Starting Up

What you need to know when setting up an online retail business


Setting up a new business venture is thrilling and it is no different when it is an online business. As well as being exciting it is also very daunting, often in unknown territory, especially with regards to the regulations that need to be adhered to and complied with. Many of the regulations are set up to protect your customers, and are particularly concerned with online payments and the use of personal details.

Compliance with Data Security Standard:

All businesses accepting payment from customers must comply with the Payment Card Industry Data Security Standard (also referred to as PCI DSS), which are, in simple terms, 12 security requirements laid out, and governed by, the PCI Security Standards Council. It is the Council’s responsibility to develop, educate and raise awareness of PCI DSS.

There are four different compliance levels and which one you require is determined by two factors: how much money your business generates and how that money is processed. Reaching PCI DSS compliance is time-consuming and expensive, but failure to comply can result in fines, security auditing, or even being prohibited from using credit card transaction systems altogether. It is also important to realise that failure to comply with these standards could result in you and your customers being at risk of fraud or theft. It’s a good idea to use a payment processing service that you know complies with the PCI DSS, such as those offered by Barclaycard or other reputable UK providers.

Electronic Signatures Regulations:

An electronic signature is a way of validating someone’s identify in the form of a typed named, digitalised or even finger-drawn signature (using a touch-screen device). Becoming more common in our ever-increasing electronic world (and in the eyes of the law, having the same legality as the pen and paper variety), electronic signatures are sometimes problematic; how can you stop someone else from signing for you, for example? Regulations state that the signature must be uniquely linked to the signatory (using personal and traceable information, such as an IP address) and that the signatory is easily identifiable. So it’s essential that you are aware of this requirement if your business relies on electronic signatures of any kind.

Consumer Protection Regulations:

These are extensive regulations put in place to protect the customer when things don’t go entirely to plan. They help to protect the consumer from any number of things, including fraudulent businesses, poor service, food safety, faulty goods and credit card issues. There are regulations and laws in place to prevent unfair competition among businesses as this kind of activity can also have repercussions for the customer.

E-Commerce Regulations:

These regulations cover all online transactions, whether they are merely advertising or actually selling a product or service. The aim of these regulations is to provide consumers with information about the business or service-provider, usually including things such as contact details and the cost of providing the services (including tax and delivery charges). The regulations also govern content of commercial communication (solicited or unsolicited), such as clear identification of any promotional content (such as marketing e-mails).

Distance Selling Regulations:

This regulation protects consumers who purchase items without physically seeing them and this includes buying products from an online supplier, through a mail-order catalogue or from a television shopping channel (such as QVC). The regulations stipulate that a seller must provide certain information about their product (such as price, description, delivery costs and cancellation/refund procedures) before completion of the sale. The seller must also provide information about the company such as geographical address.

Data Protection Act:

When relating to business, this law ensures protection of personal and sensitive information, collected or stored. Adequate steps must be taken to ensure that the storage, use and destruction of sensitive information is carried out in a confidential manner and that the information held is pertinent and accurate. Your intention to hold personal information (and in particular, what this information will include) must be communicated clearly to the customer, similarly, you need to inform them if passing their details on to a third party.

These are just some of the regulations put in place to protect the consumer, but it seems that online businesses and e-commerce are often slippery fish to regulate. It is therefore imperative for any prospective online business owner to fully research regulations and guidelines applicable to them. Non-compliance with certain regulations, for example the PCI DSS, can result in fines and other penalties, so make sure you know all the facts before you start and protect yourself and your customers; in the long run, this will save a lot of time and money!