Trustmark Schemes Struggle to Protect Privacy (2008)

10. Consumer understanding

TRUSTe's own research on factors that are most likely to increase privacy trust shows that a web seal scores 9% (ranked 7th).[85] But after more than 10 years of operation, the actual level of privacy protection provided by a trustmark is still poorly understood by consumers:

The presence of so many trustmarks almost guarantees misunderstandings, misuse and misappropriation of claims of digital trust. The desire to invoke digital trust for online enterprises, combined with the business opportunities that await those who provide emblems of trust (trustmarks), has led to hundreds of trust claims and marks. While the urge to represent and measure trust in the digital enterprise is admirable, not all trustmarks deliver digital trust.[86]

The operators of trustmark schemes have been aware for many years that consumers do not understand the full limitations of the seals (e.g. low standards, limited coverage), yet little has been done to combat this misunderstanding. For example, the CPAs who ran the WebTrust seal conducted their own empirical research on consumer understanding in 2000. They found:

22% incorrectly indicated that ‘customers are absolutely protected against fraud.’ This result is cause for concern. If 22% of consumers believe that WebTrust absolutely protects against fraud, CPAs could be exposed to legal action. Another question revealed that 59% of study participants thought that the CPA ‘approved the business practices’. [87]

Some trustmark schemes add to this consumer confusion by making broad (and incorrect) claims that their privacy standards are consistent with privacy laws. One scheme really confuses consumers by publishing a list of ‘safe links’ on its website. These are not certified members of the trustmark program, they are just links that appear to generate click-through advertising revenue.[88]

There is a concern that consumers may be misled into revealing more information than they would reveal to other sites:

Considering that the vast majority of the public may be unaware of this misrepresentation and believes in the illusion of safety created by the placement of a trustmark on a Web site, this misplaced trust may lower users’ personal guards, leading them to reveal more information than they would in situations without the appearance of the privacy-ensuring mechanisms. These user perceptions may ultimately result in a situation more detrimental to users than the absence of privacy policies or trustmarks altogether. [89]

The most famous study of consumer understanding of trustmarks was conducted in 2003. It asked consumers to assess the privacy protection offered by three real privacy seals (TRUSTe, BBB Online and CPA WebTrust) plus one phoney privacy seal (Web Shield). Web Shield was created from standard clip art. Sadly, the fake seal was recognised by 15% of consumers as a legitimate trustmark seal, only slightly below TRUSTe (42%) and BBB (29%) and well above WebTrust (8%):

This finding suggests that any official-looking graphic placed on a website has an equal chance of persuading the consumer that the site is trustworthy, regardless of any relation between that graphic and the actual web assurance seals.[90]

[85] TRUSTe, 2007 Most Trusted Companies for Privacy Award, summary prepared by Ponemon Institute, 29 January 2008, <>.

[86] CSC Consulting, Transparency and Assurance: Putting a Measure on Digital Trust, 2008, <>.

[87] Portz K, Strong J, Busta B, Schneider K, Do Consumers Understand What WebTrust Means?, October 2000, <>.

[88] <>

[89] Regoli N, Indecent Exposures in an Electronic Regime, 9 February 2002, Federal Communications Law Journal, at page 370, <>.

[90] Moores T, Do Consumers Understand the Role of Privacy Seals in E-Commerce? Communications of the ACM, Vol. 48, No. 4, pp. 86-91, March 2005.