What is a trusted third party and how does it enhance electronic commerce? In cryptography, a trusted third party (TTP) is an entity that facilitates interactions between two parties who both trust the third party (Wikipedia, 2013). This is similar to a notary public who acts as a trusted third party when it comes to duplicating legal documents. Both Verisign and TRUSTe act as trusted third parties by building trust relationships between customers and venders like Amazon and Newegg. So how do Verisign and TRUSTe build the trust environment?
Verisign (owned by Symantec) provides Secure Sockets Layer (SSL) Certificate Services, Public Key Infrastructure (PKI) Services, Verisign Trust Services, and the Verisign Identity Protection (VIP) Authentication Service (Wikipedia, 2013). These services enable secure communication services between the customer and venders. Thereby building a level of trust that valuable financial data or personal identifiable information (PII) will not be compromised in transit to the vender’s website.
Verisign has many competitors in the area like Digicert and COMODO. With prices ranging from $1000 a year for a Verisign certificate, to as low as $6 for a certificate from COMODO. Verisign backs each of their certs with a $1.5 million dollar insurance policy against certificate compromise. Whereas COMODO only has a $10,000 guarantee against certificate compromise. Therefore, when you see the little logo at the bottom of the website saying what certificate vender the site uses you will know how much the vender cares about their site.
TRUSTe operates a privacy seal program, certifying websites, mobile apps, and cloud services for more than 5,000 businesses, including Apple, eBay, HP, Intuit, LinkedIn, Microsoft and Zynga (Fena, 2001). TRUSTe seal does not indicate that a web site complies with any specific set of privacy rules, such as the European Union’s Data Protection Directive. It indicates only that the site has self-certified as complying with the site’s own privacy statement (TRUSTe, 2013). The seal means that the website complies with government and industry privacy guidelines in which it ensured that the vender met. This builds trust by telling the customer that the company will not do anything with their PII[1] that is not explicitly spelled out in the site privacy guidelines. However, TRUSTe is not the only organization that verifies site privacy and security.
Symantec, COMODO, and Trustwave also provide trust seals. However, they are different in that their seal programs do not cover the same areas of security that TRUSTe covers. The seals from Symantec and COMODO tells the customer that their information in transit to and from the site is secure. Trustwave on the other hand provides a seal that indicates that the site has taken security measures to protect customer credit card numbers and other sensitive information such as social security numbers (Trustwave, 2013). Moreover, there are many trust seal programs that cover different aspects of computer security, that is why many e-commerce sites have multiple seals covering different aspects of their site.
Each of these services lends credibility the sites that use them, but the credibility of the third party is like money, it only has value because we believe it has value. Therefore, names like Verisign and TRUSTe must cultivate trust in their names so when people see the seals that they know that it is a trust worthy site. Once they trust the names of the certifying organizations then they will trust a site certified by them enough to use it. Without trusted third parties how would anyone know if a site was truly safe or not.
Works Cited
Fena, L. (2001, 07 12). PRIVACY AND INTELLECTUAL PROPERTY ISSUES. Retrieved from house.gov: http://judiciary.house.gov/legacy/fena_071201.htm
TRUSTe. (2013, 11 30). What Does TRUSTe Certification Mean to Consumers? Retrieved from TRUSTe: http://www.truste.com/products-and-services/program-descriptions
Trustwave. (2013, 11 30). Trusted Commerce seal. Retrieved from Trustwave: https://www.trustwave.com/trustedCommerce.php
Wikipedia. (2013, 11 30). Trusted third party. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Trusted_third_party
Wikipedia. (2013, 11 30). Verisign. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Verisign
[1] Personally identifiable information (PII) – Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. http://en.wikipedia.org/wiki/Personally_identifiable_information