On 3/29/2012 3:42 AM, Kevin Chadwick wrote:
On Tue, 27 Mar 2012 18:29:29 -0700
John Nagle wrote:
Anything that takes a credit card should have at least "organization validated".
Can you actually think of a reason for that?
Anonymous online businesses are illegal.
It's a criminal offense in California to accept a credit card on line
without previously disclosing the actual name and address of the
business. Business and Professions Code, section 17538:
"Before accepting any payment or processing any debit or credit charge
or funds transfer, the vendor shall disclose to the buyer in writing or
by electronic means of communication, such as e-mail or an on-screen
notice, the vendor's return and refund policy, the legal name under
which the business is conducted and, except as provided in paragraph
(3), the complete street address from which the business is actually
conducted. ... Any violation of the provisions of this section is a
misdemeanor punishable by imprisonment in the county jail not exceeding
six months, by a fine not exceeding one thousand dollars ($1,000), or by
both that imprisonment and fine."
Ref:
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=17001-18000&file=17530-17539.6
The European Union is even tougher. The EU Privacy Directive
is often mentioned, but that's for individuals. Businesses
come under the European Directive on Electronic Commerce,
2000/31/EC.
"service provider": any natural or legal person providing an information
society service; (by which they mean a web site)
....
Member States shall ensure that the service provider shall render
easily, directly and permanently accessible to the recipients of the
service and competent authorities, at least the following information:
(a) the name of the service provider;
(b) the geographic address at which the service provider is established;"
....
Ref:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:EN:HTML
If you can't easily tell who's behind a web site, and it's engaged
in commerce, the site operator is a criminal.
We (as SiteTruth) work to make web site ownership more visible,
as you can see at the "sitetruth.com" site. We encourage the CA
and browser communities to work toward that. Get tough on
anonymous businesses. The law supports you in this.
John Nagle
SiteTruth
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
