Most web surfers want to feel re-assured that they aren’t visiting unsafe websites. Unfortunately (without good security software) there’s often no way to be sure until it’s too late. But that doesn’t stop people from trying. In the last 5-10 years, websites have experimented with “security seals” (like TrustE) which claim to “certify” a website as being 100% safe. The idea is that people who see these seals on websites they visit can trust they aren’t being exposed to security risks.
However, as you’ll see below, these seals do not always prove that a website is safe:
Paid Certification
(source)
For one thing, consumers must realize that trust seals are not awarded by the government or some impartial third-party. Companies like TrustE are for-profit corporations that charge money for the seals they hand out. In other words, they have a direct financial incentive to award as many certifications as possible (so as to earn more money.) Sometimes, this isn’t a problem. Many websites on the Internet genuinely do qualify as being totally safe and deserve the trust seal. However, Harvard researcher Ben Edelman points out that plenty of undeserving sites get these seals as well.
The result of his 2006 study?
“What do I find? In short, nothing good. I examine a sampling of 500,000+ top web sites, as reported by a major ISP. Of the sites certified by TRUSTe, 5.4% are untrustworthy according to SiteAdvisor’s data, compared with just 2.5% untrustworthy sites in the rest of the ISP’s list. So TRUSTe-certified sites are more than twice as likely to be untrustworthy.”
Website Changes
(source)
The whole point of a trust seal is making consumers feel safe on the websites carrying them. However, that’s not something that can be decided once and for all. The Internet is constantly changing, and a website that’s safe today might change ownership and become a spyware portal tomorrow.
Trust seal companies try to combat this problem by doing annual compliance checks. Unfortunately, security threats move too quickly to be caught by a few inspections a year. While these checks certainly do weed out a few bad apples, plenty of dangerous websites go right on bearing the trust seal and persuading unsophisticated people to do business there.
Easily Overlooked
(source)
There is also the simple problem that many web users do not even see the privacy seals, much less know why they were issued or what they mean. Does the seal mean a website is spyware-free? That your personal data isn’t being sold to spammers? That there have been no complaints about the site recently? Realistically speaking, most of us neither know nor care to find out.
In most cases, it’s better to use proactive anti-virus software that simply tells you when you are on a dangerous website – and blocks it from doing any harm.
Easy To Clone
(source)
Another serious flaw in trust seals (like those from the Better Business Bureau) is that dishonest websites can simply steal them. Often times, these seals are nothing more than images that can be copied and pasted at will, whether a site truly earned it or not. Certainly, this is not the fault of TrustE or the Better Business Bureau or any other seal company. In fact, many of them actively try to discourage this from happening.
But the fact remains that it is comically easy to do and happens all the time. Most people are not going to painstakingly click on a seal and verify whether it’s legitimate. Clearly, this undermines the value of trust seals as a signal of who you can really trust.
Requires Effort
(source)
It should also be pointed out that trust seals put the burden of staying safe squarely on consumers. You, the web surfer, are asked to treat every website as guilty until proven innocent by an easily cloned (and often wrongly granted) seal. But in reality, isn’t this the opposite of what most people want? After all, the problem isn’t the good websites who deserve trust seals – it’s the bad ones that don’t.
This is perhaps the biggest flaw with relying solely on trust seals to stay safe. A seal is constantly in “catch-up” mode, only able to punish violators after weeks or months of abuse and never out in front of new threats.
Not All Good Sites Have Seals
(source)
Additionally, there are plenty of legitimate, honest websites that, for one reason or another, don’t have trust seals. Maybe they couldn’t afford one. Maybe the website owner doesn’t even know they exist. Either way, the fact is that only a relatively small number of websites use trust seals. Are web surfers supposed to assume that any site without one is untrustworthy? If so, most of the Internet is immediately off-limits.
Obviously, this is not an effective or efficient way to stay safe online. Although a trust seal can provide extra peace of mind, it cannot and is not intended to serve as a crucial first line of defense against spyware, viruses or phishing attacks.
Thought you might be interested in a related article describing how the placement of trust logos can make a major impact in how consumers interpert them / respond to them from a conversion rate perspective:
http://conversionvoodoo.com/blog/2010/07/proper-placement-of-trust-logos-can-make-a-huge-difference-in-conversion-rate/
Nice post – found through HN -
Interesting post on trust seals. This is definitely a topic that is worth vetting out. As an employee of the VeriSign Authetication team, I would like to offer the following additions to your post:
Paid Certification – Some of this is true, money talks and not all seals are the same. I would point to a recent expose done by ABC’s 20/20 covering BBB’s practices. http://abcnews.go.com/Blotter/business-bureau-best-ratings-money-buy/story?id=12123843. I’m not trying to pick on BBB, but that expose was eye-opening. I’m sure they’re working on fixing this.
Easy to Clone – It’s true that anyone can copy an image and put it on their website. The VeriSign seal is dynamic, and when clicked, it offers details of the site’s authenticity, ownership, malware scan status and SSL status (if enabled). It’s true that not all consumers click the seal, but I can quantifiably say from our own data, that there’s a sizable number that do. And, if you have a website that’s trying to gain consumer trust, a fake seal will speak negatively about you. Finallly, we invest in antifraud webcrawlers that scan the web for fake VeriSign seals. When we find them, we proceed to deal with them accordingly. This is not a light investment, and is one of the reasons our seal is the most trusted by consumers. We have history and a track record that’s difficult to match.
Not All Good Sites Have Seals – Good point. Some website owners are justifiably skeptical because they constantly get offers with all kinds of marketing claims. But in today’s “try it free” Internet, a free trial is relatively common so that website owners test and see for themselves. We encourage this.
Caveat emptor: No one can guarantee 100% safety. That’s simply a fact of life. But I think we can agree that some do better than others. Just like antivirus, firewalls and trust seals, each offer a valid component of the puzzle that helps to keep web surfers safe, and towards that end, is a worthy endeavor to strive for.
thanks,
-Carlos