Free cookie consent management tool by TermsFeed Why EDI over AS2 - instead of FTP? | Aayu Technologies Cookies preferences
Home Blog Why EDI over AS2 - instead of FTP?

Why EDI over AS2 - instead of FTP?

Learn what you will gain from moving to EDI from AS2 instead of FTP

28 Sep 2022 by Janaka Bandara

Electronic Data Interchange or EDI is a virtual exchange of business documents or any other data using electronic formats between trading parties. In general, this exchange of documents or data happens between buyer and supplier, consists of transferring purchase orders, invoices, payments, shipping notices and various other business related documents. EDI allows companies to virtually interact with other organisations anywhere in the world without the hassle of waiting times and forecasting future procedures and geographical distance.

Benefits of EDI

Increases efficiency

Integrating with EDI can significantly reduce the order processing and delivery times, allowing organizations to reduce their inventory levels.

Manual data entry takes valuable employee time. Automating such manual tasks with EDI transactions, provides business staff a tool to be more productive and allows them to concentrate on higher-value tasks.

Reduce human error and improve accuracy

Traditional FTP/paper based transmissions force your staff to enter data into enterprise resource planning (ERP) software or order systems manually. There are good chances that mistakes will happen eventually, and EDI comes to help organizations avoid those mistakes. EDI solutions are designed to automate this unmanageable process and eliminate human-caused errors.

Accurate processing will reduce the margin of error and lead to less re-working of orders, fewer stockouts and fewer cancelled orders

Cost effectiveness

EDI can significantly lower business expenses associated with traditional message processing such as paper, printing, reproduction, storage and document retrieval costs.

EDI integration can lower other costs as well, such as Matson Logistics who reduced their ASN fines 12% by switching to a more efficient EDI solution.

Expanding the market

EDI is structured under a particular, standardized format, that permits corporations to achieve a lot of international partners and share standards with them.

Improves communication

EDI is also a tool that makes for smoother business relationships with a company’s different partners. Not only because it facilitates collaboration and relationships with customers and suppliers; but it also excludes the conflicts that can occur with delays and inattentional or issues faced in traditional communication.

Transaction tracking

With EDI, companies can check precisely where they are in the transaction process, and whether documents have been properly sent, received and so on - all of which helps them to stay on top of handling times.

Why EDI over AS2 - instead of FTP?

In Transit Encryption

Once you send files over the Internet, their content will be exposed to various network-based threats. Malicious individuals can intercept your message and then steal whatever sensitive information you have in there.

Content shared over FTP has no encryption, which means your data is insecure while in transit. To make matters worse, there is no effective workaround to ensure FTP in-transit security. You can use third party software to encrypt your content, however your login credentials are transmitted in plain text over the internet.

But with AS2 protocol, you can easily overcome those issues. AS2 protocol allows you to,

  • securely transfer your data by encrypting your payload.
  • stop relying on TCP level security measurements. (such as FTPS), since AS2 protocol itself makes sure your data is encrypted in transit.
  • safely transfer your data even over HTTP protocol, without compromising security.

Certificate Based Authentication

Before you carry out a transaction, it’s important to make sure the entity you’re about to transact with is in fact the one whom you intended to transact with. Sometimes, cyber criminals can spoof a trading partner’s host and participate in the transactions in their stead. With FTP this is highly possible because your credentials are transmitted in plain text through the internet.

However, AS2 is compliant with the private-public key pair based authentication. You can encrypt content using your private key before transmitting to ensure data security in transmission. Once the content is received, only the parties you trust and whom you have shared your public key with, can decrypt the content.

Verified identity by digital signature

Data integrity and non-repudiation are vital in maintaining the integrity of business transactions. You need to verify whether the message received by the recipient is in fact the message sent by the sender and has not been altered along the way (data integrity). Also it is essential to prevent a sender from disowning/refuting a transmission sent in the past (non-repudiation).

If you want to utilize these integrity and non-repudiation features under FTP, you and your partner would need to implement an additional protocol layer on top of FTP and explicitly adhere to it.

However, AS2 is a standardized protocol that already includes all these features, with a strong track record from leading B2B giants like Walmart, Amazon and Target Corporation.

Electronic Receipts (MDN)

Once you shared your data with your trading partner, there should be a confirmation whether they received/accepted the content you send. Also it helps to prevent the content being duplicated.

With FTP there is no inbuilt mechanism to ensure the intended recipient has received the message or disowning/refuting the sender from retransmitting already sent content in the past.

However, AS2 protocol has an option to request an electronic receipt from the recipient confirming message delivery status. This receipt is known as Message Disposition Notification (MDN). This can be used to ensure that the recipient has at least received the content successfully and prevent senders from resending the same content.

With AS2 protocol the message senders can also request from the recipient to add their digital signature to the MDN, eliminating the chance of MDN spoofing and preserving the end-to-end integrity of the overall transaction.

Furthermore, message Disposition Notification includes a Message Integrity Check (MIC) computed by your trading partner, based on the payload they received. When compared with the MIC computed for the original payload at sender’s end, it will stand as strong proof that the content integrity was preserved.