Trust and Electronic Commerce
by Duane Reyhl

[Note: This article originally appeared in the August 1999 edition of The Greater Lansing Business Monthly.  
Duane Reyhl, CPA, is a senior manager with the firm of AHP]

Contents:
Do you feel safe?
What are the standards
Disclosure of business practices
Transaction integrity
Information protection
Conclusion

Related information:
Are You Ready for E-business? (steps to assessing your readiness)

 

Do You Feel Safe?

A lot of people feel that buying over the Internet is like buying a watch tacked to the inside of a shady character's trench coat. As you consider putting your business on the Internet, how do you change this perception? Trust and security issues top the list of potential customers' concerns about purchasing goods or services via electronic commerce. How do you build the confidence to buy among visitors to your e-commerce site? Of course, strong content and easy navigation are critically important because they demonstrate professionalism and, without these fundamentals, customers won't even linger long enough at your site to buy anything. Content and ease of navigation give your site credibility, but they're not enough.

Building trust is no simple task. Unless you have an established, commonly recognized brand with a built-in trust factor, you have an uphill battle. This article will show you some of the ways to demonstrate professionalism, trustworthiness and your commitment to keeping customers' information secure.

While there are no uniform standards of trust-building on the Internet, several organizations have created programs for online merchants and others conducting e-commerce aimed at increasing customers' trust in e-commerce sites. BBB Online (www.bbbonline.org), a subsidiary of the Council of Better Business Bureaus (www.bbb.com), announced in June that it will develop a "Code of Online Business Practices" to help address customer protection issues. The BBB currently has a program of awarding online seals to qualifying businesses that meet certain standards for customer satisfaction and truthful and accurate advertising. The organization TRUSTe (www.truste.org) also has a program whereby it awards a seal of approval to organizations meeting its established criteria. Finally, the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants jointly developed the WebTrust (www.cpawebtrust.org) seal of assurance to assist entities and customers in assessing the risks of doing business with one another.

All three organizations provide for the placement of an electronic seal of approval on your web site. Each seal implies conformity with different benchmarks. Whether the addition of a seal adds to your site's trustworthiness is directly proportional to your customers' recognition of the seal and the value they place on it. Of more importance are the underlying disclosures and practices which in themselves can instill trust.

The WebTrust principles will be discussed here because they include a comprehensive set of elements essential to building trust in your e-commerce site. The elements, which can be applied to both business-to-consumer and business-to-business electronic commerce sites, are grouped into the broad areas of business practices disclosure, transaction integrity and information protection.

 An organization should disclose and follow its important business practices for electronic commerce transactions as it relates to how the business provides goods or services and how it communicates with customers. Generally, there are four categories of disclosures:

• A clear description of the goods or services that will be provided. This is the place to be expansive rather than restrictive. Since your customers can't "touch" what you offer, they must have confidence in what they will get.
  

• The terms and conditions by which your business conducts transactions, such as the time frame for order fulfillment, normal delivery methods or options, payment terms, electronic settlement practices and product return policies.
  

• Customer support and service disclosures about warranty information, repair service or technical support.
  

• Information that enables customers to ask questions, file claims or register complaints. Disclosure of the company's toll-free telephone number, hours of operation and actual address (not a post office box) all add to your credibility.

An e-commerce business must maintain effective controls in order to complete and bill a customer's transaction as agreed. Six areas of control contribute to maintaining transaction integrity:

• A process for checking transactions for accuracy and completeness and having the customer review and acknowledge the transaction prior to processing.

• Controls for ensuring that orders are processed and delivered as requested.

• Effective controls for processing bills and payments as agreed, including the display of prices and other charges for the customer prior to processing the transaction.

• A mechanism for retaining transaction histories that permit follow-up as needed. This mechanism would normally include the use of a unique identifier for each order.

• Procedures for monitoring the organization's disclosure of its business practices, its transaction integrity controls and implementation of necessary corrective action.

• An effective organizational control environment with strong "tone at the top" as evidenced by management's commitment to customer service and the maintenance of sound business policies.

The third element of trust demands that an organization establish and maintain reasonable controls, policies and procedures to ensure that private customer information is protected from uses not related to the organization's business. The key components of information protection consist of the following:

• Controls to protect private customer information as it is transmitted over the Internet, including use of encryption technology such as Secure Sockets Layer (SSL) and digital ID certificates. (VeriSign, Inc. at www.verisign.com has a good discussion of the latter.)

• Controls to guard against the unauthorized access or use of private information that is retained on the organization's system, including the use of firewalls, customer passwords and policies that require customer permission to distribute any private information (for example an e-mail address) to others.

• Mechanisms for protecting customers' computers and files that might include seeking permission for placing cookies on a customer's system and use of antivirus software on the web site.

• Monitoring procedures for assessing the continued effectiveness of controls over information protection.

Admittedly, the areas described under the general elements of disclosures of business practices, transaction integrity and information protection are extensive topics in their own right. Each area requires significant thought and planning prior to implementing it into your web site, but you can use the information as a starting point for assessing your site's ability to foster trust among your most valuable asset - your customers. After all, you don't want to be seen as just another trench coat vendor on a street corner.

Additional reading

• WebTrust Principles and Criteria

• E-Commerce Times  (http://www.ecommercetimes.com)

• The Standard  (http://www.thestandard.com/subject/ecommerce/)

• Upside Today  (http://www.upside.com/Ebiz/)

• ZDNet E-Commerce Best Practices (http://www.zdnet.com/enterprise/e-business/bphome/)

• Better Business Bureau Code of Online Business Practices