Monthly Archives: February 2011

The common sense approach to search engine optimisation

Search Engine Optimization (SEO) has become a popular topic among website owners. Everyone wants to have the number 1 spot in search engines, but it’s hard to know what advice to follow.

Sometimes reading SEO tips and tricks can cause more harm than good. Following bad advice can be dangerous and can potentially get your website blacklisted by search engines.

Google’s algorithm for determining how to rank websites in their search results may be a secret, but the fundamental concept behind it is not. Google wants to provide quality content that matches what users are searching for. The best way to optimize your website for search engines is to focus on building the best website possible for your  visitors. If you are able to accomplish this, your website will already be optimized for search engines!

Distance Selling Regulations

When selling online or by some other distance-selling method, there are several key sets of regulations you should be aware of. The Consumer Protection (Distance Selling) Regulations cover businesses that sell to consumers by mail order, phone, fax, over the internet or on digital TV.

Generally these regulations require you to:

  • provide consumers with specified information before they order
  • provide consumers with specified written information in a durable medium prior to the conclusion of a contract
  • send consumers an order confirmation
  • give consumers the right to a cancellation period

The Electronic Commerce Regulations place some similar requirements on businesses that sell or advertise products to businesses using the internet, email, interactive digital television or mobile-phone SMS text messages. Whether you sell to businesses or consumers online, the regulations also require you to:

  • clearly identify commercial communications as such
  • outline the steps that need to be taken for a contract to be concluded

Other laws you must comply with

Remember you must still comply with a range of other laws on the supply of goods and services. In particular you must ensure:

  • goods are fit for their purpose and of satisfactory quality under the Sale of Goods Act
  • products are exactly as you describe them under the Consumer Protection from Unfair Trading Regulations

You must also comply with privacy and data-protection law when contacting customers or processing any personal information about your customers.

Provide consumers with clear information

Businesses that sell to consumers by mail order, phone, fax, internet or digital TV must give clear and comprehensible ‘prior information’ to help them decide whether to buy. Distance-selling regulations require you to set out:

  • your business name and address (when advance payment is required)
  • a description of the goods
  • prices, including all taxes
  • delivery costs
  • payment arrangements
  • arrangements and date for delivery of goods – within 30 days of the order if you don’t specify a date
  • the consumer’s right to cancel the order and details of who bears the cost of returning the goods if they do
  • how long prices remain valid

You must also specify if you want to offer substitute goods if those ordered aren’t available. If you do, you must make it clear that you’ll meet the costs if any replacement goods are returned. You must provide this information before the order is placed.

Unless the information has already been provided in written form – eg an advertisement or brochure – you must also confirm it in writing, at the latest when the goods are delivered. You must also state:

  • how and when the consumer can cancel the order
  • your geographic address
  • any guarantees or after-sales services that apply

The consumer can cancel the agreement up to seven days after the goods are delivered.

The cooling-off period and cancellations

When selling to consumers online you must give them a cooling-off period during which they have an unconditional right to cancel the contract.

In the case of goods, the cooling-off period normally ends seven working days after the day the goods are received.
Consumers must inform you in writing – by letter, fax or email – of their decision to cancel.

Consumers’ money should be reimbursed in full (including postage costs) as soon as possible – and in any case within a maximum period of 30 days.

Your contract with the consumer should also specify who pays any postage necessary to return unwanted goods.

PCI Compliance (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) – is a worldwide security standard developed by the Payment Card Industry (PCI) Security Standards Council to protect cardholder information, such as credit and debit card numbers and cardholders’ personal details. It includes requirements for security management, network architecture, software design, security policies and procedures, and other protection of customer account data. The standard is applicable to any organisation that stores, transmits or processes cardholder information; be they a merchant, third-party processor or acquirer.

PCI DSS is a set of six principles that encompass 12 specific requirements.These requirements are equally applicable to any organisation holding personal information and are intended to reduce the organisation’s risk of a data breach.

Build and maintain a secure network

  • install and maintain a firewall configuration to protect your cardholders’ data
  • do not use vendor defaults for system passwords or other security actions

Protect your cardholder data

  • protect any stored cardholder data
  • encrypt transmission of your cardholders’ data across open, public networks

Keep a vulnerability management plan

  • always use and regularly update your anti-virus software
  • develop and maintain secure systems and applications

Implement strong access control practices

  • limit access to cardholder data to only those who need to know
  • give every person with computer access a unique ID
  • limit physical access to cardholder data

Monitor and test your networks on a regular basis

  • track and monitor all access to your network resources and cardholder data
  • regularly test security systems and procedures

Keep an information security policy

  • Always keep a policy that addresses your information security.

The PCI Security Standard Council encourages businesses that store payment data to comply with PCI DSS and become certified to help reduce financial risks from data compromises. However, it is the payment card schemes, eg MasterCard or Visa, that manage the actual compliance programme. In practical terms this means the programme is managed by acquirers and you should check with your bank to seek advice on your specific compliance obligations and how your business can become certified.

Failure to be annually certified can become an issue if you have a security breach and your customers’ card details are stolen, in which case penalties levied by the card schemes and costs can be heavy depending on the number of cards compromised.

Even where a merchant is certified this does not protect them from potential penalties if it is deemed that their own actions through negligence, omission or accident contributed to a breach.

Link: Official PCI Security Standards Council Site