E-Commerce Compliance – Think PCI

Key Legal Considerations in E-Commerce

In the wake of rapid technological advancements, e-commerce has become a common enterprise in the contemporary world. The Internet has made it possible for SMEs and large stores to reap huge benefits from online businesses. However, the U.S. has outlined various e-commerce compliance laws to guide such ventures, and it is important for any online business owner to understand them or consult an experienced transactional lawyer to dissect them before launching the business.

complianceDifferences between Operating an Online Business and a Brick and Mortar

More than in brick and mortar business, customers’ privacy and security are paramount in Internet-based business. In this regard, “Websites should provide the customers with choices regarding the use of their personal information, and incorporate security procedures to limit access to customer information by unauthorized parties” (Nasir, 2004). Alongside the existing and potential e-commerce regulations, the Federal Trade Commission (FTC) has instituted reliable vigilance to protect customer information every time they shop online. Therefore, it is important to understand E-Commerce compliance and all the legal implications regarding infringement of clients’ data and privacy when operating an e-business or develop alternative law-compliant data collection and management functions from the onset. Many web-based businesses have a privacy policy to inform the users on how (if need be) their data would be collected and used while others feature “click through” dialog boxes seeking customer consent on matters pertaining to their information.

One of the biggest legal dilemmas yet to be addressed is establishing who has the jurisdiction or authority to apply a certain law over various transactions. For instance, whereas customers can launch disputes at local small claims courts, such institutions are irrelevant in cyberspace, according to Ron Presser from the American Bar Association (Sayer & Deveaux, 2000). When operating an online business, it is important to understand that not all transactions involving two different parties based in two different nations are successful; they should be ready to address questions regarding extra-territorial jurisdictions over online transactions.

The Basic Elements Of E-Commerce Compliance

Intellectual Property

Before signing a contract with a designer or developer, it is important to understand that “a domain name is a form of intangible intellectual property” as a state court in Virginia court once ruled (Lovell, Fausett, Fertik, Loundy, Palfrey, & Ward, n.d.). Therefore, the business owner should make the domain name a protected trademark lest he or she engage in unnecessary conflicts and negotiations with the web developer or other entity over its ownership. In other words, he or she should own all the intellectual property to the web design, including the logo and the domain name. Unclear contracts have resulted in different cases of “cyber-squatting,” whereby an opportunist registers a website that has a URL resembling that of a reputable brand and then seeks to “hold the brand owner hostage” (Marsh, 2000).


Another e-commerce compliance consideration is the negotiation of the web-hosting contract, which demands that the owner understands what he or she has a right to and what he or she is not. It is noteworthy that “the actual services offered in a web hosting agreement vary from provider to provider, making it difficult to generalize what, exactly, comprises hosting” (Lovell, Fausett, Fertik, Loundy, Palfrey, & Ward, n.d.). This necessitates the services of a transactional lawyer to ensure that the designer fulfils all the client’s interests in the hosting agreement or satisfactorily makes changes to the boilerplate hosting agreements.

Customer Privacy

It is also necessary to consider customer privacy policy and protect their information. Alternatively, the owner of the e-business can explain what he or she is protecting and what he or she is not. As such, there is a need to inform customers the business owner will use such information and whether he or she is going to disclose it to third-party marketing agencies or not.

Type of Business and Cyber-Attacks

When it comes to cyber-attacks, the type of business does not matter, but the size does. Hackers only go for websites that are “much easier to gain access and pilfer the desired information,” and it remains the responsibility of the designer to support the

enterprise with a stronger cyber-security solution on behalf of the owner (Song, 2016). In fact, cyber-criminals do not spare online auctioning, e-commerce stores, community membership sites, magazine publishing, blogs, and affiliate marketing. It turns out that “not only are small businesses now firmly in the crosshairs of cybercriminals, but they are also fast becoming their favoured target” (Smith, 2016). In particular, SMEs have become softer targets for hackers and scammers due to their weaker online security and unpreparedness for cyber breach.

Other Considerations About E-Commerce Compliance

Before launching any type of online business, it is important to understand and comply with federal and state laws regarding e-commerce. As such, the business owner must be aware (even to some degree) of e-commerce compliance, PCI, liability limitations, jurisdiction under which the business will operate, delivery terms, and how to protect the customers’ information. Another key point to note is that e-commerce has slim operating margins, and neither SMEs nor large businesses are immune from cyber breach. In as much as the business owner wants to abide by all the e-commerce laws, it is also important to keep an eye on the cybercriminals and fraudsters marauding the Internet lest the business suffer massive losses or even close own.

This is not legal advice and does not constitute a guarantee, warranty, or prediction regarding the outcome of your legal matter or potential legal matter. Consult a licensed attorney for compliance guidelines for your state.

Lovell, M., Fausett, B., Fertik, M., Loundy, D., Palfrey, J., & Ward, L. E-Commerce: An Introduction, Part 1: Set Up. Retrieved 8 August 2016, from
Nasir, M. A. (2004). Legal issues involved in E-commerce. Ubiquity, 2004(February), 2-2.
Marsh, M. (2000). Starting An Online or Web Based Business – Legal Issues To Consider.
Your Legal Corner. Retrieved 8 August 2016, from
Sayer, P. & Deveaux, S. (2000). Court in the Net: Jurisdiction in Cyberspace. Computerworld. Retrieved 8 August 2016, from
Smith, M. (2016). Huge rise in hack attacks as cyber-criminals target small businesses. The Guardian. Retrieved 8 August 2016, from
Song, J. (2016). Why Hackers Want to Attack Your Small Business. Tech. Retrieved 8 August 8, 2016, from