|
|
eCorner eCommerce |
So what are the legal components that you should think about for your
Physical address and contact details
I always recommend contact details containing a real address and phone
A Post Office box might be OK if it is in Australia and you do not
1800 numbers are relatively inexpensive and can be directed to
If the website does not have a physical address then I am concerned
If the person who runs the site does not have their name and ABN (if
Terms and Conditions
If the website does not have a set of T&Cs that I can find and read
Do not just go and copy the T&Cs from some other website. This may
Copyright Notice
Always make sure that the footer on every page of your website carries
Returns Policy
These may be part of the T&Cs but if you are selling commodity
Returns can create the need for a refund to a buyer. There are a
The alternative might be to send a cheque or do a direct deposit to
You can also offer a credit certificate (for use at a later date) or a
Privacy Policy
Australia has a Privacy Act and a set of National Privacy Principles.
a. Private companies with a turnover greater than $3 million annually
Setting up a Privacy Policy is good practice and just helps to take
SSL and HTTPS
SSL and encryption should be used when in pages where sensitive data
PCI DSS
The credit card industry introduced some standards to assist eCommerce
The Provider Card Industry Data Security Standards (PCI DSS) was
The 12 key guidelines are:
1. Install and maintain a firewall configuration to protect data
Make sure the doors are bolted and windows barred
When it all comes down to the bottom line there is a lot that you can
The key to being successful and safe is to treat your web store like
website and how do they affect the success of the website?
number (maybe fax) are clearly shown on the website.
have a business address. But I prefer a real location. When I see a
mobile phone as a contact number my immediate reaction is negative. It
is just too easy to go get a pre-paid mobile these days.
different phones at different times.
that it might not take products back or even worse not deliver them in
the first place. If you are a website owner and do not want your
address on the site then get a PO BOX and maybe offer Australia Post
COD as a shipment and payment method. (http://www.auspost.com.au/BCP/
0,1467,CH2137%257EMO19,00.html).
applicable) clearly on the site then I am immediately suspicious. You
should not use a personal email address but you should have contact
email details such as john.sm...@mystore.com.au or
ow...@mystore.com.au or managem...@mystore.com.au which can be used as
a contact point. You sometimes see websites with a hotmail address as
the contact point this to me translates to “go to another website”.
easily then I generally do not trust that website. The T&Cs are never
going to be simple but if they stretch to 20 or 30 pages then there is
an issue. So you need to cover yourself without going too legally
verbose. You should always seek legal advice on the legal terms and
aspects of your business.
cause you to be in breach of the Intellectual Property Copyright
protection of that website. If you are directly targeting a
competitor’s website they will probably figure it out quickly. You
can find some very useful information at www.e-businessguide.gov.au.
a copyright notice. It will be something like “Copyright ©2007 My
Business Name”. If you have images that you want to protect you might
consider using an image watermark and there are a number of software
products available that will let you add watermarks.
products then make the Return Policy easy to find and understand. For
some items like food and clothes you may not have to accept returns,
however it is an area that you have to understand. In Australia all
sales (including online sales) fall under the Trade Practices Act.
This says that what you are selling must be fit for the purpose that
you describe. So you need to make sure that your product descriptions
are not so vague as to open a potential problem for you.
number of ways that can be done but you need to have the process
clearly documented so it cannot be disputed. If the customer has
bought via a credit card then you can process the refund to the card.
This will result in a fee that you, the merchant will pay and may be
$25 to $40. The fee will vary by provider and card type.
the consumer’s bank account. As a refund this may be less effort and
not incur a fee from the payment provider or bank.
replacement with an alternative product.
Generally these apply to:
b. Health service providers
c. Traders in personal information
d. Contractors to government
away any fear that the information provided to the site might be
misused or sold to a third party.
is entered - this may be personal data such as name and address
details or it could be financial data such as credit cards and bank
details. Your site should show a valid SSL certificate when in
protected pages. The URL will begin with HTTPS and the browser
“padlock” icon should appear.
store owners and providers understand their responsibilities. These
are the Provider Card Industry Data Security Standards.
developed to assist businesses that process card data to meet 12
security standards. It sets requirements for the monitoring and
storage of credit card information to four levels of security,
depending on the volume of credit card transactions being handled.
If you use a reputable payment service provider then these issues will
in general be handled by them. If you take credit card data on your
website using the manual credit card payment method then you need to
be aware of the risk.
2. Do not use vendor-supplied defaults for passwords or other security
parameters
3. Protect stored cardholder data
4. Encrypt the transmission of cardholder data and sensitive
information
5. Use and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to data by business need-to-know
8. Assign a unique ID to each person with computer access
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder
data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security
apply to eCommerce from the Bricks and Mortar world. Think of any
parallel analogy and apply it to your website. It does not matter if
you are thinking about how the home page needs to attract visitors
into the store and comparing it to the store front window; or
reconciling the cash register at the end of the day and comparing that
to reconciling your online orders.
To open a store on Main Street you have to think about all the aspects
that go to make up a business from the sales sheets to the BAS to the
shop security and locking the doors and windows each night. Even
getting rid of the rubbish!
your business and manage it the same way.