Who Do You Trust?
description
Transcript of Who Do You Trust?
Who Do You .comTrust?Robert Y. Gold, MBA, CA, Managing Partner
January, 2001
BennettGold.ca
INDUSTRY PRIVACY FAILURES HURTING E-COMMERCE
Concerns over privacy continue to hamper e-commerce. Jupiter Communications found:
• 64 percent of respondents don’t trust a Web site even if it has posted a privacy policy.
• Privacy issues could potentially put an $18 billion dent in the projected $40 billion 2002 e-commerce revenue.
Consumer fears are proving to be deep and complex:
• It’s not just about legislation or posting a privacy policy. There is a general nervousness about giving personal and credit
card information.
• Sites need to actively promote their efforts among consumers to start pushing back their fears.
• People will be less willing to give information about themselves until they feel they can trust the site.
NFO Interactive found that the safekeeping of online consumers personal information was the main factor why people chose not to shop online:
• Both buyers and non-buyers said the attribute that would most entice them to shop at a Web site was:
“trust that the site would keep personal information private.”
• The security of a retail website is a major concern for online consumers.
According to the New York Times, trusting a website “is like following a helpful stranger in Morocco, who offers to take you to the best rug store in town”.
Cyberspace -
Danger
Fraudsters
Scammers
Criminals
AGENDA:
1. Building Trust Online
2. Privacy Breaches and Fiascoes
3. The WebTrust Subset
Building Trust Online
While trust develops over time, web sites must communicate trustworthiness as soon as a visitor enters a site.
Online trustworthiness is communicated in various degrees by six key elements:
1. Seals of Approval
2. Brand
3&4. Navigation and Fulfillment
5. Presentation
6. Technology
The Importance of Checkout for Retailers
Over 40% of failures in buying attempts were due to checkout
Fixing checkout alone would save the industry billions of dollars in lost sales and raise conversion rates by 20%
Don’t offer two equally prominent checkout paths. It’s too confusing
Design checkout for new customers. Use cookies to remember return customers and present them with a different checkout path
Do not require shoppers to register before they can buy
Communicate error messages simply and politely
Prominently highlight whatever needs to be changed
The Importance of Promotions and Merchandising for Retailers
Promotions and featured products appeal to holiday shoppers
Effective promotions and merchandising can significantly raise holiday revenues for many e-commerce sites
Communicate special offers clearly and early in the buying process
Place featured items above the fold on the homepage
Use brands, categories and situational merchandising to suggest products to customers
Privacy Breaches and Fiascoes: The online world as it really is.
Welcome to PrivaGate.comInternet Privacy Gateway
Recent news headlines tell the story —
Services are needed tobridge the "trust gap" between
consumers ande-commerce web sites!
0%
10%
20%
30%
40%
50%
60%
Security Navigation Selection Trust High Price No Touch
Why Customers Don’t Buy
WHAT IS WEBTRUST?
WEBTRUST 3.0
BennettGold.ca
“Obtaining a privacy seal should be as basic for someone establishing a web site as coming up with a catchy domain name and hiring a creative webmaster.”
US Secretary of Commerce,William Daley
The WebTrust Privacy Principle
The entity discloses its privacy practices, complies with such
privacy practices, and maintains effective controls to provide
reasonable assurance that personally identifiable information
obtained as a result of electronic commerce is protected with
its disclosed privacy practices.
WebTrust Privacy
Criteria Disclosures
Policies, Goals, and Objectives
Security Criteria that Relate to Privacy
Privacy Specific Criteria
Monitoring/Performance Measures
When (not will) your business
be affected by Bill C-6 --
Canada’s Personal Information Protection Legislation?
You Must Comply!!
What happens when you click on the WebTrust seal?
BennettGold.ca
____________________________________________________
____________________________________________________
WebTrust Program for On-Line Privacy
You have arrived here from a WebTrust™ certified site. The WebTrust seal symbolizes that this site has been examined by an independent accountant who has issued a report (see below) on management's assertion(s) that the entity's electronic commerce business being relied upon is in conformity with the WebTrust Program for On-Line Privacy.
WebTrust Auditor’s Report
Our Assertion
To be eligible to display this seal of assurance, we had to confirm that we meet or exceed the WebTrust Privacy Principle in conformity with the AICPA/CICA WebTrust Privacy Criteria:
• We disclose our privacy practices for e-commerce transactions,
• We comply with such privacy practices, • We maintain effective controls to provide reasonable
assurance that personally identifiable information obtained as a result of e-commerce is protected in conformity
with our disclosed privacy practices based on the AICPA/CICA WebTrust Privacy Criteria.
Our commitment to these principles is on going. In order to maintain the WebTrust seal, every six months an examination will be performed to assess our continued compliance with the AICPA/CICA WebTrust Privacy Principle and Criteria.
Signed: _______(CEO)_______
Links:
AvailableMedia.com. Privacy Assertion AvailableMedia.com. Privacy Disclosures WebTrust Program (WebTrust table of contents) AICPA/CICA WebTrust Privacy Principle and Criteria
Consumers
Online Businesses Overview Case Study Getting Started Finding a CA
About WebTrust Sites with seals Related Links Government Affairs Press Room
Independent Verification
Survey
Privacy Policy
Contact
.org
SITES WITH WEBTRUST
SEALS
BennettGold.ca
OFFICAL ROCKET ROGER CLEMENS
SPORTS MERCHANDISE
"I know that Internet users have a serious concern about giving out credit card numbers. That's only natural. My own family shops online, back in Houston, so I share your concern about security. That's why I'm very happy to say that my site is the first in Canadato feature a WebTrust seal.”
BennettGold.ca
BennettGold.ca
BennettGold.ca
CURRENT e-VENTS
BennettGold.ca
Investigation and Security
e.fraud.survey.2000 Respondents do not regard internal threats to their e-commerce
systems as significant.
Access to confidential customer information and denial of service attacks are regarded by respondents as the greatest threats to
e-commerce systems.
Seventy-three percent of respondents said their companies use encryption technology as a preventative security measure in their e-commerce systems.
Despite their concerns about security, a majority of respondents indicated their e-commerce systems are not regularly audited and they have no plan in place to deal with security breaches.
Survey respondents said security of credit card numbers and personal information are the two issues of most concern to their customers.
WORLD-WIDE HACKER REPORT
January 14, 2001:- U.K. Nuclear hacker fuels security review
- Hackers attack Brazilian defence ministry
- Boots condemns site hack
- Zoom in email security scare
- Macromedia investigates Flash security
- Romanian hacker bombs chat network
CANADIAN WEB SITES WOEFUL IN PRIVACY: SURVEY
December 11, 2000 Half of Canadian commercial Web sites do not have a privacy policy, and most that do exist are woefully inadequate, a survey has found.
E-TAILERS DISCLOSE FEARS OF E-PRIVACY LAW
December 22, 2000Canada's new privacy legislation, set to go into effect the early part of January, 2001, has a number of e-tailers worried about compliance and disclosure issues.
A recent study of Canadian Web sites indicates most online businesses are not nearly ready for the legislation.
DATA PRIVACY FEARS HAUNT INTERNET, US STUDY SHOWS
OCTOBER 31, 2000
Almost two-thirds of U.S. Internet users and three-quarters ofnon-users say they fear that going online endangers their privacy.
PRIVACY WOES SCARING OFF E-SHOPPERS
SEPTEMBER 18, 2000
With 61 percent of no-shows in the Internet check-out line citing privacy concerns and advocates making a stand, e-retailers' privacy practices are coming under fire-- again.
WEB SITE EXPOSES IKEA BUYERS
SEPTEMBER 8, 2000
These days, Ikea is Swedish for giving the world the names of itscustomers. The names, addresses, phone numbers and e-mail addresses of 144,229 North Americans sat exposed on the company's Web site earlier this week.
TRUSTe BREAKS PRIVACY RULE
AUGUST 27, 2000
Non-profit Internet privacy organization TRUSTe allowed an outside company to track visitors to its Web site without visitors' permission or knowledge, said Interhack, a Internet security firm.
PRIVACY SUIT TARGETS NETSCAPE
JULY 25, 2000
New Jersey-based website operator has filed a class action lawsuitcharging that AOL/Netscape's Internet software violates electronicprivacy law.
WHITE HOUSE ADMITS PRIVACY BREACH
JUNE 30, 2000
The White House acknowledged on June 21/2000 that its own anti-drug office's Web site may have been collecting personal data about visitors in violation of federal policy.
FTC GIVES UP ON NET SELF-REGULATION
MAY 23, 2000
Finding Internet privacy to be sorely lacking, the U.S. Federal Trade Commission released a 200-page report recommending to Congress that new legislation be adopted to protect consumers’ privacy online.
FTC FINDS E-COMMERCE SITES FAIL TO GUARD CONSUMER PRIVACY
MAY 11, 2000A survey of major e-commerce Web sites by the Federal Trade Commission found that only about 20 percent met US Federal Trade Commission (FTC) standards for protecting consumer privacy.
DE BEERS SECURITY HOLE REVEALS CUSTOMER INFORMATION
MAY 4, 2000
About 35,000 customer email and home addresses were exposed on Adiamondisforever.com, an informational site about diamonds sponsored by De Beers, CNET News.com has learned.
AN ASTONISHING SECURITY BREACH
APRIL 21, 2000
There is at on my Web browser. A list of 1,000 credit card numbers. And the name of the owner, where he or she lived, and their phone number.
CANADIAN FIRMS ILL-PREPARED FOR INTERNET WAVE
JANUARY 10, 2001Canadian companies remain unprepared for the coming wave of Internet-based business transactions despite predictions that by 2005, nearly one-fifth of all business-to-business transactions will be conducted electronically
INTERNATIONAL EFFORT FINDS MORE THAN 1,600 SCAM AND FRAUD SITES
MARCH 26, 2000
The Federal Trade Commission said Friday that a worldwide sweep targeting phony get-rich-quick schemes on the Web turned up more than 1,600 scams.
CANADA IS CYBERTERROR
HOTBED
MARCH 25, 2000
An American intelligence agency has determined that up to 80% of foreign attacks on U.S. computers either originate or pass through Canada.
VAST ONLINE CREDIT CARD THEFT REVEALED
MARCH 17, 2000
In the largest known case of cybertheft, a computer intruder stole information on more than 485,000 credit cards from an e-commerce site and then secretly stored the massive database on a U.S. government agency’s Web site.
H&R BLOCK WEB SITE REVEALS TAX DATA
FEBRUARY 17, 2000
H&R Block has been forced to shut down its online tax-preparation Web site due to a mix-up that exposed the tax data of some consumers.
AMAZON.COM FACES PRIVACY INVASION LAWSUITS
FEBRUARY 8, 2000
Online retailing giant Amazon.com and its Alexa Internet software subsidiary face two privacy invasion lawsuits and an informal inquiry by the Federal Trade Commission. The suits allege that Alexa secretly intercepted electronic communications and other personal data with its computer software program and sent the information to third parties, including Amazon.
THE FUTURE OF
WEBTRUST
BennettGold.ca
WebTrust
Removes the consumer hurdle
Trust-enables B2B exchanges
BennettGold.ca
WebTrust 3.0
Modularization of WebTrust principles
* Cafeteria approach
New Seal Design
Consumer Recourse
BennettGold.ca
The WebTrust Modules
Privacy
Security
Business Practices and Transaction Integrity
Non-repudiation
Confidentiality
Availability
Customized Disclosures
BennettGold.ca
Will WebTrust Become an
Industry Standard?
BennettGold.ca
In November, 2000 Consumer Reports Calls For Regular privacy audits
Independent, periodic audits by third-party experts are needed to verify that data are securely stored and used only for the purposes disclosed, that access is restricted to employees authorized to handle them, and that training programs are in place to guard against leakage or corruption.
Seal Wars:
The good, the bad and the ugly!
TRUSTe Offers privacy and
consumer recourse
Extensive privacy disclosures
November 9, 1999(CNN) -- RealNetworks has been all apologies in response to the furor caused by a computer consultant's revelation that
the company's RealJukebox software surreptitiously transmits user data.
That anger has also been directed toward TRUSTe, an industry-fund privacy organization tasked with advising and overseeing Internet
companies.
Can TRUSTEe protect users?
March 23, 1999
WASHINGTON (AP) --
A watchdog organization financed partly by Microsoft Corp. to monitor how Internet sites protect consumer privacy has decided not to audit the company, one of its biggest benefactors, over a controversial glitch in its software.
Trust-E of Palo Alto, Calif., instead chided Microsoft over its use of an identifying number that could be used to trace the authors of some electronic documents even when they want to remain anonymous.
TRUSTe and Microsoft Debacle
REALITY CHECK: BEHIND TRUSTe's
SEAL -
December 15, 1999
OptList.com: A Web site asking you to add your address to an Internet-wide "do-not-spam" list.
Strange, but not unusual; spammers often use such sites to collect addresses from unsuspecting users. Something else on the site surprised us, though: a green seal indicating the site was certified by TRUSTe, the industry organization that monitors Web site privacy policies.
BBBOnLine Offers privacy program and
consumer recourse
Offers reliability program -business disclosures at website and consumer recourse
In general terms:
a Complaint Bureau
According to PwC:
“The BetterWeb™ Program is not an audit or review in accordance with professional standards, and PricewaterhouseCoopers has not performed testing to determine if, in fact, the company follows the policies posted on its Web site.”
Industry Standard? Maybe….
BennettGold.ca
Global
Performed by an objective, specially
trained CA or CPA
Independent Verification
Regular updates
WebTrust is: BennettGold.ca
An Educational, Informative and Entertaining Privacy Portal
Created by
Introducing
Visit and be amazed!!
A copy of tonight’s presentation is available online at
sipgroup.org
Thanks for attending and stay in touch.