This section on your website is crucial and falls in line with the new regulations privacy law(GDPR) introduced by the European Union. Protecting both you and your client by making all parties aware of their rights and obligations. Having specific terms and conditions in place minimizes the risk of ambiguity or misunderstanding.
Here are some of the things that your website needs:
Privacy and Cookies with clear instructions on the use of sensitive information. It should specify what data collected from your customers and how it is processed. Informing what information is stored or moved to a third-party vendor.
Your clients have to have an option to alter or delete their data. A confidentiality obligation agreement needs to be in place between you or any contracting parties you might use in the future that abide by data security and encryption laws.
Payment and Pricing particulars with all the extra fees listed and all the available payment methods accepted mentioned on your website. It’s also important to add information about how tardy or overdue payments will eventually be handled and what will be done in the possibility of any payment disputes.
Cancellation Policy to provide your customers with an option to cancel your product or service, this can be an extra assurance edging your customers to click on the ‘buy’ button.
Refund Policy should be as transparent as possible for customers, to inform them of what to do with stock bought on your website in specific circumstances. Merchants have to make it their responsibility to replace or provide a refund if the service or item is not as illustrated or does not function properly.
Legal Liability included making it easier to determine what happens in certain situations where compensation is requested.
Your terms and conditions must abide by consumer laws. However, you can always limit your liability.
These options need to be clear and visible for your customers as well as easily found on your website.
Delivery and Shipping
When it comes to delivery and shipping, it all comes down to what you are selling. If you are exporting a particular product, it is essential to mention the delivery time frame and any limitations on shipping destinations, where you can ship your goods.
Usually, at the bottom of each page as a footer on your website, there might be an imprint of the following;
- Legal Company Name or DBA Name (Doing Business As)
- Physical Company Address
- Email Address and Phone Number
- License Provider and Number (Depending on business model)
- Company Number, Date and Country of Registry
- VAT Details(if applicable)
Your website should also have a Contact Page where your clients get all the available information to be able to reach your customer support.
If you are selling or providing a particular service, it is vital to provide an in-detail description of each item.
The payments page or checkout page if you will, needs first to be encrypted via an HTTPS connection. Other than that the payments page also should provide the customer with clear details on the items or service they wish to purchase and all the taxes and fees included. With a unique transaction identifier in place for future reference.
Your payments page should also include a display of all the cards brand logos that the customers are able to use.
If your service requires recurring payments, such details should be shown;
- If the amount varies or is fixed
- The amount of the recurring payment
- The date of the recurring transaction, as well as the finishing date
General PCI Requirements
PCI Compliance is a requirement set by credit card companies in order to make online transactions shielded from identity theft. This is generally for all the merchants that want to be able to manipulate cardholder data. To open a merchant account, you don’t have to be PCI compliant. However, when you start processing card payments, the answer depends on which checkout method you have utilised.
If you use a hosted payment page provided by your payment processing company, you don’t have to be PCI DSS compliant. In this case, only your provider must fully comply with Payment Card Industry standards.
If you have integrated a checkout form directly on your website, and there is no redirection to your provider’s payment page, then you have to comply with PCI data security standards according to card schemes’ rules.
Build and Maintain a Secure Network
- Install and maintain a firewall configuration to protect cardholder data.
- Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect Cardholder Data
- Protect stored cardholder data.
- Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program
- Use and regularly update anti-virus software or programs.
- Develop and maintain secure systems and applications.
Implement Strong Access Control Measures
- Restrict access to cardholder data by business need-to-know.
- Assign a unique ID to each person with computer access.
- Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
- Track and monitor all access to network resources and cardholder data.
- Regularly test security systems and processes.
Maintain an Information Security Policy
- Maintain a policy that addresses information security for employees and contractors.
Having these aspects visible on your website will undoubtedly speed up the process of getting your merchant account approved.
This whole process, in general, can be quite extensive but “The best preparation for tomorrow is doing your best today”.