The World Wide Minefield

To most small-to-medium enterprises looking to take their companies and products online, it’s a daunting task to understand, evaluate and select the right web design agency and web site hosting company. More often than not, the confused sales manager or company owner has to rely on the advice and guidance of an outside consultant.

The dangers are many, believe me.

One company — I’ll call it Company X — requests a quote for web design, web hosting, online order taking and forwarding, from an agency — I’ll call it Agency Y. Company X has followed the internet security “scare stories” in the press. Therefore, an essential requirement is that the online order must be secured with a recognized authentication certificate.

It’s not an unreasonable request. In fact, it’s very sensible in order to protect the customer’s credit card information and encourage orders.

Agency Y says, “No problem, we have all that!” It wins the business and gets on with the job. The web site is launched with liberal mention of all the right phrases “This is a secure web site,” “You have entered a secure area,” and so on. Company X is mighty proud of its web site and everything is looking pretty rosy for the future.

But there is one problem.

In reality, there is no SSL(Secure Socket Layer) on the web server where the site is hosted. (A good authentication certificate costs money, and the smaller agencies do not necessarily have the budget.) In this particular case, the public is mislead into giving credit card information in the “secure” order form.

Then, the worst happens.

A trusting customer orders the product…and to their dismay, realizes that the order was in fact transmitted openly on the internet. The customer’s card number is “harvested” by web bandits and used for fraudulent transactions around the globe. The customer is justifiably angry he would like some answers.

Who does he go after?

Does he seek retribution from Agency Y? No. In fact, he goes straight for the throat… and sues Company X. Company X therefore finds itself with a hefty bill for legal fees and more hassle than the internet adventure had promised.

Who is to blame?

Of course, the unscrupulous Agency Y. But does Company X have the time, energy and resources to go after Agency Y? Probably not especially with an online business to keep running. (Company X is unable to obtain a copy of the original web site done by Agency Y. Files which mysteriously disappeared from the web .)

The moral of the story….

  • Investigate the background of your web hosting company.
  • Make sure it has a reputable track record.
  • Ask to see its SSL certificate and originator’s name.
  • Request an online demonstration of the web server SSL.
  • Make sure to post a disclaimer on your order form stating that the customer discloses sensitive information at his or her own risk.
  • Ensure that you retain ownership of your web site and ask for a backup copy to keep in your possession.

The above story, by the way, is not fiction. In fact, it happened to one of our clients. Sadly, they are not the only ones to fall victim to the cowboys.

Bad news travels fast on the web, and once your company has been tainted, repairing damage to your business reputation can be expensive and perhaps impossible.

The bottom line: If you don’t have the in-house expertise and decide to outsource….beware, choose your business partners carefully!

Related reading