1.1 Online transactions

An e-commerce platform is a means used to sell tangible or intangible products or services directly to users. “Tangible” goods are material items (for example, spin-off products linked to your website); “intangible” goods, which are non-physical, include virtual currency and downloadable media content. Payment is made electronically by credit card, SMS or a prepaid card purchased at a retail outlet. The information in this backgrounder addresses credit card transactions.

You must provide the information needed to allow users to make informed buying decisions: a detailed product description, costs (e.g. one-time or periodic payments, shipping fees), delivery terms, returns and so on.

1.2 Security and protection of personal information

Safeguarding personal data is essential to establishing consumer confidence in e-commerce transactions. To process online sales, payment systems require a great deal of consumer information: contact details, credit card information, bank account number, transaction history and personal identification number (PIN). To protect personal information throughout every stage of the payment process, it is vital to partner with third parties whose payment solutions meet the highest security standards.

Your platform must have a digital certificate attesting that the data transmitted to your website are encrypted to protect against loss, alteration and theft. Certificates can be obtained from the following companies:

• Verisign 
• Thawte 

1.3 How does data circulate during a transaction?

1. Clients place their items in a “shopping cart,” enter their banking information on the transaction form and confirm their purchase.
2. The data on the form is transmitted to a secure server that encrypts data.
3. The encrypted data is sent to a payment processing service that serves as the gateway between the merchant and the financial networks processing the transaction. Payment gateways link transactions to an ID, thus anonymizing cardholder data.
4. The merchant receives the ID from the payment processor.

1.4 Processing payments

Various services let you conclude your online sales transactions. While companies like PayPal generally take care of the entire process, other full-solution providers can offer special features adapted to the needs of your platform — for example, processing digital content sales or providing secure payment solutions designed especially for children.

For more information on e-commerce principles, the following Ontario government document covers the topic in detail:

E-commerce: Purchasing and Selling Online

Online transactions are subject to consumer protection and e-commerce security measures. What’s more, given the nature of the information required to make an online payment, platform operators as well as any third parties involved in payment processing must comply with legislation covering personal data handling. For more information, consult Backgrounder Collection of Personal Information.

CANADA

1. Competition Act

Federal law governing commercial practices on all media platforms; includes a provision prohibiting deceptive marketing practices. The Act applies to all companies doing business in Canada. It has no special provisions for children.

2. Consumer Protection Act

Provincial legislation governing commercial practices, including e-commerce.

Additional information:

• Competition Act
• Provincial/territorial legislation

***QUÉBEC***

Consumer Protection Act

Québec’s Consumer Protection Act prohibits commercial advertising directed at children under 13 years of age on all media platforms, barring certain exceptions prescribed by regulation. The law applies to messages addressed to children in Québec, even for companies based outside the province. If your paid services include in-app purchases, you must be careful about how these are advertised. See Backgrounder Embedded Advertising and Backgrounder Monetization, for more information.

For credit card purchases, the Act also permits chargebacks. If a merchant fails to meet certain requirements — for example, refusing to reimburse the consumer following cancellation of an online purchase — the consumer can make a chargeback request with the credit card company. Note that chargeback claims are subject to a relatively short time limit.

For further information on commercial advertising directed at children

For more details on the chargeback mechanism

UNITED STATES

Federal Trade Commission Act

Federal law stating that advertising should not be misleading or deceptive. This law covers e-commerce and indicates that, to be authorized, all transactions must be based on the cardholder’s informed consent.

For more information, see Advertising and Marketing on the Internet: Rules of the Road

EUROPEAN UNION & FRANCE

Directive on Consumer Rights

This Directive covers online sales and has specific provisions imposing obligations on digital content producers. Producers must provide the following information:

• Product description: system requirements and technical restrictions, details on basic features, known limitations (e.g. not PC-compatible), price (including future subscription costs), information on in-app purchases for freemium/free-to-play products
• Sales terms and conditions: withdrawal period, returns and reimbursement, shipping and delivery
• Company details: name and geographical address, contact information (email and phone)

This information should be available on the product description page, sent by email at time of purchase and readily available at all times on the platform. Furthermore, the Directive grants consumers the right to withdraw from the contract (a.k.a. the right of return) within 14 days of the transaction. To avoid an excessive number of refund requests, producers can ask consumers to waive their right of withdrawal by checking a box marked “Order with obligation to pay,” which serves as express consent.

Directive on Unfair Commercial Practices

This Directive prohibits unfair, misleading and aggressive business-to-consumer practices and sets out a series of practices to be avoided. It also includes a provision for children whereby ads must not include “a direct exhortation to children to buy advertised products or persuade their parents or other adults to buy advertised products for them.”

Electronic Commerce Directive

This Directive targets operators established in the EU for online services, electronic transactions and other online activities, entertainment services (video on demand), marketing, direct advertising and access to internet services.

The Directive repeatedly underscores the importance of protecting minors. For instance, with regard to unfair practices, the Directive states that mobile app stores must remove any apps that directly prompt children to make in-app purchases. It also states that companies must provide the consumer with all essential information and that purchases can only be made with the consumer’s express consent.

Additional information:

• The Directive on Consumer Rights
• European Parliament, Consumer protection measures

AUSTRALIA

Australian Consumer Law

National law that governs business practices.

Electronic Transactions Act

Law of the Commonwealth that covers specific areas of e-commerce, like the validation of electronic signatures.

Additional information:

Australian Competition and Consumer Commission

Electronic Transactions Act

Mobile app stores do not allow you to include a direct link to your online store. The only way to sell virtual goods through your app is through in-app purchases. Additional information:

• Apple App Store
• Amazon Appstore
• Google Play

Canadian Code of Practice for Consumer Protection in Electronic Commerce

The Code establishes good business practice benchmarks for merchants who conduct commercial activities with consumers online. Among its eight key principles are statements to the effect that vendors:

• Cannot hold consumers liable for any charges related to a transaction to which the consumer has not consented
• Must apply effective security mechanisms consistent with current industry standards to protect the integrity and confidentiality of payment and other personal information provided by consumers, as well as ensure that any third parties involved in the payment process do the same
• Must take all reasonable steps to prevent monetary transactions with children

To consult the Code

Canadian Marketing Association (CMA) Code of Ethics and Standards of Practice

This code lays out the best practices and key principles for ethical marketing in Canada and applies to all CMA member organizations. It also includes a section dedicated to the question of children that recommends against:

• Knowingly accepting an order from a child without the parent’s express consent
• Pressuring children to urge their parents or guardians to purchase a product or service

For more information, consult the Code online