Potential risks to an organisation of committing to an e-Commerce system

Potential risks that an eCommerce organisation may encounter are credit card fraud, identity theft, chargeback fees and delivery disputes to name but a few. We’ve previously spoken about the advantages of introducing an eCommerce system to an organisation however we’ll now talk about the risks…

Marketing Resources

If nobody knows a website exists, it can’t be expected to generate sales so ongoing marketing and maintenance of the website is necessary.

Marketing can come in the form of paid advertising (such as pay per click ads or product placement in videos) which delivers traffic to a website quickly and easily but comes at a cash price. Many businesses try to generate organic traffic through search engines by creating high quality, unique content people are already searching for. This is a slower, time consuming, longer term marketing strategy which requires in-house or third party copywriters, designers and SEO analysts.

Social media marketing also plays an integral in most eCommerce businesses. Whilst sponsored or pay per click ads can be purchased on Facebook and Twitter, generally these link back to the businesses own social profiles which require constant updating with unique content along with customer interaction.

If businesses don’t have any kind of marketing or social media strategy to promote their websites, then there’s a risk that they simply won’t be found online by prospective customers.

Website Maintenance

Customers expect an eCommerce website to be updated regularly with new prices, products, photos, seasonal offers, updated stock availability status etc… they also don’t want to see broken links, missing images and price discrepancies.

Keeping an eCommerce website up to date requires time and some level of training in how to manage basic tasks. Technical knowledge may not be necessary to carry out basic tasks but it’s important that technical support is available when needed for more complex changes.

Investing in new technologies and best practices is also necessary to keep up with competition. If one company has a mobile eCommerce app and responsive website that is regularly updated but another company has a website that doesn’t work on mobile devices and is never updated, then it’s only natural customers will be more tempted to use the company that makes things more convenient for them and seems to care about their website and customer experience.

If a company doesn’t invest in new technology and fails to update their eCommerce website, customers will grow frustrated and may take their custom to competitors.


The more exposure your website gets, the greater the chance that hackers will attempt to breach whatever security measures are in place either for profit, data, to promote political ideals / beliefs or simply for fun / because they can.

SQL injection, Cross site scripting (XSS), Clickjacking, exploiting unpatched software, social engineering or DDoS attacks (distributed denial of service) are popular techniques used by hackers to bypass or compromise servers and website security.

Preventing any website from being hacked is impossible to guarantee but there are several ways that help such as

  • SSL certificates (which encrypt data between an end user and a server)
  • Strong firewall and filtering in place on servers
  • Up to date anti virus software on server and networked devices
  • Regular backups of website
  • Creating different user roles and allow them to execute only the minimum amount of commands they need to accomplish tasks.
  • Ensuring all users use strong passwords
  • Two factor authentication
  • Giving admin access to limited users, only from known IP addresses
  • Regular automated and manual testing procedures
  • Regular security audits (both internally and by a trusted, specialist third party)

If a business fails to take security seriously, they risk putting their profit, sensitive customer data and entire business reputation on the line.

Delivery Issues (refunds / returns)

Most eCommerce websites have arrangements with shipping companies to handle customer deliveries. They may also have a variety of shipping options to consider such as traceable deliveries (which keep all parties informed of an items whereabouts) and signed deliveries (which require a signature upon delivery to the customer).

On occasion, goods may be damaged or lost in transit and it’s important that businesses agree up front with the shipping company who pays for the cost of those goods and what type of insurance / compensation policies are in place.

Customers may also want to return items (which they’re entitled to do under law thanks to the Sales of Goods Act and Distance Selling Regulations) and it’s important to agree up front what the policy for returns is i.e. whether the customer or the business pays for the shipping and how / when / under what conditions the customer will be refunded or given a credit note.

Slow or expensive delivery may also result in negative feedback for the business even though they’re not directly responsible for the delivery process so it’s important an organisation forms a good working relationship with a reputable shipping company to help avoid potential delivery issues.

Payment processing fees / chargebacks

In order to sell goods online, a business needs to be able to accept credit cards, bank transfers, digital currencies or other forms of payments.

Traditionally, businesses had to set up a merchant bank account and a payment gateway in order to handle payments online however there are now many payment providers which specialise in handling payments and reducing the complexity of payment processing online in return for a small monthly fee, a ‘per transaction’ fee or a combination of both.

Paypal and Stripe are two popular payment providers that make it easy for businesses to accept payments on their websites and both take a cut of sales made and charge a small percentage per transaction in addition to a small fee (i.e. 2.4% + 20p per transaction).

Chargeback fees are something businesses need to be aware of. A chargeback is where the customer disputes a transaction (for example if they see an item on their credit card bill they don’t understand or forgot about). The credit card company then investigates the case and in many cases charges the business automatically regardless of the outcome of the case. Chargebacks fees can range from nothing to £50 and every payments provider has their own fee and rules.


UK Companies must comply with a number of laws when operating an eCommerce website including:

  • Data Protection Act 1998 (determines how a company can store personal data on servers)
  • Computer Misuse Act 1990 (deals with hacking)
  • Consumer Credit Act 1974 (offers protection to customers buying goods with credit cards)

EU eCommerce regulations state that all websites must contain the following information (where applicable):

  • Name, registered address, postal address and email address of the business or website owner
  • Limited company registration details including VAT numbers
  • Details of professional or trade association memberships

Distance Selling Regulations state that all eCommerce businesses must display the following information clearly on a website:

  • Who the supplier is (i.e. the company name & details)
  • Price of goods and services
  • Payment and delivery terms

There are also laws governing how newsletters and emails are sent. Businesses must have the permission of users to send emails and all emails must state clearly who the email is from with the ability for the user to opt-out or unsubscribe from further emails. Failure to comply with these laws results in frustrated users, bad publicity and potential fines / legal issues.