Doing Business on the Internet: Avoid Getting Scammed
Within the past month, I’ve had three clients with interesting problems associated with their online Internet businesses, which just makes me hang my head down in frustration, wishing there was an easy way to help them out of their troubles.
All these clients have experienced very different problems, but all highlight the pitfalls and challenges associated with doing business on the Internet, and how the untrained or uninitiated can stand to lose hundreds of thousands of dollars if not careful.
For this blog article, I’m going to first make some general statements about online businesses and the technology behind them, to create some context. Then, I’ll discuss both situations and how these clients could have avoided trouble in the beginning. My hope is that you will learn from this, take the right steps if you do decide to do business on the Internet, and if you are already doing business on the Internet, that you’ll start taking precautions to avoid pitfalls or costly problems down the road.
An Overview of an Online Business
There are many “major components” that go into an online business. All these components, taken together, comprise your typical online store, e-commerce website or other Internet business.
- Domain Name – The domain name is what is used to uniquely identify yourself on the Internet, such as www.amazon.com, www.fedex.com, etc. The domain name is purchased through a “domain name registrar” (although most web hosting companies are resellers of domain names, making it a bit confusing who you’re purchasing your domain name through), and each domain name is owned by someone or some company, which is known as the “domain name registrant.”
- Website / Software – What you see rendered on someone’s computer greatly oversimplifies what goes on to display that web page. In the most extreme cases, consider amazon.com or facebook.com. Specific, customized, database-drive programs who know whether you’ve been to the website before, or are a new visitor, build custom pages for each and every website visitor. This website at Law 4 Small Business runs using software called WordPress, which gives our firm the ability to write articles and post information quickly, without having to program each webpage in the arcane HTML language. Almost all websites utilize some form of software, whether custom developed or using off-the-shelf third-party products (i.e. like WordPress).
- Database / Third-Party Products – To produce a webpage, the software that renders webpages also uses a number of other products to do its job. Those products include a database (i.e. MySQL, Oracle or others), SSL certificate, possibly ad servers, third-party tools, etc.
- Web Hosting – Your domain name points to an actual computer (or cloud) somewhere on the Internet. That actual computer (or the cloud – which is actually a network of computers) is what is called the “web host,” and the company that provides the web host is called the “web hosting company.”
- Content / Images – Depending on what your business does or how you sell, you probably have some form of content that is a combination of images, articles, and information, that is, in turn, some combination of “your content” and “someone else’s content”. Consider this website at L4SB: We’re a bunch of lawyers, so almost all of the text and articles are ours, although we’re terrible photographers and graphic artists. So, we’ve licensed or purchased virtually all the images and graphics on the website from others.
- Merchant Accounts / Bank Accounts – A merchant account is simply what you use to conduct credit card transactions. Whether PayPal, Google Wallet or your own account through your bank, a merchant account is absolutely required if you want to collect monies using a credit card.
With the exception of merchant accounts, every website on the planet utilizes all the major “website components” I just listed for you above. Yes, there are many providers out there that may combine one or more components, but I promise you, your Internet website consists of all those components, and potentially more.
Given those components, let’s discuss how two of my clients have recently been scammed, as a means to show you real-world instances of significant fraud, and we’ll conclude with suggestions on how to avoid problems like these and others.
The Case of the Fraudulent Business Seller
To protect the innocent, I’ll call my first client Bob. About 6 months ago, Bob purchased a successful online business from a third-party for $40,000. Bob was happy initially happy with his purchase, although things started to go south almost from the minute he paid the seller.
The first issue happened at closing (when documents get signed and monies get transferred). Bob was smart enough to deposit his funds into escrow, although Bob turned over the money before the purchase agreement was signed. Normally in the sale of a business, all documents are signed, and then the money is turned over. Bob didn’t do this because the seller told him, “I’m not going to sign over everything to you, until I have the money in my hand.” So, Bob turned over the money, but then the seller declined to sign the purchase agreement. The purchase agreement was important, because it contained a number of promises (i.e. representations and warranties), including a non-compete clause. Well, the seller didn’t sign, but Bob did have access to the website, so he thought he was okay.
The second problem wasn’t really a problem in Bob’s eyes in the beginning, but it’s turning out to be a BIG issue now. That problem is, the name and contact information for the payment was different than the name and contact information for the website and what was on in the purchase agreement. Stuff wasn’t connecting. Again, Bob didn’t think this was a big deal, given that he had access to everything.
So, Bob ran his newly acquired business for 4-5 months, then ran into a new series of problems.
First, the individual he purchased the business from, started competing with him. Worse, the seller used his superior knowledge of the industry and access to the software he sold, to cheat by marketing directly to Bob’s customers.
Second, within days, Bob’s website simply stopped working. After some investigation, it turns out that his domain name is owned by someone else entirely (who appears to reside in Canada), who is not responding to his emails, demands, questions or complaints. His website is dark, because his domain name was transferred away from him without his knowledge or consent.
Third, his web hosting company doesn’t know anything about the domain name transfer and cannot help him. However, he’s incurring expensive hosting fees on his account, although his website is not bringing him any revenue. Worse, Google and the other search engines will see the change of his domain name, and quickly de-rank his website, further reducing the value and capability of his business every minute and hour his website stays dark.
Fourth, because he doesn’t have any signed purchase agreements, and even if he did, he’s not exactly sure who he did business with, he has little recourse. He suspects the guy that sold him his business is located in Canada, but he’s not sure.
If we knew who the seller was, and the seller was located in the US, we could take immediate action by seeking a temporary restraining order (TRO) and injunction, and probably have Bob’s website back up within 24 hours or so. We could then sue the seller for fraud, misrepresentation, breach of contract, and other civil penalties.
However, because Bob doesn’t know specifically who the seller is, and believes the seller may be located in a non-US country (i.e. Canada), Bob’s choices are very limited. Bob should seek legal counsel in the jurisdiction where he believes the seller is located. Canada has similar laws, and I believe a TRO process, so assuming Bob can figure out exactly who the seller is, Bob can avail himself in Canada. Bob can also go to the Internet Corporation for Assigned Names and Numbers (ICANN), which has a number of dispute resolution procedures, depending on the circumstances. In Bob’s situation, it’s likely he can seek resolution with ICANN’s Registrar Transfer Dispute Resolution Policy, although it could take months before he wrests control of his domain name back to him.
Finally, Bob’s problems are not over, even if he does wrest control of his domain name back through an ICANN proceeding. His hosting company may be suspect and/or the software has potential Trojan horses giving the seller access to his business and customer data. He is also looking at months of lost revenue, de-ranking by Google and others, and ongoing expenses with legal bills, hosting fees, merchant account fees, etc.
The Case of the Slimy Web Developer
I’ll name our second client John. John runs a successful retail outlet somewhere in New Mexico, and about six years ago, decided to start an e-commerce store to work in conjunction with his retail store. By April 2014, John has spent over $400,000 on website development, but his investment has paid off handsomely as his online presence is generating more annual revenue than his retail location.
The problem with John, is he’s getting up there in years and is looking to sell his business. His thought was to split the retail from the online business and sell the two separately to two separate purchasers. Sounds simple, right?
Well, it turns out that John has been paying a web developer all these years to (1) build, (2) maintain and (3) host his website and domain name. After quick investigation, I informed John that his web developer, and not John, are listed as the domain name holder. I asked John to send me his contract so that I can review it, and John informed me there was no contract, but he’s “damned sure” it’s his website and domain name. I instructed John to contact his web developer, to just make sure and that’s when John received the shock of his lifetime.
The web developer thinks the website and the domain name are his, and that John isn’t entitled to do anything with the website other than continue to fork over lots of cash to continue to pay the web developer for maintaining and hosting the website. Unfortunately for John, the web developer is partially right.
Software developers, web developers, photographers and other creators actually own the copyrights of the things they produce, under US Copyright Law, unless (1) they are actually employees (not contractors), or (2) there is a contract that specifically says “Work Made for Hire,” granting copyright ownership to the party hiring the services.
Therefore, the web developer is right, in that he actually owns the copyright to any and all software he may have developed. Yet he’s wrong in thinking he owns the entire website and domain name. John owns a copy, although he is not free to make copies or derivative works. Also, John owns whatever content he has contributed to the website. Given the substantial dollar amounts that John has paid the web developer, it’s very possible to argue inequity given that no one spends upwards of $400,000 on a website without expecting full and complete ownership. This is a tough argument to make, but it’s something.
What I call this is “a stalemate,” in that neither party owns everything outright without a serious and protracted legal fight. In the end, everything will depend on emails, what experts say is “reasonable under the circumstances” or what a “reasonable person in the same field” would come to expect.
In the end, while John is making money off his e-commerce website, he’s held hostage by the web developer and will very likely NOT be able to sell the website to a purchaser without some sort of compromise and payment to the web developer, which was definitely not what John was expecting.
The Case of the Forgotten Images
Our third client, Sue, hired a small, private web development firm eight (8) years ago to design and develop a simple, 8-pages website for their small business.
The website is very simple, containing 8 pages of information about the company, including a homepage, contact us page, about us page, and various services offered by the company. Each page contains a unique header graphic that has something to do with the business, with the remainder of the webpage containing information about the business.
About three months ago, or after eight years have passed since the creation of their website, they received a demand letter from a law firm representing Getty Images, alleging that three of the images contained within the website’s headers were unlicensed images from the Getty image library, and therefore demanding $12,000 per image in fines, because each image is copyrighted and therefore infringing use is subject to statutory damages under 17 U.S. Code § 504. The demand letter did say they would be “willing to settle for $8,500 if paid within ten (10) days.”
Turns out that the small, private web development firm Sue hired simply borrowed those images and incorporated it into the website Sue paid them to develop. Reputable web development firms would never do this, but getting a proper license to images does cost more. Unfortunately for Sue, there was no contract with the small, private web development firm and the firm was no longer taking calls or answering emails. Sue was stuck.
Fortunately, we were able to help Sue negotiate a lower settlement, AND make sure Sue received credit for the settlement so Getty could never come back after her. Suffice it to say, Sue ended up spending a lot more for her website than she originally intended.
It’s Easy to Get Screwed
There are so many pieces to the puzzle, and so many areas that can go wrong, that many business owners claiming a stake on the Internet often find themselves being taken advantage of more technical or knowledgeable, yet less scrupulous, individuals. While there is no surefire method to ensure you don’t get screwed or taken advantage of, there are some general tips you can follow and some specific advice to consider for all aspects of your Internet presence:
- Attorneys – I know this is self-serving, but why would you do an important or expensive deal without hiring a good business attorney or Internet lawyer to help you? They will know the ins-and-outs of transacting business, and can raise red-flags before you get into trouble or lose money.
- Contracts – It’s simple: Do not pay for anything, exchange money, or utilize anyone for services until you have a contract in place and that contract has been reviewed by an attorney. L4SB has a flat-rate, $25/page (min 4 pages), contract review service that is fast and cost-effective.
- Reputable Contractors – Don’t hire anyone, whether web developer, software developer, photographer, graphic artist, anyone, without a contract, references you’ve called and verified, and who are willing (and agree in writing) to (1) give you full ownership and copyrights to everything produced for you, (2) make it easy to “leave” if they are maintaining or running your website for you, (3) guarantee, warrant and agree to indemnify you for any third-party lawsuits or cases of infringement, and (4) don’t lock you into a contract for more than a year.
- Proper Ownership – Make sure EVERYTHING is in YOUR NAME, and not the name of your web developer or consultant. Your domain name and all the third-party (i.e. vendor) accounts used for your website should indicate you or your business as the owner and main contact. Don’t forget about Google AdWords, Google Analytics, Facebook, Instagram, Twitter, LinkedIn, and other key social media and online vendor accounts.
- National Presence, Residency, Assets or Citizenship – Yes, we live in an international community and yes, the Internet has made it easier than ever to associate with and do business with anyone anywhere. The problem is, while 90% of the people you come in contact with are legitimate and honest, the 10% of the rest are out to get you, scam you, steal from you or worse. When those 10% do cause you harm, if they are located in the same jurisdiction (or at least nation) as you, it is MUCH EASIER to criminally prosecute or sue for damages, performance or an injunction. The moment you introduce cross-border relationships, everything gets harder. First, you may not be able to obtain legal remedies in some countries, simply because you’re not a citizen or located there. Second, even if you can sue in some countries, it’s very possible that while they may have committed a crime in your country, there may be no laws prohibiting whatever they did in their country. For example, consider copyright infringement. In the US and almost every western country, copyrights are strongly protected and their rights enforceable. Not so in other countries, including India, Bangladesh and China. THEREFORE, to protect yourself, simply refrain from doing business with anyone located outside your country — when it really matters. Buying inexpensive items or services is one thing, but relying on an out-of-the-country individual or business for a key component of your Internet business is tempting fate and giving you little or no recourse should something go wrong.
For each of the “major components” of an Internet business I described above, I strongly encourage you to print out the below checklist, and systematically do what is necessary to put a “check” for “completed or yes” next to each one.
- Does the “registrant” have your legal name and actual physical address?
- Is the “registrant” email address YOUR email address, and not someone else’s or your contractor / vendor?
- Is your domain name acquired from a reputable domain registrar? Is that registrar located in the US?
- Is your domain name “locked,” so it cannot be transferred without your permission?
- Do you have your domain name set to “automatically renew?”
- Is the web host located in the US with a reputable company?
- Are YOU listed as the account holder with the web host, and is YOUR contact information and email address on file?
- Is the web host a DIFFERENT, UNRELATED entity from your web developer?
- Is your website backed up regularly by the web host?
- Do you have a local copy / backup of your website?
- Do you know how to obtain a local copy / backup of your website?
Website / Software
- If your website is custom developed:
- Do you own ALL of the software? (i.e. do you have a contract that conveys rights, with “Work Made for Hire” language in it?)
- Do you know all of the different components of the software, and have you verified that you own proper licenses or have ownership of all the components?
- Have you verified that you have the right to (1) sell, (2) resell, (3) transfer, and (4) create derivative works of EVERYTHING?
- Is your website written in a common Internet language (i.e. APS.net, PHP, Python or Java) and can easily migrate to a different web host?
- Can your website stand on its own, or does it constantly need the attention (and cost) of your web developer?
- Have you tried to put your website somewhere else, and tested to verify it works flawlessly (even with a different domain name)?
- Can your website work perfectly, even under a different domain name?
- If your website uses a common package (i.e. WordPress, etc):
- Have you verified that you have a valid and proper license to use the package?
- Are you sure you and your company are listed as the proper owners of the license of the package?
- Have you verified that you are receiving regular updates / patches to the package?
- Have you validated the costs associated with long-term maintenance / new releases for your package?
- Have you verified that your system is being regularly backed-up?
Database / Third-Party Products
- Have you verified that you have a valid and proper license to use the database and third-party products?
- Are you sure you and your company are listed as contacts for the database / third-party product vendors?
- Have you verified that you are receiving regular updates / patches for the database and third-party products?
- Have you validated the costs associated with long-term maintenance / new releases?
- Are YOU in control of all your important social media accounts and vendor accounts?
- Do your important social media accounts and vendor accounts have YOUR email address listed as the owner of the account?
Content / Images
- For every image, article, graphic, sound-file and video being used, have you verified you have a license to use for the use you’re using it for? (For example, if your e-commerce website sells t-shirts with images on it, and you’re using someone else’s images, you need to make sure your license allows for reselling of those images in this way)
- Do you have ACTUAL, WRITTEN PROOF of each license for each piece of content?
- If you hire(d) someone to produce content for you:
- Is there a CONTRACT with that individual that conveys rights, with “Work Made for Hire” language in it?
- Have you taken some steps to ENSURE the individual is providing original works of art, and not using, combining or incorporating the works of others without your permission and without the proper written licenses?
- Is the individual located in your same country, so you can hold them accountable?
- Did you have an attorney review your contract?
- Is this someone requiring a large up-front payment? If so, beware …
Merchant Accounts / Bank Accounts
- Do you have more than one merchant account? (I.e. because merchant accounts will shut you down without warning under certain circumstances)
- Are you monitoring your merchant account and its transactions, and auditing statements against actual bank deposits?
- Are you working with a reputable company, in the nation you or your business is located in?
- Have you shopped for “mid qualified” or “non qualified” rates? (I.e. these are the rates they don’t advertise)
- Have you limited access to the accounts, such that only
In Summary …
The tips and statements above don’t cover every possible scenario and even if you do follow all the advice, may still not prevent you from being scammed or taken advantage of. However, I believe by following all the advice in this article, you remove many high risks associated with doing business on the Internet. If you are in need of guidance, the attorneys at Law 4 Small Business can answer all of your questions 24/7.