Electronic Data Interchange or EDI is a virtual exchange of business documents or any other data using electronic formats between trading parties. In general, this exchange of documents or data happens between buyer and supplier, consists of transferring purchase orders, invoices, payments, shipping notices and various other business related documents. EDI allows companies to virtually interact with other organisations anywhere in the world without the hassle of waiting times and forecasting future procedures and geographical distance.
EDI is structured under a particular, standardized format, that permits corporations to achieve a lot of international partners and share standards with them.
EDI is also a tool that makes for smoother business relationships with a company’s different partners. Not only because it facilitates collaboration and relationships with customers and suppliers; but it also excludes the conflicts that can occur with delays and inattentional or issues faced in traditional communication.
With EDI, companies can check precisely where they are in the transaction process, and whether documents have been properly sent, received and so on - all of which helps them to stay on top of handling times.
Once you send files over the Internet, their content will be exposed to various network-based threats. Malicious individuals can intercept your message and then steal whatever sensitive information you have in there.
Content shared over FTP has no encryption, which means your data is insecure while in transit. To make matters worse, there is no effective workaround to ensure FTP in-transit security. You can use third party software to encrypt your content, however your login credentials are transmitted in plain text over the internet.
But with AS2 protocol, you can easily overcome those issues. AS2 protocol allows you to,
Before you carry out a transaction, it's important to make sure the entity you're about to transact with is in fact the one whom you intended to transact with. Sometimes, cyber criminals can spoof a trading partner's host and participate in the transactions in their stead. With FTP this is highly possible because your credentials are transmitted in plain text through the internet.
However, AS2 is compliant with the private-public key pair based authentication. You can encrypt content using your private key before transmitting to ensure data security in transmission. Once the content is received, only the parties you trust and whom you have shared your public key with, can decrypt the content.
Data integrity and non-repudiation are vital in maintaining the integrity of business transactions. You need to verify whether the message received by the recipient is in fact the message sent by the sender and has not been altered along the way (data integrity). Also it is essential to prevent a sender from disowning/refuting a transmission sent in the past (non-repudiation).
If you want to utilize these integrity and non-repudiation features under FTP, you and your partner would need to implement an additional protocol layer on top of FTP and explicitly adhere to it.
However, AS2 is a standardized protocol that already includes all these features, with a strong track record from leading B2B giants like Walmart, Amazon and Target Corporation.
Once you shared your data with your trading partner, there should be a confirmation whether they received/accepted the content you send. Also it helps to prevent the content being duplicated.
With FTP there is no inbuilt mechanism to ensure the intended recipient has received the message or disowning/refuting the sender from retransmitting already sent content in the past.
However, AS2 protocol has an option to request an electronic receipt from the recipient confirming message delivery status. This receipt is known as Message Disposition Notification (MDN). This can be used to ensure that the recipient has at least received the content successfully and prevent senders from resending the same content.
With AS2 protocol the message senders can also request from the recipient to add their digital signature to the MDN, eliminating the chance of MDN spoofing and preserving the end-to-end integrity of the overall transaction.
Furthermore, message Disposition Notification includes a Message Integrity Check (MIC) computed by your trading partner, based on the payload they received. When compared with the MIC computed for the original payload at sender's end, it will stand as strong proof that the content integrity was preserved.