To protect and serve


6 Aug 2007

More confidence translates into more time online and more purchases online, says Aileen O’Toole, managing director of AMAS, a consultancy firm that specialises in online channels.

Recent EU-wide regulations such as the Distance Selling Directive provide the conformity and consistency that will put the online shopper at ease. These regulations provide consumer protection by stipulating how a contract is enforced, displaying prices prominently, steering return policies and protecting the buyer from credit card fraud.

So although running an e-business might seem easier than setting up shop on the high street complete with rent, shop staff and theft issues, legal obligations hit the online trader harder.

Under the Distance Selling Directive, buyers have greater consumer protection than in a physical shop, with the right to cancel an order in a ‘cooling off period’, normally within seven days of placing an order. Unlike offline shopping, the customer has the right to refund goods or services without a reason. “The balance of power is very much on the consumer side online and that puts a very strict onus on businesses,” says O’Toole.

There are also very specific regulations for selling toys, electrical appliances and package holidays, as well as following environmental obligations under the WEEE directive. To protect both the consumer and themselves, it is essential for e-commerce sites to have a customer service policy, separate from legislation.

Companies need to be sure they won’t be taken for a complete turkey, O’Toole says, in terms of people abusing and trying to hide behind the law in returning items. Protecting customers’ data such as contact details and credit card numbers is also critical, and it is all about compliance.

When drafting a data policy an e-business should categorise information into four main areas: public, confidential, strictly confidential and classified. Information displayed on the website would be classed as in the public domain while PIN numbers would be classified. An e-commerce business is required to register with the data commissioner as a data controller to ensure the integrity of customer data it holds.

Colm Lyon, managing director of the Dublin-based online payments processing company Realex, says many businesses bypass the risk of holding sensitive data by using service providers like themselves to collect credit card details.

Realex processes over €3.5bn a year worth of payments for international online retailers and corporate players such as Aer Lingus, Aer Arann, Quinn Direct, Vodafone, Party Poker, Motortax.ie, BT, Direct Ski and VHI.

Lyon says a business needs to ask itself does it really need to capture and process sensitive credit card information when it could register as a data collector and get a secure, trusted service like Realex or PayPal to act as their processor. “The first thing we say to merchants is: do you really need to know a customer’s credit card number? Nine times out of 10 they don’t,” says Lyon.

He also believes firms that are about to go down the e-commerce route should seek the experience of others. “Always talk to people who have done it before, don’t try to do it all yourself. You need a secure and properly structured e-commerce site.”
One thing that the savvy shopper looks out for now is the secure site denotation ‘https’.

No business should expect its customers to click through to its online checkout without this because it encrypts the sensitive data contained in the order form.

Both Lyon and O’Toole said that surprisingly a minority of businesses still ask customers to send their credit card details by email. This method is not secure and could easily be intercepted by a third party. Credit card fraud may hit the online shopper to a small extent but an e-business carries most of the burden under the Distance Selling Directive. A customer can cancel any fraudulent payments and is entitled to the return of that payment, as per credit card insurance.

On the other hand, the e-business has lost out on the goods and services provided unwittingly to a criminal party. While protecting the online consumer may seem like a behind-the-scenes process it in fact affects the fundamental design and layout of the site. Robert McDonagh, solicitor in the commercial department of Mason, Hayes & Curran, says that a clear, scrollable privacy policy as well as terms and conditions should be displayed prominently on every e-commerce website. The necessity for a potential buyer to click on a button, agreeing or disagreeing with the terms of sale should also be built in, he advised.

Professional legal advice will be required at some point. “Take it step by step and understand the law. There are quite good resources out there. Then try to interpret how that applies to your business and get advice from a lawyer,” says O’Toole.

E-payment in, cheque out

Accounting software player Sage says it will integrate electronic payment technology into its accounting packages in the coming months. Firms will initially be able to process payments directly by phone.and eventually automatically process electronic payments through their web stores.

“We’re making it easy for Irish SMEs to finally let go of hassle-laden processes like receiving payments by cheque,” says Sage Ireland product manager Jessica McIntire. According to the European Central Bank, 24pc of non-cash transactions in Ireland are made with cheque payments, which accounts for 79pc of all euro changing hands via non-cash methods.

“We’re entering the card processing market because we believe it’s a good fit with our ethos of supporting SMEs to manage and grow their business,” McIntire added. “We are predicting a 30pc increase in the next two years.”

By Marie Boran