title for Trustmarks profile
home | about | site use | resources | publications | timeline |::| Analysphere | Ketupa
overview

the industry

inventory



















related pages icon
related
Guides:

Privacy

Consumers

Security &
InfoCrime

Governance

Economy




related pages icon
related
Profiles:

Trademarks

Online ADR

Auctions

Indigenous
Authenticity
labels







section heading icon     overview

 This profile considers online privacy seals and other trustmarks, discussed in our Privacy and Consumers guides.

It covers -

The following pages provide comments about the evolution of the trustmark industry and an indicative inventory of major online trustmarks, past and present.

subsection heading icon     marks in space

Who can you trust in cyberspace, where the facade presented by deft software does not necessarily equate to good performance, where many consumers feel that they are unequipped to use tools such as P3P or PICS and where the borderless nature of the net (or merely its newness) has encouraged bad practice by entrepreneurs or malicious individuals?

The discussion, in our Consumers guide, of trust suggests that businesses, governments, consumer advocacy organisations and individuals have some interest in online trustmarks. At its simplest, an online mark (sometimes characterised as a seal) is an indicator that the site operator has agreed to be bound by a code of practice. The mark is an advisory, rather than a guarantee of performance, since the binding is often weak and certification problematic.

The marks are issued by industry associations and consumer bodies (generally on a less-than-cost or cost recovery basis) or by commercial entities whose raison d'etre is to generate profits through conduct of a trustmark program and ancillary services such as legal compliance audits and training.

Given different jurisdictions with different markets, perceived needs and start-up funding there are a range of marks in Australia and elsewhere. There is no global standard for online trustmark schemes or for automated validation of marks.

Some are purely local. Others, such as the ICRA content label, are found across the world. Some have a narrow focus, for example on privacy or items sold via eBay. Others attempt to serve as an indication of business good practice (for example covering data collection, handling of disputes, fulfillment of commercial transactions) and may be tied to an alternative dispute resolution scheme offered by an industry association or commercial dispute resolution service.

Varying levels of enforcement mean that some marks, at best, are statements of aspiration whereas others are perceived to be more meaningful because the issuer has the resources - and will - to effectively police the mark.

Ernst & Young - perhaps playing catch-up with competitor and trustmark scheme operator KPMG - looked on the bright side in its 2001 E-Security & Privacy paper, claiming that

While there may be some enforcement, jurisdictional and perception hurdles to overcome, with full e-commerce assurance from independent, reputable organisations, web seals can ensure privacy policies are followed, aid market differentiation, build and support brand strength, support dispute resolution and offer indemnification and regulatory compliance.

subsection heading icon     responses

Responses to online marks - and particular seals - have been mixed.

Some observers, for example, have criticised the process through which mark are acquired, in particular schemes based on self-assessment. Critics argue that self-assessment is inherently open to abuse by the unscrupulous or merely incompetent.

Some note the poor performance of certifying bodies, including prominent seal issuers such as TRUSTe, characterised by critics as slow to respond to consumer concerns about abuses or lacking the resources to monitor compliance with their rules and ensure that the trustmark is removed from a site that breaches those rules. One example is Natalie Regoli's 2002 Indecent Exposures in an Electronic Regime paper (PDF).

Others question whether commercial trustmark schemes necessarily involve a conflict of interest or simply doubt a business model that requires significant investment for building a national/global brand and then maintaining it through ongoing promotion, compliance checks and litigation against entities that abuse the particular mark.

Still others note the plethora of competing trustmark bodies, ranging from those restricted to a particular jurisdiction to those with global ambitions, a presence in all major markets and compliance infrastructure to match.

That proliferation is an issue because it inhibits recognition (and thereby the value) of particular marks. If you can't tell whether a mark is "for real" will you as a consumer trust it or respect the site that features the mark? Will it make commercial sense for you as a site operator to badge your site with a mark (or marks), particularly if badging involves a fee or compliance requirements?

Questions of transparency and activity are of particular importance, since ultimately end-users must trust the trustmark.

Few trustmark scheme operators provide statistics regarding the removal of marks from sites. Many provide raw figures about the number of seals issued or the number of disputes dealt with. However, for both specialists and consumers it is difficult to determine the effectiveness of a particular scheme. Is scheme x biased? Are disputes (and dispute resolutions) meaningful? How many of the marks, once issued, are still active?

subsection heading icon     trusting the mark

A recurrent response by consumers (and by site operators) is that they are either not aware of particular marks or question their effectiveness.

In essence, many people do not trust marks and instead rely on an assessment (informed or otherwise) of a site, recognition of an offline/online brand and decisions about what is at stake.

Users of online trustmarks must

  • recognise the mark
  • perceive that the mark has value
  • understand what it means
  • believe that the site operator will comply with obligations regarding that mark
  • believe that the entity that issued the mark to the operator will act quickly, vigorously, equitably and effectively to address actual/alleged breaches of its rules, implicitly to serve consumers rather than an individual site and thereby ensure the mark's legitimacy
  • hope that there will be action by other consumers or by government regulators if the mark issuer (or mark bearer) does not live up to commitments regarding the mark
  • assume that the mark is current, rather than a relic from defunct trustmark schemes
  • assume that the site operator is entitled to the mark (eg not making fraudulent use of the ICRA mark on an adult content site).

Perceptions play a major role in trust. Perceptions that mark issuers have been slow to act, have tacitly ignored substantive breaches or have provided site operators with inappropriate wriggle-room (eg redefined the problem) accordingly mean that building trust in marks is difficult.

In discussing privacy we've noted the sobering conclusion in Robert LaRose & Nora Rifon's 2003 paper Your Privacy is Assured - Of Being Invaded: Web Sites With & Without Privacy Seals that

It is perhaps ironic that the Web sites that seek to publicize their concern for consumer privacy by displaying privacy seals were actually more likely to intrude on privacy, at least in terms of the amount of personal information that they requested from consumers. And, aside from a greater tendency to deposit cookies, the unsealed sites were no more likely to invade users’ physical privacy through involuntary intrusions on their computers.  Naïve consumers who view seals as a form of privacy protection may thus be disappointed.

The study conducted by those authors also asks

How effective were the seal authorities in encouraging compliance with FTC guidelines for notice, choice, access, and security? BBBOnLine sites were more likely to make assurances about secure transmission of information than TRUSTe sites. However, compliance with the guidelines was somewhat less than perfect in all key aspects. For example, while almost all of the seal program participants provided notice of the types of information collected, about an eighth did not reveal how information is collected, offer to correct errors, or maintain a complaint procedure. And, while most sealed (but also unsealed) sites informed consumers of their choices, many did not really offer any choice other than leaving the site or foregoing service.

A 2000 study of the US CPA WebTrust seal by Kris Portz, Joel Strong, Bruce Busta & Ken Schneider noted that

Subjects were asked how much protection against fraudulent business practices the WebTrust seal provides or implies. Fifty-nine percent correctly indicated that “WebTrust helps to minimize the possibility of fraud,” while 22% incorrectly indicated that “customers are absolutely protected against fraud.”

This result is cause for concern. If 22% of consumers believe that WebTrust absolutely protects against fraud, CPAs could be exposed to legal action. The disparity between a consumer’s perception of the assurances and what the assurances actually are creates an expectation gap. Accountants have a long, painful history of dealing with the expectation gap, and the presence of one regarding the WebTrust program must be carefully examined and every effort made to mitigate it.

Joseph Turow's 2003 Americans & Online Privacy: The System is Broken study (PDF), highlighted in our discussion of privacy statements, noted similar consumer misinterpretation of 'signals' from site operators. It claimed that 57% of US adults who use the internet at home incorrectly believe that when a site has a privacy policy, it will not share their personal information with other sites or entities.

Turow's consumers valued their privacy: when "presented with a common version of the way sites track, extract, and share information to make money from advertising, 85% of adults who go online at home did not agree to accept it on even a valued site".

However, 64% of the online adults say they have never searched for information about how to protect their information on the web; 40% say that they know "almost nothing" about stopping sites from collecting data, 26% know "a little" and only 9% (immodest or otherwise) report knowing "a lot".

That raises questions about proposals to address trustmark problems by printing official guides to web seals.

subsection heading icon     lessons from offline marks?

Misinterpretation, distrust of or simply non-recognition of online trustmarks is consistent with experience offline.

That is evident in studies such as Beltramini & Stafford's 1993 'Comprehension & Perceived Believability of Seals of Approval Information in Advertising' (in Journal of Advertising, XXII), Kamins & Marks 1991 'The Perception of Kosher as a Third Party Certification Claim in Advertising for Familiar and Unfamiliar Brands' (in Journal of the Academy of Marketing Science, 19, no 3) and Parkinson's 1975 'The Role of Seals and Certifications of Approval in Consumer Decision Making' (in Journal of Consumer Affairs, 9).

subsection heading icon     academic and industry studies

The immaturity of the trustmarks industry (or merely the perceived indiference of most end-users, whether site operators or site users) means that there is considerable uncertainty about their effectiveness and even what marks are currently active.

The 2000 Heidelberg Consensus Recommendations on Trustmarks, arising out of a major conference on health informatics, noted a "lack of experience with trustmarks and lack of evidence for the effectiveness or impact of trustmarks".

It concluded that

we have no actual evidence for saying whether and under which conditions trustmarks may create more benefit than harm, and that any project trying to implement a trustmark concept has to be carefully evaluated for the impact of its service on people and information providers

That remains the case. A handful of empirical studies have been conducted since the Heidelberg but their conclusions are contentious. Much of the quite limited literature has a very theoretical flavour, is narrowly restricted to particular sectors (especially in relation to privacy aspects of B2C), serves to promote specific initiatives or confuses aspiration with reality.

From an academic perspective the outstanding empirical study, albeit narrow in scope, is Anna Nöteberg's 1999 dissertation (PDF) Trusting the Web? Web Assurance Seals for an Improved Electronic Commerce Environment. It is complemented by the 2002 Web Assurance Seals: How & Why They Influence Consumers' Decisions (PDF) by Marcus Odom, Anand Kumar & Laura Saunders and the 2002 paper Trusting the Trustmark? by Fredrik Nordquist, Fredrik Andersson & Eva Dzepina.

Recent EU development is highlighted in the 2006 E-Commerce Trustmarks in Europe: An Overview and Comparison of Trustmarks in the European Union, Iceland and Norway (PDF) report.

An older view of the terrain is provided in Web Seals: A Review of Online Privacy Programs, a 2000 report by the Office of the Information & Privacy Commissioner in Ontario and the Australian Federal Privacy Commissioner prior to collapse of the dot-com bubble, and in the 2003 Options Paper - Web Seals of Approval (PDF) from the Australia New Zealand Standing Committee of Officials of Consumer Affairs (SCOCA) E-commerce Working Party. The latter document cites an earlier version of this profile.

John MacDonnell's 2001 dissertation (PDF) Exporting Trust: Does E-Commerce Need A Canadian Privacy Seal of Approval suggests that there is a need for a a single multi-sectoral national seal in Canada, pendinf development of a coherent international regime. MacDonnell notes concerns about policy and administration, suggesting that such a scheme should come under the auspices of a consumer association. Privacy in E-Commerce: Development of Reporting Standards, Disclosure and Assurance Services in an Unregulated Market (PDF) by Karim Jamal, Michael Maier & Shyam Sunder and the 2000 Deceptive and misleading on-line advertising and business practices paper by Russell Smith take a more positive view of self-regulation and extend beyond privacy.

For a vision, which we find unconvincing, that consumers will embrace trustmarks and then seek "lovemarks" see the interview with Saatchi & Saatchi's Kevin Roberts. We've suggested elsewhere that consumers often don't understand (or even encounter) online trustmarks: the marks that are recognised and credible are the trademarks associated with brands: IBM, Amazon.com, Dell, Westpac, Sony.

Questions about self-regulation are highlighted in Organized Interests & Self-Regulation - An Economic Approach (Oxford: Oxford Uni Press 1999) edited by Bernardo Bortolotti & Gianluca Fiorentini, Peng Hwa Ang's succinct discussion of privacy seals in his 2001 paper The Role of Self-Regulation of Privacy and the Internet, the 2003 PCMLP paper by Matthew Hardy & Marcus Alexander Self-regulation & Certification of the European Information Economy: The Case of the eHealthcare Information Provision (PDF) and PCMLP paper (Zip) on Website Quality Labelling.

An earlier PCMLP paper (PDF) offers An Introduction to the Labelling of Websites.

subsection heading icon     AVS

Age Verification Services (AVS) - aka Adult Verification Services - are sometimes confused with trustmarks. They are discussed here and in our Censorship, Secrecy & Free Speech guide.



icon for link to next page    next page  (the trustmark industry)




this site
the web

Google

 

version of June 2007
© Bruce Arnold
caslon.com.au | caslon analytics