The internet is governed by appearance not reality
John Marsden warns of impersonation online as UK law upholds 'I accept' and a click of the mouse as acceptance of contract
As legal professionals,
it may come as second nature to check the small print to ensure that you understand what you are signing up to. However, in general, most people are likely to click the ‘I accept’ button every day on the internet without fully understanding
the terms and conditions that are being applied.
Many businesses have laboured over the concept of
a digital signature and many solutions exist to deliver something which may be deemed acceptable under UK law. So is the consumer entering into a firm legal contract or not
by clicking or ticking ‘I accept’
on the internet?
In the UK, we do not have a written constitution that will often outline the way in which
a legal entity can enter into a contract. In most countries outside of the UK, this concept exists and is enshrined in law. For example, in Finland and Estonia, systems such as mobile digital signatures exist which means that a digital signature from a mobile device is proof of acceptance of a contract. In the UK, we do not: our law in this regard is laid down by the courts and the precedents set by cases which then become common law.
UK flexibility
While I suspect we will see many challenges in the courts over the coming years, the recent case
of Bassano v Toft & Ors [2014]
EWHC 377 (QB) underlines the UK’s flexibility with proof of acceptance and ensures that
the UK economy can feel at ease with the ‘I accept’ concept.
In this case, the individual admitted that they accepted
the terms and conditions, and therefore the contract was upheld as legal. This ruling is significant as anything contrary might see the business community panic. If the judgment had been to throw out the contract, without many exceptions, the UK business community would be required to conduct a massive review of their contractual status with their clients. Clearly, the principle
of common law has again facilitated the ability of British business to work effectively in
the cyber world.
Let’s reflect on how this plays against impersonation.
The overriding requirement when entering a contract online is a clear understanding of whether the person clicking
‘I accept’ is actually who they
say they are: a concept known
in anti-money laundering regulations as mitigation
of impersonation.
The joint Money Laundering Steering Group’s anti-money laundering guidance notes provide a clear understanding of what needs to happen with regard to customer due diligence and then elaborate as to what
has to be done in a remote environment to mitigate
against impersonation.
There is a choice of additional verification checks to manage the risk of impersonation fraud. For example, a first payment may be required from an account in the customer’s name, or a phone call may be made with the customer before opening the account on a home or business number. However, customer convenience and instant access win the race
in appealing to the needs of
the consumer.
Nevertheless, this usually means a requirement for additional manual processes for businesses and consumers seeing a raise in costs, as well as the potential for consequential lost business. The simplest of steps is to verify additional aspects of the customer’s identity or their electronic footprint.
Bespoke services
Bespoke products challenge
a consumer regarding the knowledge of their electronically held details which only they should know.
Many of our clients use
these services in a secure
internet session so that they
have the ability to contract
with consumers remotely
and securely.
A plethora of services have appeared that do not use such methods and therefore can be challenged. If you contract online, ask yourself, ‘How do we know the person contracting is really the person they say they are?’
When you are next advising clients regarding their contractual arrangements
in an online environment,
an understanding of the wider process with regard to anti-impersonation will assist you in providing the right advice. SJ
John Marsden is a fraud and identity expert at Equifax UK