A storefront to regard with caution?
I encountered this online storefront titled "Jewellery Discount Store" as a result of an online search for gold jewellery as a retail customer. However, despite its reasonably high search ranking and apparent reasonable prices (which I quickly noted were actually exclusive of VAT in searches), some early obvious signs made me stop short of proceeding...
In performing due diligence prior to any personal details being given or payment sent I observed the following:
- The business has no physical storefront (acceptable these days).
- The business address is a PO Box and is not reasonably traceable to a fixed location (treated with caution).
- A given location for a business of the exact same name is sited in the middle of an empty field near Romford (Google maps) (potentially suspicious).
- I found no valid names claiming to be this businesses owner using Companies House database (regarded with caution).
- I find no related sole trader or limited company claiming this business by its advertised name using the Companies House database (regarded with caution).
- The only contact number given is a premium rate line (regarded with some caution).
- I found a facebook profile with zero reviews (regarded with caution).
In fact, the only positive aspect of my findings is that the registered domain name has existed since 2001 and that PayPal can be used in order to 'Firewall' sensitive payment details.
However, to heavily counter this I, observed that:
- the business' 'facebook page' provides a url that does not use HTTPS and may therefore allow personal details to be passed over the internet in unencrypted form, liable to interception. This is at odds with the HTTPS url returned by a search provider.
The website uses a legacy online storefront and 'shopping trolley" system from the early 2000s and is therefore likely to be more vulnerable to hacking attempts as security updates rely on the website operator's vigilance alone (other than the PayPal link).
Together, the above findings paint a picture of a potentially inadequately managed online presence in terms of regularly updated security and care for customers" personal info.
Most notably - It is NOT possible to utilise the PayPal button in the checkout page without first inputting a great deal of potentially unprotected personal details (Paypal already encompasses the full ID and billing/delivery address details for its client's purchases). So why the need for more personal details?
The business' terms and conditions state that it is actually a Business -to-Business (B2B) enterprise and that consumer rights (like the 14-day cooling-off period) may not apply in the same way as standard retail sites. However, the site appears to accept orders from private individuals without providing any business identity and therefore could only be reasonably described as a private retail order.
In summary, potential customers should carefully decide before parting with their personal information.
For the business owner, it may be prudent to provide customers with some evidential traceable ID for the business in order to give any confidence that transactions with its customers are worth the risk and to demonstrate that the business takes reasonable care to secure customers' personal information.