who do you trust?

70
Who Do You .comTrust? Robert Y. Gold, MBA, CA, Managing Partner January, 2001 BennettGold .ca

Upload: tracy

Post on 23-Jan-2016

23 views

Category:

Documents


0 download

DESCRIPTION

BennettGold.ca. Who Do You .comTrust?. Robert Y. Gold , MBA, CA, Managing Partner January, 2001. INDUSTRY PRIVACY FAILURES HURTING E-COMMERCE Concerns over privacy continue to hamper e-commerce. Jupiter Communications found: - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: Who Do You Trust?

Who Do You .comTrust?Robert Y. Gold, MBA, CA, Managing Partner

January, 2001

BennettGold.ca

Page 2: Who Do You Trust?

INDUSTRY PRIVACY FAILURES HURTING E-COMMERCE

Concerns over privacy continue to hamper e-commerce. Jupiter Communications found:

• 64 percent of respondents don’t trust a Web site even if it has posted a privacy policy.

• Privacy issues could potentially put an $18 billion dent in the projected $40 billion 2002 e-commerce revenue.

Page 3: Who Do You Trust?

Consumer fears are proving to be deep and complex:

• It’s not just about legislation or posting a privacy policy. There is a general nervousness about giving personal and credit

card information.

• Sites need to actively promote their efforts among consumers to start pushing back their fears.

• People will be less willing to give information about themselves until they feel they can trust the site.

Page 4: Who Do You Trust?

NFO Interactive found that the safekeeping of online consumers personal information was the main factor why people chose not to shop online:

• Both buyers and non-buyers said the attribute that would most entice them to shop at a Web site was:

“trust that the site would keep personal information private.”

• The security of a retail website is a major concern for online consumers.

Page 5: Who Do You Trust?

According to the New York Times, trusting a website “is like following a helpful stranger in Morocco, who offers to take you to the best rug store in town”.

Page 6: Who Do You Trust?

Cyberspace -

Danger

Fraudsters

Scammers

Criminals

Page 7: Who Do You Trust?
Page 8: Who Do You Trust?

AGENDA:

1. Building Trust Online

2. Privacy Breaches and Fiascoes

3. The WebTrust Subset

Page 9: Who Do You Trust?

Building Trust Online

While trust develops over time, web sites must communicate trustworthiness as soon as a visitor enters a site.

Online trustworthiness is communicated in various degrees by six key elements:

1. Seals of Approval

2. Brand

3&4. Navigation and Fulfillment

5. Presentation

6. Technology

Page 10: Who Do You Trust?

The Importance of Checkout for Retailers

Over 40% of failures in buying attempts were due to checkout

Fixing checkout alone would save the industry billions of dollars in lost sales and raise conversion rates by 20%

Don’t offer two equally prominent checkout paths. It’s too confusing

Design checkout for new customers. Use cookies to remember return customers and present them with a different checkout path

Do not require shoppers to register before they can buy

Communicate error messages simply and politely

Prominently highlight whatever needs to be changed

Page 11: Who Do You Trust?

The Importance of Promotions and Merchandising for Retailers

Promotions and featured products appeal to holiday shoppers

Effective promotions and merchandising can significantly raise holiday revenues for many e-commerce sites

Communicate special offers clearly and early in the buying process

Place featured items above the fold on the homepage

Use brands, categories and situational merchandising to suggest products to customers

Page 12: Who Do You Trust?

Privacy Breaches and Fiascoes: The online world as it really is.

Page 13: Who Do You Trust?

Welcome to PrivaGate.comInternet Privacy Gateway

Recent news headlines tell the story —

Services are needed tobridge the "trust gap" between

consumers ande-commerce web sites!

Page 14: Who Do You Trust?
Page 15: Who Do You Trust?
Page 16: Who Do You Trust?
Page 17: Who Do You Trust?
Page 18: Who Do You Trust?
Page 19: Who Do You Trust?

0%

10%

20%

30%

40%

50%

60%

Security Navigation Selection Trust High Price No Touch

Why Customers Don’t Buy

Page 20: Who Do You Trust?

WHAT IS WEBTRUST?

WEBTRUST 3.0

BennettGold.ca

Page 21: Who Do You Trust?

“Obtaining a privacy seal should be as basic for someone establishing a web site as coming up with a catchy domain name and hiring a creative webmaster.”

US Secretary of Commerce,William Daley

Page 22: Who Do You Trust?

The WebTrust Privacy Principle

The entity discloses its privacy practices, complies with such

privacy practices, and maintains effective controls to provide

reasonable assurance that personally identifiable information

obtained as a result of electronic commerce is protected with

its disclosed privacy practices.

Page 23: Who Do You Trust?

WebTrust Privacy

Criteria Disclosures

Policies, Goals, and Objectives

Security Criteria that Relate to Privacy

Privacy Specific Criteria

Monitoring/Performance Measures

Page 24: Who Do You Trust?

When (not will) your business

be affected by Bill C-6 --

Canada’s Personal Information Protection Legislation?

You Must Comply!!

Page 25: Who Do You Trust?

What happens when you click on the WebTrust seal?

BennettGold.ca

Page 26: Who Do You Trust?

____________________________________________________

____________________________________________________

WebTrust Program for On-Line Privacy

You have arrived here from a WebTrust™ certified site. The WebTrust seal symbolizes that this site has been examined by an independent accountant who has issued a report (see below) on management's assertion(s) that the entity's electronic commerce business being relied upon is in conformity with the WebTrust Program for On-Line Privacy.

Page 27: Who Do You Trust?

WebTrust Auditor’s Report

Page 28: Who Do You Trust?

Our Assertion

To be eligible to display this seal of assurance, we had to confirm that we meet or exceed the WebTrust Privacy Principle in conformity with the AICPA/CICA WebTrust Privacy Criteria:

• We disclose our privacy practices for e-commerce transactions,

• We comply with such privacy practices, • We maintain effective controls to provide reasonable

assurance that personally identifiable information obtained as a result of e-commerce is protected in conformity

with our disclosed privacy practices based on the AICPA/CICA WebTrust Privacy Criteria.

Page 29: Who Do You Trust?

Our commitment to these principles is on going. In order to maintain the WebTrust seal, every six months an examination will be performed to assess our continued compliance with the AICPA/CICA WebTrust Privacy Principle and Criteria.

Signed: _______(CEO)_______

Links:

AvailableMedia.com. Privacy Assertion AvailableMedia.com. Privacy Disclosures WebTrust Program (WebTrust table of contents) AICPA/CICA WebTrust Privacy Principle and Criteria

Page 30: Who Do You Trust?

Consumers

Online Businesses Overview Case Study Getting Started Finding a CA

About WebTrust Sites with seals Related Links Government Affairs Press Room

Independent Verification

Survey

Privacy Policy

Contact

.org

Page 31: Who Do You Trust?

SITES WITH WEBTRUST

SEALS

BennettGold.ca

Page 32: Who Do You Trust?

OFFICAL ROCKET ROGER CLEMENS

SPORTS MERCHANDISE

"I know that Internet users have a serious concern about giving out credit card numbers. That's only natural. My own family shops online, back in Houston, so I share your concern about security. That's why I'm very happy to say that my site is the first in Canadato feature a WebTrust seal.”

BennettGold.ca

Page 33: Who Do You Trust?

BennettGold.ca

Page 34: Who Do You Trust?

BennettGold.ca

Page 35: Who Do You Trust?
Page 36: Who Do You Trust?
Page 37: Who Do You Trust?
Page 38: Who Do You Trust?
Page 39: Who Do You Trust?
Page 40: Who Do You Trust?

CURRENT e-VENTS

BennettGold.ca

Page 41: Who Do You Trust?

Investigation and Security

e.fraud.survey.2000 Respondents do not regard internal threats to their e-commerce

systems as significant.

Access to confidential customer information and denial of service attacks are regarded by respondents as the greatest threats to

e-commerce systems.

Seventy-three percent of respondents said their companies use encryption technology as a preventative security measure in their e-commerce systems.

Despite their concerns about security, a majority of respondents indicated their e-commerce systems are not regularly audited and they have no plan in place to deal with security breaches.

Survey respondents said security of credit card numbers and personal information are the two issues of most concern to their customers.

Page 42: Who Do You Trust?

WORLD-WIDE HACKER REPORT

January 14, 2001:- U.K. Nuclear hacker fuels security review

- Hackers attack Brazilian defence ministry

- Boots condemns site hack

- Zoom in email security scare

- Macromedia investigates Flash security

- Romanian hacker bombs chat network

Page 43: Who Do You Trust?

CANADIAN WEB SITES WOEFUL IN PRIVACY: SURVEY

December 11, 2000 Half of Canadian commercial Web sites do not have a privacy policy, and most that do exist are woefully inadequate, a survey has found.

E-TAILERS DISCLOSE FEARS OF E-PRIVACY LAW

December 22, 2000Canada's new privacy legislation, set to go into effect the early part of January, 2001, has a number of e-tailers worried about compliance and disclosure issues.

A recent study of Canadian Web sites indicates most online businesses are not nearly ready for the legislation.

Page 44: Who Do You Trust?

DATA PRIVACY FEARS HAUNT INTERNET, US STUDY SHOWS

OCTOBER 31, 2000

Almost two-thirds of U.S. Internet users and three-quarters ofnon-users say they fear that going online endangers their privacy.

PRIVACY WOES SCARING OFF E-SHOPPERS

SEPTEMBER 18, 2000

With 61 percent of no-shows in the Internet check-out line citing privacy concerns and advocates making a stand, e-retailers' privacy practices are coming under fire-- again.

Page 45: Who Do You Trust?

WEB SITE EXPOSES IKEA BUYERS

SEPTEMBER 8, 2000

These days, Ikea is Swedish for giving the world the names of itscustomers. The names, addresses, phone numbers and e-mail addresses of 144,229 North Americans sat exposed on the company's Web site earlier this week.

TRUSTe BREAKS PRIVACY RULE

AUGUST 27, 2000

Non-profit Internet privacy organization TRUSTe allowed an outside company to track visitors to its Web site without visitors' permission or knowledge, said Interhack, a Internet security firm.

Page 46: Who Do You Trust?

PRIVACY SUIT TARGETS NETSCAPE

JULY 25, 2000

New Jersey-based website operator has filed a class action lawsuitcharging that AOL/Netscape's Internet software violates electronicprivacy law.

Page 47: Who Do You Trust?

WHITE HOUSE ADMITS PRIVACY BREACH

JUNE 30, 2000

The White House acknowledged on June 21/2000 that its own anti-drug office's Web site may have been collecting personal data about visitors in violation of federal policy.

Page 48: Who Do You Trust?

FTC GIVES UP ON NET SELF-REGULATION

MAY 23, 2000

Finding Internet privacy to be sorely lacking, the U.S. Federal Trade Commission released a 200-page report recommending to Congress that new legislation be adopted to protect consumers’ privacy online.

FTC FINDS E-COMMERCE SITES FAIL TO GUARD CONSUMER PRIVACY

MAY 11, 2000A survey of major e-commerce Web sites by the Federal Trade Commission found that only about 20 percent met US Federal Trade Commission (FTC) standards for protecting consumer privacy.

Page 49: Who Do You Trust?

DE BEERS SECURITY HOLE REVEALS CUSTOMER INFORMATION

MAY 4, 2000

About 35,000 customer email and home addresses were exposed on Adiamondisforever.com, an informational site about diamonds sponsored by De Beers, CNET News.com has learned.

Page 50: Who Do You Trust?

AN ASTONISHING SECURITY BREACH

APRIL 21, 2000

There is at on my Web browser. A list of 1,000 credit card numbers. And the name of the owner, where he or she lived, and their phone number.

CANADIAN FIRMS ILL-PREPARED FOR INTERNET WAVE

JANUARY 10, 2001Canadian companies remain unprepared for the coming wave of Internet-based business transactions despite predictions that by 2005, nearly one-fifth of all business-to-business transactions will be conducted electronically

Page 51: Who Do You Trust?

INTERNATIONAL EFFORT FINDS MORE THAN 1,600 SCAM AND FRAUD SITES

MARCH 26, 2000

The Federal Trade Commission said Friday that a worldwide sweep targeting phony get-rich-quick schemes on the Web turned up more than 1,600 scams.

CANADA IS CYBERTERROR

HOTBED

MARCH 25, 2000

An American intelligence agency has determined that up to 80% of foreign attacks on U.S. computers either originate or pass through Canada.

Page 52: Who Do You Trust?

VAST ONLINE CREDIT CARD THEFT REVEALED

MARCH 17, 2000

In the largest known case of cybertheft, a computer intruder stole information on more than 485,000 credit cards from an e-commerce site and then secretly stored the massive database on a U.S. government agency’s Web site.

H&R BLOCK WEB SITE REVEALS TAX DATA

FEBRUARY 17, 2000

H&R Block has been forced to shut down its online tax-preparation Web site due to a mix-up that exposed the tax data of some consumers.

Page 53: Who Do You Trust?

AMAZON.COM FACES PRIVACY INVASION LAWSUITS

FEBRUARY 8, 2000

Online retailing giant Amazon.com and its Alexa Internet software subsidiary face two privacy invasion lawsuits and an informal inquiry by the Federal Trade Commission. The suits allege that Alexa secretly intercepted electronic communications and other personal data with its computer software program and sent the information to third parties, including Amazon.

Page 54: Who Do You Trust?

THE FUTURE OF

WEBTRUST

BennettGold.ca

Page 55: Who Do You Trust?

WebTrust

Removes the consumer hurdle

Trust-enables B2B exchanges

BennettGold.ca

Page 56: Who Do You Trust?

WebTrust 3.0

Modularization of WebTrust principles

* Cafeteria approach

New Seal Design

Consumer Recourse

BennettGold.ca

Page 57: Who Do You Trust?

The WebTrust Modules

Privacy

Security

Business Practices and Transaction Integrity

Non-repudiation

Confidentiality

Availability

Customized Disclosures

BennettGold.ca

Page 58: Who Do You Trust?

Will WebTrust Become an

Industry Standard?

BennettGold.ca

Page 59: Who Do You Trust?

In November, 2000 Consumer Reports Calls For Regular privacy audits

Independent, periodic audits by third-party experts are needed to verify that data are securely stored and used only for the purposes disclosed, that access is restricted to employees authorized to handle them, and that training programs are in place to guard against leakage or corruption.

Page 60: Who Do You Trust?

Seal Wars:

The good, the bad and the ugly!

Page 61: Who Do You Trust?

TRUSTe Offers privacy and

consumer recourse

Extensive privacy disclosures

Page 62: Who Do You Trust?

November 9, 1999(CNN) -- RealNetworks has been all apologies in response to the furor caused by a computer consultant's revelation that

the company's RealJukebox software surreptitiously transmits user data.

That anger has also been directed toward TRUSTe, an industry-fund privacy organization tasked with advising and overseeing Internet

companies.

Can TRUSTEe protect users?

Page 63: Who Do You Trust?

March 23, 1999

WASHINGTON (AP) --

A watchdog organization financed partly by Microsoft Corp. to monitor how Internet sites protect consumer privacy has decided not to audit the company, one of its biggest benefactors, over a controversial glitch in its software.

Trust-E of Palo Alto, Calif., instead chided Microsoft over its use of an identifying number that could be used to trace the authors of some electronic documents even when they want to remain anonymous.

TRUSTe and Microsoft Debacle

Page 64: Who Do You Trust?

REALITY CHECK: BEHIND TRUSTe's

SEAL -

December 15, 1999

OptList.com: A Web site asking you to add your address to an Internet-wide "do-not-spam" list.

      Strange, but not unusual; spammers often use such sites to collect addresses from unsuspecting users. Something else on the site surprised us, though: a green seal indicating the site was certified by TRUSTe, the industry organization that monitors Web site privacy policies.

Page 65: Who Do You Trust?

BBBOnLine Offers privacy program and

consumer recourse

Offers reliability program -business disclosures at website and consumer recourse

In general terms:

a Complaint Bureau

Page 66: Who Do You Trust?

According to PwC:

“The BetterWeb™ Program is not an audit or review in accordance with professional standards, and PricewaterhouseCoopers has not performed testing to determine if, in fact, the company follows the policies posted on its Web site.”

Page 67: Who Do You Trust?

Industry Standard? Maybe….

BennettGold.ca

Page 68: Who Do You Trust?

Global

Performed by an objective, specially

trained CA or CPA

Independent Verification

Regular updates

WebTrust is: BennettGold.ca

Page 69: Who Do You Trust?

An Educational, Informative and Entertaining Privacy Portal

Created by

Introducing

Visit and be amazed!!

Page 70: Who Do You Trust?

A copy of tonight’s presentation is available online at

sipgroup.org

Thanks for attending and stay in touch.