In South Africa, ecommerce transactions are regulated by the Electronic Communications and Transactions Act 25 of 2002 (ECTA) and the Consumer Protection Act 68 of 2008 (CPA). It is important that companies doing business over the internet are aware of the details of these two key pieces of legislation, with retailers having to be on their toes in this ever-evolving space to confidentially build direct-to-consumer relationships and sales.
Allen Jaffe, CEO eComplete, partner to Smollan takes a closer look around crossing t’s and dotting i’s as the digital economy continues to expand in scale and sophistication at an unprecedented rate.
Undoubtedly, the cornerstone of any successful online brand is to meet the regulatory requirements of the markets they are selling in. This includes things like, intellectual property violation, protecting consumers stored data and sets the standard for secure authentication methods. So too, it includes customer service and expectations and the intricacies around data breaches, consent, integrity, and accountability. Simply put in a www.businesstech.co.za article – “as easy as it is to set up an online store, it is just as easy to suffer reputational harm from poor and unfair business practices.”
As the ecommerce boom evolves, caution must be exercised by online retailers in SA to be mindful of the sharp increase in consumer complaints – with the fall out being that many retailers are struggling to cope. From issues lodged around timely delivery of goods and services as well as fraud – businesses should be alive to this risk and take steps to mitigate. Other common threats include malware, illegal sharing of data and the risks associated working with third-party vendors, digital security regulations and data privacy laws.
An interesting aside in the rush to stay ahead of the ecommerce game, the stats as per www.ecommercedb.com offer an ‘at home’ perspective in the bigger scope of things. Noting that South Africa is the 42nd largest market for ecommerce with a predicted revenue of US$7,217.8million by 2023. The biggest players being Takealot, Superbalist and Woolworths.
As these market leaders take ecommerce to new heights in SA, with newbies entering the fray on a daily basis, www.payflex.co.za reminds us that the law is fluid and subject to change. Making it vital to stay informed and tuned into the regulation heartbeat. Spotlighting the most important legislation to keep in mind when contracting on the internet in SA, namely – the aforementioned ECTA (governing online and electronic contacts); CPA (applies to every transaction around fair value, quality of the goods, reasonable terms and conditions); POPIA (around right to privacy and use of personal data); NCA (regulation of all credit transactions) and RICA (regulating the interception of communication).
Indeed, digital merchants have a task at hand making sense of legislation and regulation. With the launch of POPIA there are hefty fines around sending unsolicited emails, yet it appears that the lack of enforcement has led to this being abused by some while the majority are playing ball. That said, over and above ticking relevant regulatory boxes, understanding the threats beforehand makes it easier to safeguard businesses.
Here are recommendations for companies operating in this space:
- Ensure you have all policies on your site which includes POPIA, T&Cs, Shipping and Delivery and Dispute Resolution.
- Being POPIA compliant is essential and ensures that clients are double opted-in to avoid a hefty fine.
- Terms should cover the CPA – you should know the clients’ rights and yours. For example, a zero-rand product that is sold is not intentional and you do not need to honour it.
- Your site needs to be secure to avoid a data breach. All sites should run a web application firewall with intrusion detection, and limit access from high-risk countries.
- If you store credit card information, you need to be PCI compliant. It’s better to use third party payment gateways that have this certification to avoid risk e.g., Peach Payments.
- Websites must be maintained and patched against the latest threats to avoid unauthorized access.
- There must be strict controls around access, security and most importantly data breaches.
- A Disaster Recovery Policy is recommended should your site get hacked. With backups to avoid minimal downtime.
- Professional Indemnity Insurance is imperative to cover a breach, along with Cyber Insurance.