This study uses a two-step procedure for the evaluation of B2C controls, first, using a Data Envelopment Analysis (DEA) model, second, decision trees. The results of the DEA model indicate that retail firms and information service providers implement B2C controls more effectively than financial firms do. Controls for system continuity are implemented more effectively than entry controls. In financial firms, controls for system continuity, communication controls and entry controls, in a dropping order, are effectively followed in B2C approaches. Every company can determine its relative level of reduction in each part of controls in order to make the control system effective. The firms that effectively implement B2C controls are determined using a decision tree model. The decision tree model issued to suggest the level of controls and argued rules for controls guidance. This state the possibility of using decision trees for controls evaluation in B2C approaches.