Secure server explain how and why payments are secured

Policies

A September 2000 report from Gigaweb (http://www.gigaweb.com) showed that 66 per cent of web sites failed to provide a link to a privacy policy. If your site receives payments, collects personal details or requires users to register, you should make a very explicit statement on your policies. Ensure that every question asked is asked for a purpose. Do you really need to know the age or salary of site visitors? Does it matter how often they use the Web? Asking too many intrusive questions may lead to respondents just selecting anything to get through the form, thus undermining the accuracy of the data.

You should establish and publish policies on the following:

• Data protection and privacy

- Security

- Continuity

- Copyright.

They do not need to be particularly complicated or extensive documents, but they should address three elements legal obligations, technical details and user expectations. Most commercial sites now have their policies placed prominently on their site: many use a standard form of wording that could be used as the basis for your own policy (without simply copying of course).

Security Policy

Secure server explain how and why payments are secured

• Credit card transactions explain the guarantee from the credit card company, and possibly extend it with your own, as Amazon does, to underwrite the first £50.00 as well

• Encryption describe which level of encryption your site has, in simple terms: you are trying to impress and reassure the user, not give secrets away to potential hackers

- Alternative methods of payment these can maximise revenue but add to the administrative burden. You will need to assess the costs and benefits of offering a range of payment methods

- Refund policy make it clear how this operates.

As with privacy, site visitors will have a natural concern with the security of your on-line payment system. It can seem risky to give credit card details to a stranger, especially one whose web site may be in a different country. You also need to protect yourself from fraudulent customers: Protx (http://www.protx.com) and Cybersource (http://www.cybersource.com) both offer some defence against fraudulent transactions through verified payment systems and databases of fraudsters.

Continuity Policy

• Updates policy if the content on the site is perishable, then there should be an easy method for the visitor to notify the site manager that an error has occurred, that facts have changed, that something is simply wrong

- Contact details for web site manager it is good relationship marketing to positively encourage feedback and contributions from the audience. They feel that you listen to their needs and suggestions; you get the benefit of thousands of proof-readers! A truly confident web site manager would offer a small reward for notification of errors.

Copyright Policy

• Copyright statement a simple statement of ownership

- Protection and limitations specifying the restrictions, permissions and licences available for use of content from the site (if any)

- Images some sites may also licence use of images for personal or charity use. All web design staff need to be trained in and kept up-to-date with copyright issues. Protecting your own copyright is one thing infringement of others’ copyright may result in expensive, embarrassing and damaging publicity.

- Rights to be respected include those of authorship, integrity and privacy

- Credit should always be given and work should only used when it is meant for public broadcast, and then in a non-derogatory way

- Downloading and then editing or re-using images, sound, video and text from the Web may be technically possible but is not usually legal, unless specific permission is obtained from the page owner or images are explicitly ‘public domain’

- Trademarks belonging to other companies must not be used without their authorisation. The Copyright Licensing Agency (http://www.cla.co.uk) provides useful background information on all aspects of copyright and licensing, including the implications of electronic publishing.

Disclaimers

• The web site might have a disclaimer on its own content, affirming that information is there for consideration at the user’s risk, and that it might be out of date, or should be checked with an appropriate professional adviser. This might be linked from every page, or just on the home page

- External links should carry a simple reminder that they are outside the control of the site, and therefore should be treated with caution

- E-mails should also carry a brief disclaimer, which might include statements that the opinions do not necessarily reflect official organisational policy, or that the writer does not have the authority to enter in to contractual agreements on the organisation’s behalf.