When you are in the retail domain, either as a supplier or a buyer, you will need to exchange different documents such
as purchase orders, shipping notices and invoices with your trading partners. Usually the small to medium scale retailers
prefer to exchange these documents through emails. Although email is an easier and familiar way to exchange documents,
it lacks the security and reliability features required for these types of business critical documents and is also
vulnerable to simple user errors.
Did you know?
Data is most at risk on email, with 83% of organizations experiencing email data breaches
Alternatively, using a secure protocol such as AS2 (Applicability Statement 2) which is specifically designed for secure
document exchange is highly recommended avoiding such pitfalls associated with regular emails. Therefore let’s look into
some common issues associated with exchanging retail documents and see how AS2 protocol helps to avoid or minimize them
in comparison to emails.
Email deliverability is one of the most common concerns when it comes to exchanging documents via emails. For example,
you will send an email containing a purchase order to your supplier and unless they replied saying they have received it,
you may really not know whether it has reached them. On the other hand, the supplier will send an invoice to you, and you
may not receive it due to some issue with an intermediate network. But the supplier who is not aware of that will be
expecting you to pay the invoiced amount on time, and it can really put a dent on your trading relationship.
Sametime, most of the email service providers have tightened their spam rules and restrictions to mitigate spamming your
inbox. This also makes it harder for organizations to create communications faster at first. For example, if your email
contains only an attachment without any text, your email might go to a spam folder creating communication delays with
But if you have used AS2 protocol instead of emails for this, these issues will never arise. The reason is that AS2
protocol has an in-built mechanism called MDN (Message Disposition Notification), which acts as an acknowledgement
for the receipt of a message. Basically when one party receives an AS2 message from another, the receiver sends back an
MDN acknowledging that the message with this unique AS2 ID was received by them.
Therefore, in the 1st scenario mentioned above, if you have received a successful/positive MDN from your supplier’s AS2
system, you know for sure that the document has been received by them. The supplier also cannot deny that afterwards,
because this MDN will contain a digital signature from their system. In the 2nd scenario, when the supplier has not
received a positive MDN from you, they become aware that this message has not reached you, which they will resend. In
case they claim that a particular document was sent to you, which you haven’t actually received, you can ask them to
present the MDN your system should have sent back, which will resolve any disagreement or confusion.
The other common issue with emails is that people can make mistakes with the email addresses. For example, you or someone
else from your team can make a slight typo on the receiver’s email address and send an important document to an unrelated
party without being aware of it until it is too late. In case that document contained any confidential or sensitive
information which was misused by this other party, this simple mistake can lead to more serious consequences and most
probably you will end up in a court.
But if the AS2 protocol has been used, the possibility of this kind of error is next to none. AS2 protocol includes a
pre-configuration stage involving both parties, and once it is completed, it is almost a fool-proof mechanism. Even if
you have mistakenly sent an AS2 message to a wrong party (due to some URL misconfiguration), they won’t be able to read
it as it can only be decrypted with the private key of the actual intended receiver.
Then why not AS2?
Then you may be wondering why most small to medium scale retailers are still reluctant to use AS2, but use less
reliable emails. There are 3 main reasons.
- Cost - Using AS2 for document exchange needs special software that is capable of handling AS2 communication aspects.
Most of the currently available such software are very expensive and also involves extra running costs (such as hosting
costs etc.). These high costs are not bearable for the budgets of most small to medium retailers.
- Configuration complexity - As mentioned previously, setting up AS2 connectivity between 2 parties involves several
configuration steps, where you need to exchange AS2 IDs, AS2 URLs and certificates with the trading partner. This can be
an overwhelming task for someone who is not familiar with AS2 protocol and can lead to misconfigurations in many occasions.
- Software complexity - Most of the currently available AS2 software have been designed years ago and have very
complex user interfaces. Most regular users are not familiar with these interfaces and often get confused and frustrated
working with them.
Why MFT Gateway?
MFT Gateway by Aayu Technologies is one of the modern
and cost-effective AS2 software available as a software as a service (SaaS) solution.
- Cost - Since MFT Gateway is a hosted solution, there are no running costs for you such as for hosting. You
can simply register an account and start using AS2 even just now. On top of its 30-day free trial period, MFT Gateway
offers a number of cost-effective subscription packages suitable for different
message volumes, from which you can select the one best suited for your requirements and budget.
- Configuration complexity - Although MFT Gateway provides detailed documentation
on configuring AS2 connectivity, it can still be a bit complex for someone who is new to AS2. But the MFT Gateway team,
who are well versed in AS2 related matters, are always ready to assist you in setting up your AS2 connectivity
for free of charge!
- Software complexity - Since MFT Gateway is a more modern software, its user interface is designed similar to an
email client interface which you are already familiar with. Therefore, after the initial configurations, you can use MFT
Gateway with ease similar to how you use your regular email client.
In addition, if you already have any ERP or back office systems, MFT Gateway can be integrated with them using a
variety of methods including REST API, SFTP, Webhooks and AWS S3.