Which of the following statements is correct concerning the security of messages in an EDI system?
a. When the confidentiality of data is the primary risk, message authentication is the referred control rather than encryption.
b. Encryption performed by physically secure hardware device is more secure than encryption performed by software.
c. Message authentication in EDI systems performs the same function as segregation of duties in other information systems.
d. Security at the transaction phase in EDI systems is not necessary because problems at that level will usually be identified by the service provider.
Answer: b