Third party authentication services can lend credibility to a business you’ve never heard of before. Third-party seals demonstrate that a business to which you entrust your information takes that trust seriously. Any site, especially boutiques or single-product retailers, may display a dizzying array of endorsements -- from Visa and Mastercard logos for payment to the UPS logo for shipping, and everything in between. So what differentiates all of these security, safety, and privacy-related seals?
There are five main categories of seals:
Each category is discussed below, with a 1-to-5 rating of how much security it assures you, 5 being perfectly safe and 1 being slightly more safe than the open Internet.
Reliability seals simply vouch for the identity of the company. They typically validate the mailing address of the company, its telephone number, and email addresses. These seals simply signify that the company is what it says it is. In some cases, the company is required to agree to dispute resolution and has to have a clear record of being responsive to resolving customer disputes. Examples of reliability-seal programs include SquareTrade, BBBOnline Reliability Seal, and Comodo Authenticity.
Security Assurance: 1 of 5. A “company” looking to steal credit cards can set up a fake name and address as easily as a legitmate Website. Reliability seal programs simply eliminate the lazy criminals. Reliability ensures that that entity you are dealing with is an incorporated company, and that you will have any issues mediated or covered, but the seals don’t signify that the company collects and uses your data in any particular way, nor do they signify that the company delivers good service.
Security seals such as Verisign, Comodo, and GeoTrust validate that a company has Secure Socket Layer (SSL) protection for transmission of sensitive data via Web forms. Look for the “lock” in the bottom of the browser window and the “https://” in the address bar -- these symbols mean that while you are entering and submitting data to the Website, criminals cannot intercept it. Security seals do not account for any activity that the Website undertakes beyond the transmission of data via SSL. Companies may use unsecured methods to process the information you provide.
Security Assurance: 2 of 5. An SSL certificate means that the Website is taking basic security protections for your personal information -- but you still need to verify that the certificate is on all Web-based forms you fill out. In general, a small percentage of data theft happens while the data is in transit, and a security seal assures that basic measures are being taken to protect your data in transit. It does nothing to assure the safety of your data once it has completed its trip to the site’s database.
Vulnerability Website seals, such as HackerSafe and SquareTrade, signify that a third party scans the site daily, weekly, or monthly looking for common security vulnerabilities that could be exploited by hackers. Vulnerability scanning is like the Club for your car: it ensures that 99.9 percent of holes that could be exploited by hackers are absent. Keep in mind that many large, commercial companies do vulnerability scanning in-house, so the absence of a seal in this category doesn’t mean that this security measure is being ignored. However, with smaller retailers, the presence of the seal certifies that the site is being monitored.
Security Assurance: 3 of 5. This process is better than simple SSL certification, but still only protects against threats from the outside.
Privacy seals signify that a company respectfully uses the personal information you provide. Privacy seals are the most difficult to obtain, as they require the company to undergo an extensive certification process that exposes internal data collection and usage processes. An online privacy seal is the only type of seal that probes what happens behind the scenes. Privacy seal programs also offer ongoing monitoring, and you can file a complaint with the issuing authority if you feel there has been misconduct. Examples include TRUSTe, BBB Online Privacy, and ESRB Privacy.
Even though the main privacy seal programs also require SSL on forms collecting sensitive information, you still have to be vigilant about your information, and the presence of a privacy seal does not guarantee a good shopping experience.
Security Assurance: 4.9 of 5. Nothing can guarantee a perfectly secure world, but because the seal is backed by people who review the site’s privacy procedures and help you negotiate grievances, privacy seals help you avoid mistreatment for the entire time the site has your data and give you recourse if the site does misuse your information.
Ratings seals offer a great glimpse of what you can expect from a shopping experience with a retailer. Examples include BizRate (now Shopzilla), Shopping.com, and YahooTopService. Many customers find reviews from fellow shoppers to be a useful measure of a company’s trustworthiness. With customer-ratings seals, generally speaking, the more respondents who have posted a review or ranking and the more recent those reviews the better. Unfortunately, while these ratings can help you anticipate the quality of the experience you’ll have with the online retailer, they can’t provide assurances that the site is free from privacy and security risks.