Making Sense of Web Site Privacy and Security Seals

Online shopping is not only easier than ever, it’s better than ever. While the big online retailers have worked the kinks out of issues like billing, shipping, and returns, sites like Yahoo!Shopping, MySimon, and Froogle have brought a world of specialty retail within two clicks. Advances like these are a boon to the shopper, a boon to the smaller stores -- and, unfortunately, a boon to thieves that thrive on this opportunity to quickly register credit card numbers or personal data and then disappear.

Third party authentication services can lend credibility to a business you’ve never heard of before. Third-party seals demonstrate that a business to which you entrust your information takes that trust seriously. Any site, especially boutiques or single-product retailers, may display a dizzying array of endorsements -- from Visa and Mastercard logos for payment to the UPS logo for shipping, and everything in between. So what differentiates all of these security, safety, and privacy-related seals?

There are five main categories of seals:

Each category is discussed below, with a 1-to-5 rating of how much security it assures you, 5 being perfectly safe and 1 being slightly more safe than the open Internet.

Reliability Web Site Seals

Reliability seals simply vouch for the identity of the company. They typically validate the mailing address of the company, its telephone number, and email addresses. These seals simply signify that the company is what it says it is. In some cases, the company is required to agree to dispute resolution and has to have a clear record of being responsive to resolving customer disputes. Examples of reliability-seal programs include SquareTrade, BBBOnline Reliability Seal, and Comodo Authenticity.

Security Assurance: 1 of 5. A “company” looking to steal credit cards can set up a fake name and address as easily as a legitmate Website. Reliability seal programs simply eliminate the lazy criminals. Reliability ensures that that entity you are dealing with is an incorporated company, and that you will have any issues mediated or covered, but the seals don’t signify that the company collects and uses your data in any particular way, nor do they signify that the company delivers good service.

Security Seals

Security seals such as Verisign, Comodo, and GeoTrust validate that a company has Secure Socket Layer (SSL) protection for transmission of sensitive data via Web forms. Look for the “lock” in the bottom of the browser window and the “https://” in the address bar -- these symbols mean that while you are entering and submitting data to the Website, criminals cannot intercept it. Security seals do not account for any activity that the Website undertakes beyond the transmission of data via SSL. Companies may use unsecured methods to process the information you provide.

Security Assurance: 2 of 5. An SSL certificate means that the Website is taking basic security protections for your personal information -- but you still need to verify that the certificate is on all Web-based forms you fill out. In general, a small percentage of data theft happens while the data is in transit, and a security seal assures that basic measures are being taken to protect your data in transit. It does nothing to assure the safety of your data once it has completed its trip to the site’s database.

Vulnerability Web Site Seals

Vulnerability Website seals, such as HackerSafe and SquareTrade, signify that a third party scans the site daily, weekly, or monthly looking for common security vulnerabilities that could be exploited by hackers. Vulnerability scanning is like the Club for your car: it ensures that 99.9 percent of holes that could be exploited by hackers are absent. Keep in mind that many large, commercial companies do vulnerability scanning in-house, so the absence of a seal in this category doesn’t mean that this security measure is being ignored. However, with smaller retailers, the presence of the seal certifies that the site is being monitored.

Security Assurance: 3 of 5. This process is better than simple SSL certification, but still only protects against threats from the outside.

Privacy Seals

Privacy seals signify that a company respectfully uses the personal information you provide. Privacy seals are the most difficult to obtain, as they require the company to undergo an extensive certification process that exposes internal data collection and usage processes. An online privacy seal is the only type of seal that probes what happens behind the scenes. Privacy seal programs also offer ongoing monitoring, and you can file a complaint with the issuing authority if you feel there has been misconduct. Examples include TRUSTe, BBB Online Privacy, and ESRB Privacy.

Even though the main privacy seal programs also require SSL on forms collecting sensitive information, you still have to be vigilant about your information, and the presence of a privacy seal does not guarantee a good shopping experience.

Security Assurance: 4.9 of 5. Nothing can guarantee a perfectly secure world, but because the seal is backed by people who review the site’s privacy procedures and help you negotiate grievances, privacy seals help you avoid mistreatment for the entire time the site has your data and give you recourse if the site does misuse your information.

Consumer Ratings Seals

Ratings seals offer a great glimpse of what you can expect from a shopping experience with a retailer. Examples include BizRate (now Shopzilla),, and YahooTopService. Many customers find reviews from fellow shoppers to be a useful measure of a company’s trustworthiness. With customer-ratings seals, generally speaking, the more respondents who have posted a review or ranking and the more recent those reviews the better. Unfortunately, while these ratings can help you anticipate the quality of the experience you’ll have with the online retailer, they can’t provide assurances that the site is free from privacy and security risks.

Security Assurance: 4 of 5. Consumers who have had bad experiences with the security and privacy measures of a shopping site are likely to report those problems via the review system, giving others shoppers a record of bad behavior. These seals offer less-than-perfect security features, however, because privacy infractions may not be obvious to the average shopper and because any recent changes in the company’s privacy policy will not create a drop in the site ranking until enough people complain. The ideal combination for worry-free shopping is a privacy seal and a positive consumer rating.

Follow Us

About Truste

TRUSTe is the leading global Data Privacy Management (DPM) company and powers trust in the data economy by enabling businesses to safely collect and use customer data across their customer, employee, and vendor channels. Our SaaS-based DPM Platform gives users control over all phases of data privacy management from conducting assessments and implementing compliance controls to managing ongoing monitoring. Our DPM Services, including assessments and certifications, are delivered by an expert team of privacy professionals. Thousands of companies worldwide rely on TRUSTe to minimize compliance risk and protect their brand.