How Do You Make Sense
Them?
Third party authentication services can lend
credibility to an online business you've never heard of
before.
Online shopping is not only easier than ever, it's
better than ever. While the big online retailers have
worked the kinks out of issues like billing, shipping,
and returns, sites like Yahoo! Shopping, MySimon, and
Froogle have brought a world of specialty retail within
two clicks. Advances like these are a boon to the
shopper, a boon to the smaller stores -- and,
unfortunately, a boon to thieves that thrive on this
opportunity to quickly register credit card numbers or
personal data and then disappear.
Third party authentication services can lend credibility
to a business you've never heard of before. Third-party
seals demonstrate that a business to which you entrust
your information takes that trust seriously. Any site,
especially boutiques or single-product retailers, may
display a dizzying array of endorsements -- from Visa
and Mastercard logos for payment to the UPS logo for
shipping, and everything in between. So what
differentiates all of these security, safety, and
privacy-related seals?
There are five main categories of seals:
Each category is discussed below, with a 1-to-5
rating of how much security it assures you, 5 being
perfectly safe and 1 being slightly more safe than the
open Internet.
Reliability Seals
Reliability seals simply vouch for the identity of
the company. They typically validate the mailing address
of the company, its telephone number, and email
addresses. These seals simply signify that the company
is what it says it is. In some cases, the company is
required to agree to dispute resolution and has to have
a clear record of being responsive to resolving customer
disputes.
Security Assurance: 1 of 5. A ?company? looking to steal
credit cards can set up a fake name and address as
easily as a legitimate Web site. Reliability seal
programs simply eliminate the lazy criminals.
Reliability ensures that that entity you are dealing
with is an incorporated company, and that you will have
any issues mediated or covered, but the seals don't
signify that the company collects and uses your data in
any particular way, nor do they signify that the company
delivers good service.
Examples include:
Security Seals
Security seals validate that a company has Secure
Socket Layer (SSL) protection for transmission of
sensitive data via Web forms. Look for the ?lock? in the
bottom of the browser window and the ?https://? in the
address bar -- these symbols mean that while you are
entering and submitting data to the Web site, criminals
cannot intercept it. Security seals do not account for
any activity that the Web site undertakes beyond the
transmission of data via SSL. Companies may use
unsecured methods to process the information you
provide.
Security Assurance: 2 of 5. An SSL certificate means
that the Web site is taking basic security protections
for your personal information -- but you still need to
verify that the certificate is on all Web-based forms
you fill out. In general, a small percentage of data
theft happens while the data is in transit, and a
security seal assures that basic measures are being
taken to protect your data in transit. It does nothing
to assure the safety of your data once it has completed
its trip to the site's database.
Examples include:
Vulnerability Seals
Vulnerability seals signify that a third party scans
the site daily, weekly, or monthly looking for common
security vulnerabilities that could be exploited by
hackers. Vulnerability scanning is like the Club for
your car: it ensures that 99.9 percent of holes that
could be exploited by hackers are absent. Keep in mind
that many large, commercial companies do vulnerability
scanning in-house, so the absence of a seal in this
category doesn't mean that this security measure is
being ignored. However, with smaller retailers, the
presence of the seal certifies that the site is being
monitored.
Security Assurance: 3 of 5. This process is better than
simple SSL certification, but still only protects
against threats from the outside.
Examples include:
Privacy Seals
Privacy seals signify that a company respectfully
uses the personal information you provide. Privacy seals
are the most difficult to obtain, as they require the
company to undergo an extensive certification process
that exposes internal data collection and usage
processes. A privacy seal is the only type of seal that
probes what happens behind the scenes. Seal programs
also offer ongoing monitoring, and you can file a
complaint with the issuing authority if you feel there
has been misconduct.
Even though the main privacy seal programs also require
SSL on forms collecting sensitive information, you still
have to be vigilant about your information, and the
presence of a privacy seal does not guarantee a good
shopping experience.
Security Assurance: 4.9 of 5. Nothing can guarantee a
perfectly secure world, but because the seal is backed
by people who review the site's privacy procedures and
help you negotiate grievances, privacy seals help you
avoid mistreatment for the entire time the site has your
data and give you recourse if the site does misuse your
information.
Examples include:
Consumer Ratings
Ratings seals offer a great glimpse of what you can
expect from a shopping experience with a retailer. Many
customers find reviews from fellow shoppers to be a
useful measure of a company's trustworthiness. With
customer-ratings seals, generally speaking, the more
respondents who have posted a review or ranking and the
more recent those reviews the better. Unfortunately,
while these ratings can help you anticipate the quality
of the experience you'll have with the online retailer,
they can't provide assurances that the site is free from
privacy and security risks.
Security Assurance: 4 of 5. Consumers who have had bad
experiences with the security and privacy measures of a
shopping site are likely to report those problems via
the review system, giving others shoppers a record of
bad behavior. These seals offer less-than-perfect
security features, however, because privacy infractions
may not be obvious to the average shopper and because
any recent changes in the company's privacy policy will
not create a drop in the site ranking until enough
people complain. The ideal combination for worry-free
shopping is a privacy seal and a positive consumer
rating.
Examples include:
