Is it too easy to set up an Online business?

It’s a question than i’ve been asking myself for sometime now. Unlike other industries say food serving or a pub where you have to have a license many companies can break major laws and endanger their clients.

Take for instance someone who stumbles on to this site – CompanySetup.ie. The site looks very professional and it makes claims that they have 14 years in the business and are the choice for accountants and Solicitors. They must be very credible right?? WRONG.

First of all any person with the schooling of an accountant or solicitor will know that if you want to register a business name, its a simple online form with the companies registration office – and it costs 20 Euro – not 85 Euro!

But there’s nothing wrong with offering a service and making money, even if it is a bit cheeky its not illegal. What is MASSIVELY ILLEGAL is risking their customers personal information including their credit card info, because they are not the professional set up they claim to be. And unless you have a basic understanding of online security, you’ve done the online equivalent of giving your ATM card to a complete stranger and telling them the pin.

online-dangerous-website

This site has No Security which you can tell by the lack of the “s” in the URL (SSL security), which appears on the check out pages of credible sites:

security-online

They then ask for your payment info including your CCV, which means that they have your privileged information and so does anyone that hacks their site.

But surely they can’t do this, no online payment processor would allow this to happen? I hear you say. If you look at the code, they don’t use an online processor. It looks like they receive your full personal information, credit card number and CCV VIA EMAIL and then use a manual terminal to put it through. Ofcourse its massively illegal to do so, you don’t know if they have the latest anti virus or anti Spyware on their computers. Frankly speaking if they are willing to break PCI DSS regulations you can be sure they don’t know the consequences of security at all.

Its not that i have a personal dislike for CompanySetup.ie but as a fellow online retailer, it is infact me that suffers from their ignorance. If your card is stolen and someone buys Bikinis or Costumes from one of my stores – the person who’s data has been stolen will infact receive back their money from Visa or Mastercard – If you used Laser then we’d give you your money back, but as your not entitled to it under law most stores wouldn’t. So essentially we end up sending a fraudster some product and receive no payment, because of amateurs like the above company. Often who cannot be traced back to due to low volumes of sales and they continue to operate illegally sending fraudsters more personal information and card details. How long could this go on? Well the above site has been in operation since December 2005.

Really i think the “.ie” domains need to be closer monitored, so that customers can trust them.

Another thing that really gets my goat, sorry if i’m ranting on, is claims that sites are things they are really not. Not just the above, but in the Fancy Dress business this practice is ripe. For example a new site launched this week which is claiming to be “Ireland’s Largest Online Store” on its first day launched. Not just the largest in its industry, but the largest of every industry. Not bad for a business which is seemingly run out of a garden shed.

If you want to make such a claim on Radio or Television you better have the data to back it up, so why shouldn’t online businesses have to substantiate their claims to be the cheapest or the biggest.

Also it would be very embarrassing to be LYRATH ESTATE Hotel, who’s credible name will no doubt be dragged down in some peoples eyes due to this association with a rogue business.

########### update 24/07 11.30pm ############

In a conversation on Twitter about this post with Brian Honan of Security Watch pointed out that PCI DSS is not a legal requirement only an Industry standard and that the article may confuse readers. To clarify what i meant in terms of legalities is the data protection act section 2(1)(d) which states that “appropriate security measures shall be taken”, which factors in the potential harm caused and the nature of the information store. But really you don’t need to be a genius to work out that when taking something as important as a credit card number you need to factor in special care.

Also if (when) the merchant becomes aware of this practice heavy fines can be implemented for breach of contract.

########### update 03/11/09 15.41pm ############

Got a lovely Email from Alan from the Data-Protection agency who’s been looking into the above story. The above company were unaware of the dangers of what they were doing. And have taken steps to get more secure by adding SSL.

invalid-ssl

Had to laugh though, they put up a big sign on their site saying how UNSECURE they are! Hopefully though the people at data protection will get them to contact their bankers for some advice before the bankers get on to them with the fines.

5 Responses to Is it too easy to set up an Online business?

    Leave a Reply

    Your email address will not be published. Required fields are marked *