There are, however, certain requirements your site must comply with in order to legitimately sell goods or services online. This article will explore those key requirements to allow your SME the best opportunity of a successful entry to the online marketplace.
To begin selling your goods online, you must first create an internet merchant account (IMA). An IMA is an essential component of any business wanting to take advantage of an ecommerce web platform, with all businesses requiring an IMA before accepting any card or PayPal payments via the web.
The main function of an IMA is to act as the intermediary between you and your customer. This gives both you and your customer certain protections in the payment processes, as well as allowing you to incorporate many monetary sale costs such as card processing fees, into one single payment.
IMAs can be obtained through two methods.
- Your business banking provider, or another high street bank with an IMA option
- A payment service provider such as; PayPal, SagePay or RealEX
There is, however, certain criteria that must be met to obtain an IMA. This is done to ensure that you are in a position to provide the correct good or service for all payments made.
When applying for your IMA therefore, be prepared to discuss the following areas.
- Business plan with description of product/services (for Established SMEs bringing accompanying sales and financial figures will help expedite the process)
- Suppliers details, Sale and Delivery Process
- Website name and address
- Security details (are you operating on a secure server ) Inc. Online T&Cs
These specific areas need to be sufficiently covered as the IMA is effectively showing the bank/payment providers confidence in your ability to provide goods or services as promised. This confidence is then passed onto the customer when making purchases.
Note: Most business bank accounts have additional IMA options. Its therefore recommended to speak to your current provider initially.
With your ability to send/receive payments accredited through your IMA. Your next step is to think about your customers’ data, specifically how you store and use it day to day.
It goes without saying every customer expects their data to be handled in a confidential manner. Most business owners arent aware however, that this is also a legal requirement under the Data Protection Act 1998.
The Data Protection Act 1998 (DPA) governs how we use and store individuals personal information obtained via purchases. The DPA gives individuals whose data has been stored the legal right to know what information is held about them, and usually consists of names, addresses and bank details. There is however, some information that is deemed too sensitive and cannot be stored. This includes but is not limited too; race or ethnicity, political affiliation and union membership or religious beliefs.
To comply with the Data Protection Act 1998 there are seven key data protection principles which must be adhered too. Business owners must ensure that any stored data is:
- Used fairly and lawfully
- Used for limited and specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Kept for no longer than necessary
- Handles according to peoples data protection rights
- Kept safe and secure
- Not transferred beyond European Economic Area without adequate protection
Failure to comply with these principles can lead to a fine and potentially more, depending on how the data is used. Nevertheless, most online businesses shouldnt need to worry about flouting the DPA too much as the majority of modern payment systems are designed to adhere to the act naturally. It is however, still crucial for you to regularly check your systems are storing and managing data in the correct manner.
If you are worried about the Data Protection Act 1998, you can further boost your data securities by becoming PCI complaint. The Payment Card Industry Data Security Standard (PCI) is a non-legal requirement, nonetheless many online retailers ensure compliance with this as an extra security for their customers. PCI compliance is gained through completed a 12 step process, and can give your customers a great deal of confidence in your site.
Lastly, but certainly not least important, is your insurance. Insurance is a requirement for all businesses and ensures you are adequately protected if your company is effected by any unforeseen circumstances. Sadly though, it can be a bit of a minefield deciding which protection is correct for your business however as a general rule, all online businesses will require some form of professional indemnity insurance.
Professional indemnity insurance is applicable to most online businesses as it covers such a wide range of niches that can be applied to almost all online companies, covering you for:
- Professional negligence
- Unintended breach of confidentially and copyright
- Loss of money or goods this can include the transit process once a sale has been made
- Loss of documents or data
As you can see, professional indemnity allows most businesses to operate with confidence in their protection as such a large range of potentially dangerous scenarios are protected through your cover.
As you can see, taking your SME online is not as simple as one would first believe. To trade online consumer confidence is key, and with competitors arising daily as new entrepreneurs try to climb the ladder it has never been more important to protect an air of professionalism from your business. Ensuring that your customers feel confident sending you payments is the first step towards that.