In recent months, an expectable development with a significant effect to Turkish e-commerce environment has occurred: The Communique on Trust Seal in Electronic Commerce ("Communique"), which regulates the minimum security and service standards to be met by the service providers and the intermediary service providers ("Providers") that are involved in e-commerce activities, for obtaining a trust seal for their e-commerce websites, as well as the rights and obligations of the trust seal providers ("TSP"), has entered into force on June 6, 2017.
The main purpose of the Communique, while introducing the trust seal is to ensure that the Providers that seek one reach certain standards and the disputes between the Providers and the consumers are resolved effectively. The trust seal is expected to improve security and reduce the number of privacy and service quality issues in e-commerce, which will lead to the increase in the sales volumes of the e-commerce websites having a trust seal. It is thusly aimed that a more trustworthy e-commerce environment is created. Therefore, although obtaining a trust seal is not mandatory for the Providers, there is no doubt that having one will create a competitive advantage.
Minimum Standards to Obtain and Retain a Trust Seal
The Providers who wish to obtain and retain a trust seal shall meet the following minimum standards.
- Each transaction containing personal data or payment information being executed with extended validation secure socket layer certificate (EV SSL, and for mobile applications with SSL).
- Penetration tests being performed in certain intervals by the penetration test firms which are approved by the Turkish Standards Institute, and the required measures must be taken.
- Procedures being prepared in accordance with the applicable regulations and administrative decisions, including the regulations related to the products/services of which sale is banned or conditional.
- Measures being taken for the protection of the children.
- Informing obligation being fulfilled related to the Provider, stock information, content and specifications of the product/service.
- Information covering all phases of the transaction and the Provider being provided.
- The opportunity to contact customer services via telephone and at least one of the internet based communication methods being provided, and the requests and complaints being managed and concluded effectively.
Due to the nature of the e-commerce transactions, the Providers shall consider and comply with a broad range of regulations that may affect their e-commerce business. In this respect, the Communique requires the Providers, seeking a trust seal, to be in compliance particularly with the following laws and their secondary regulations.
- Law No. 5464 on Debit Cards and Credit Cards
- Law No. 5651 on Regulating Broadcasting in the Internet and Fighting Against Crimes Committed through Internet Broadcasting
- Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions
- Law No. 6502 on Protection of Consumer
- Law No. 6563 on Regulation of Electronic Commerce
- Law No. 6698 on Protection of Personal Data
In cases where the Provider fails to meet the minimum standards, its trust seal may (i) be suspended, if a correction is not made within a period of 15 (fifteen) days; and further (ii) be cancelled, if a correction is still not made within a period of 30 (thirty) days, subsequent to the suspension date. Yet, the trust seal may also be cancelled upon the Provider's request, cease of e-commerce or intermediacy operations. Providers, whose trust seals are cancelled may be prohibited from applying for trust seals for a specific period that differs based upon the ground of the cancellation.
Obtaining a Trust Seal
In order to obtain a trust seal, the Providers shall apply to a TSP, which is authorized by the Ministry of Customs and Trade ("Ministry") with a protocol. It should be noted that separate applications are required for each e-commerce website. As part of their applications, the Providers shall provide the documents evidencing that the application fee is paid and the minimum standards set forth under the Communique are met. Upon the application, the TSP conducts an examination regarding whether the minimum standards are met and prepares a report within a period of 30 (thirty) days. With this report the Provider is granted either (i) a trust seal, or (ii) (where the minimum standards are not met) a period of 30 (thirty) days for providing compliance with the minimum standards.
The granted trust seals are shown on the home page of the e-commerce media of the Providers. Additionally, Providers may publish trust seals on other pages.
Duties of the TSP
The Communique includes provisions for the operations of the TSP, as well. With the exception recognized for the entities that are located abroad and provide trust seal services, it is forbidden to provide trust seal services without the authorization of the Ministry, or otherwise to provide or use marks similar to trust seal. Other than that, the principal duties of the TSP are designated as follows:
- Assessing the compliance of the Providers with the minimum standards set forth under the Communique, for granting a trust seal,
- Supervision of the compliance of the Providers with the minimum standards set forth under the Communique, after granting a trust seal (in practice supervision actions shall be conducted (i) at any time upon complaint, and (ii) at least once in every year)
- Tracking the EV SSL and SSL validation periods of the Providers granted trust seal,
- Taking all the measures related to the prevention of the unlawful usage of trust seal,
- Reporting the matters which require judicial and administrative sanctions, which are determined during the supervision, to related authorities and the Ministry.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.