EXPERT RESPONSE
Privacy seals are used more like a marketing tool, bolstering a company's brand image on the Web rather than protecting a Web site from malicious attacks. More specifically, a privacy seal is the logo of a trusted third-party agency that sets standards for the handling of customer data. Such an agency conducts regular audits to make sure that those standards are met and upheld. Qualifying online vendors are allowed to put the logo on their Web sites after paying a fee, completing the application process and being reviewed by the agency.
Some of the criteria that the certifying body looks for are whether the applicant has a privacy policy, whether there are security policies in place that meet the certifying body's standards, and whether children's special privacy needs are protected if site content is aimed at them.
So if a privacy seal is cosmetic, who really pays attention to it? According to a study done by Forrester Research in October, 40% of visitors to ecommerce Web sites look for a privacy seal, and customer interest in privacy seals is expected to grow.
Vendors in the privacy seal space include TRUSTe, Council of Better Business Bureau Inc. (BBBOnLine.com), Privacy Secure Inc., PrivacyBot.com, ESRB Privacy Online and Guardian eCommerce.
Privacy seals are not a technical solution to the various attacks against Web applications or a way to stop other low-tech attacks like phishing, but they can still offer a business value by making customers feel assured that a company is properly protecting the confidentiality of their personal information. And in the minds of customers, that can sometimes be stronger than a firewall, since it's a security measure that you can see vs. one you can't.
More information:
Prevent cross-site scripting attacks from exploiting weaknesses in your Web sites.
Learn the dangers of application logic attacks.
|
