008). Electronic Commerce: A Managerial Perspective. Prentice Hall: New Jersey, USA

Page | 57

7: Appendix