By the time you read this most likely you will be well over Christmas and into 2008. January is the time of post-Christmas sales, school vacations, taking it easy and less traffic around the cities. It affords us an opportunity to make some New Year’s resolutions that generally won’t be kept.
For those of us with e-commerce websites it is a great time to regroup and take a long look at the content on our websites; time for some freshening up and house cleaning. You may even want to consider selling the left over Christmas stock on eBay.
If you are dealing in commodities like toys, electronics and gadgets then you might start seeing a few products being returned during January. Now you have to consider refunds or shipping an alternative product.
From the consumer’s viewpoint this is always frustrating but there are some people out there that take advantage in these situations. This is when you have to rely on the various terms of service that exist on your website. If you handle this well it will instil confidence and you may win a return customer.
What I would like to focus on are some of the often missed legal aspects of your website and also how they affect buyer comfort.
I recently answered a question on Linkedin, which was asking why owners of e-commerce sites did not put their details on the site in the ‘About Us’ page. It is a pretty good question.
So what are the legal components that you should think about for your website and how do they affect the success of the site?
Physical address and contact details
I always recommend contact details containing a real address and phone number (and maybe fax) are clearly shown on the website.
A PO Box might be okay if it is in Australia and you do not have a business address. But I prefer a real location. When I see a mobile phone as a contact number my immediate reaction is negative. It is just too easy to go get a pre-paid mobile these days. 1800 numbers are relatively inexpensive and can be directed to different phones at different times.
If the website does not have a physical address then I am concerned that it might not take products back or, even worse, not deliver them in the first place. If you are a website owner and do not want your address on the site then get a PO Box and perhaps offer Australia Post COD as a shipment and payment method.
If the person who runs the site does not have their name and ABN (if applicable) clearly on the site then I am immediately suspicious. You should not use a personal email address but you should have contact email details, such as firstname.lastname@example.org or email@example.com or firstname.lastname@example.org, which can be used as a contact point. You sometimes see websites with a hotmail address as the contact point—this to me translates to “go to another website”.
Terms and conditions
If the website does not have a set of T&Cs that I can find and read easily then I generally do not trust that website. The T&Cs are never going to be simple but if they stretch to 20 or 30 pages then there is an issue. So you need to cover yourself without going too legally verbose. You should always seek legal advice on the legal terms and aspects of your business.
Do not just go and copy the T&Cs from another website. This may cause you to be in breach of the intellectual property copyright protection of that website. If you are directly targeting a competitor’s website they will probably figure it out quickly. You can find some very useful information at www.e-businessguide.gov.au
Always make sure that the footer on every page of your website carries a copyright notice. It will be something like “Copyright ©2007 My Business Name”. If you have images that you want to protect you might consider using an image watermark and there are a number of software products available that will let you add watermarks.
This may be part of the T&Cs but if you are selling commodity products then make the return policy easy to find and understand. For some items like food and clothes you may not have to accept returns, however it is an area that you have to understand. In Australia all sales (including online sales) fall under the Trade Practices Act. This says that what you are selling must be fit for the purpose that you describe. So you need to make sure your product descriptions are not so vague as to be problematic for you.
Returns can create the need for a refund to a buyer. There are a number of ways this can be done but you need to have the process clearly documented so it cannot be disputed. If the customer has bought via a credit card then you can process the refund to the card. This will result in a fee that you (the merchant) will pay and may be $25 to $40. The fee will vary by provider and card type.
The alternative might be to send a cheque or do a direct deposit to the consumer’s bank account. As a refund this may be less effort and not incur a fee from the payment provider or bank.
You can also offer a credit certificate (for use at a later date) or a replacement with an alternative product.
Australia has a Privacy Act and a set of National Privacy Principles. Generally these apply to
private companies with a turnover greater than $3 million annually, health service providers, traders in personal information and contractors to government.
SSL and HTTPS
SSL and encryption should be used when in pages where sensitive data is entered. This may be personal data such as name and address details or it could be financial data such as credit cards and bank details. Your site should show a valid SSL certificate when in protected pages. The URL will begin with HTTPS and the browser “padlock” icon should appear.
The credit card industry introduced some standards to assist online store owners and providers understand their responsibilities. These are the Provider Card Industry Data Security Standards (PCI DSS), and were developed to assist businesses that process card data to meet 12 security standards. It sets requirements for the monitoring and storage of credit card information to four levels of security, depending on the volume of credit card transactions being handled.
If you use a reputable payment service provider, these issues will generally be handled by them. If you take credit card data on your website using the manual credit card payment method then you need to be aware of the risk.
The 12 key guidelines are:
- 1. Install and maintain a firewall configuration to protect data.
- 2. Do not use vendor-supplied defaults for passwords or other security parameters.
- 3. Protect stored cardholder data.
- 4. Encrypt the transmission of cardholder data and sensitive information.
- 5. Use and regularly update anti-virus software.
- 6. Develop and maintain secure systems and applications.
- 7. Restrict access to data by business need-to-know.
- 8. Assign a unique ID to each person with computer access.
- 9. Restrict physical access to cardholder data.
- 10. Track and monitor all access to network resources and cardholder data.
- 11. Regularly test security systems and processes.
- 12. Maintain a policy that addresses information security.
The bottom line is that there’s a lot that you can apply to e-commerce from the bricks-and-mortar world. Think of any parallel analogy and apply it to your website. It does not matter if you are thinking about how the home page needs to attract visitors into the store and comparing it to the storefront window, or reconciling the
cash register at the end of the day and comparing that to reconciling your online orders.
To open a store on Main Street you have to think about all the aspects that go to make up a business, from the sales sheets and BAS to the shop security and locking the windows and doors each night. Even getting rid of the rubbish!
John Debrincat is CEO of eCorner, www.ecorner.com.au
* The opinions expressed in this article are those of the author, and don’t necessarily reflect the opinions of DYNAMICBUSINESS.com or the publishers.