Domain: bbbonline.com
Stories and comments across the archive that link to bbbonline.com.
Comments · 6
-
What's a bank? What's a legitimate business?
I posted "What's a bank?" previously, with some examples of ambiguous cases. If the criteria for some ".bank" domain are broadened to financial service businesses generally, it's even worse. That pulls in mortgage brokers, which range from major firms like Provident to the "Lenders compete from your business" spammer. Then there are the "offshore" operators, the "High Yield Investment Program" people, hedge funds of varying degrees of legitimacy, and armies of "affiliates" and "resellers". Expecting domain registrars, who have a terrible reputation as verification services, to sort this out is asking too much.
We've been struggling with this issue for SiteTruth, where we try to rate businesses for "legitimacy". Simply trying to associate the name and address of a legitimate business with a web site is enough to filter out a huge number of marginal web businesses. But it's not a solid protection against more determined fraud operations. We check against third-party sources for identity verification, which helps. We give the highest rating only to sites for which we have some source of third-party confirmation (a valid SSL cert with a name and address, a BBBOnline seal, etc.)
The Online Better Business Bureau is probably the best verification service right now. Their seal of approval actually means something. (But click on it to check that the BBB site says the seal is valid. We check that automatically with SiteTruth, and there are definitely sites out there using the BBBonline graphic that aren't entitled to do so.)
The PhishTank people have a user-reported list of "phishing sites", but it's always behind. Worse, it's by URL, not domain, so sites that generate a new URL for each spam escape that check.
There have been several previous attempts at "identify your business as legitimate by paying us money". This ".bank" scheme falls into that category. Before that, "High Assurance" certificates were touted as a similar scheme. There are several companies selling "seals of approval"; there's "ValidatedSite.com", the "International Bureau of Certified Website Merchants", "Guardian ECommerce", and the "International Chamber of E-Commerce". Most of the certificate authorities have some kind of seal program, too. This ".bank" thing is the same idea, at a higher price point.
-
Better Business Bureau
File a complaint with the Better Business Bureau. Its easy, its free, and they make sure it gets the attention of the right person at the company in question. With such a trivial complaint coming from the BBB, Yahoo'll take care of the problem faster than greased lightning.
-
Re:Long-term versus Short-term incentivesIn a perfect world (from the company's perspective), the company convinces you that it's one of the good guys among a pack of bloodthirsty wolves and it makes as much money off your personal information as possible without your knowledge.
If the company can find that fine line it can retain you as a customer for years to come while making extra money off your information. Why should the company choose between "creating a loyal customer" and "making a one-time buck" when it can have both?
Welcome to the world of "privacy policies." A marketing team researches its customers' worst fears and creates a document that states it is the company's policy not to do any of those things. Web sites wear these like police badges, and customers feel reassured because they believe the company is bound to adhere to the policy by some government regulations. However, neither you nor the government (nor Trust-E or BBB Online for that matter) have any way of knowing whether the company is following that policy.
-
BBB online.
BBB Online
The BBB privacy seal looks like it's slightly better than the Truste one, but not by much. They mention a requirement to get consent prior to transferring information for a particular use, but only if that use is NOT mentioned in the privacy policy as a possible use of individually identifiable info. There are also requirements to allow optout from 3rd party transfers, and some other good requirements. It still seems to be mainly a "enforce your privacy policy" requirement.
They've got a BBB child privacy seal, which is basically the same as the adult one, with the addition of requiring a parental consent when acquiring/transferring/using information about a child.
So, it looks like the BBB privacy seal is nearly the same as the truste one. As someone else mentioned, follow the revenue stream to the source, and you'll probably be able to figure out how strong the enforcement procedures are.
In the above "how strong" info, a "respondent" is a business.
As of June 30, 1999, there were 4 complaints, 3 were ineligible for various reasons, and 1 was resolved after the "complainant" contacted the BBB. No cases had been "decided".
The strangest one that was ineligible, was declared ineligible because the business's web-site did not have a privacy policy.
So far, none of the industry-funded "privacy" initiatives seems to have any likelihood to protect consumer privacy. They're still in the "enforce your privacy policy" stage.
There's got to be a consumer-funded privacy initiative somewhere. -
BBB online.
BBB Online
The BBB privacy seal looks like it's slightly better than the Truste one, but not by much. They mention a requirement to get consent prior to transferring information for a particular use, but only if that use is NOT mentioned in the privacy policy as a possible use of individually identifiable info. There are also requirements to allow optout from 3rd party transfers, and some other good requirements. It still seems to be mainly a "enforce your privacy policy" requirement.
They've got a BBB child privacy seal, which is basically the same as the adult one, with the addition of requiring a parental consent when acquiring/transferring/using information about a child.
So, it looks like the BBB privacy seal is nearly the same as the truste one. As someone else mentioned, follow the revenue stream to the source, and you'll probably be able to figure out how strong the enforcement procedures are.
In the above "how strong" info, a "respondent" is a business.
As of June 30, 1999, there were 4 complaints, 3 were ineligible for various reasons, and 1 was resolved after the "complainant" contacted the BBB. No cases had been "decided".
The strangest one that was ineligible, was declared ineligible because the business's web-site did not have a privacy policy.
So far, none of the industry-funded "privacy" initiatives seems to have any likelihood to protect consumer privacy. They're still in the "enforce your privacy policy" stage.
There's got to be a consumer-funded privacy initiative somewhere. -
BBB online.
BBB Online
The BBB privacy seal looks like it's slightly better than the Truste one, but not by much. They mention a requirement to get consent prior to transferring information for a particular use, but only if that use is NOT mentioned in the privacy policy as a possible use of individually identifiable info. There are also requirements to allow optout from 3rd party transfers, and some other good requirements. It still seems to be mainly a "enforce your privacy policy" requirement.
They've got a BBB child privacy seal, which is basically the same as the adult one, with the addition of requiring a parental consent when acquiring/transferring/using information about a child.
So, it looks like the BBB privacy seal is nearly the same as the truste one. As someone else mentioned, follow the revenue stream to the source, and you'll probably be able to figure out how strong the enforcement procedures are.
In the above "how strong" info, a "respondent" is a business.
As of June 30, 1999, there were 4 complaints, 3 were ineligible for various reasons, and 1 was resolved after the "complainant" contacted the BBB. No cases had been "decided".
The strangest one that was ineligible, was declared ineligible because the business's web-site did not have a privacy policy.
So far, none of the industry-funded "privacy" initiatives seems to have any likelihood to protect consumer privacy. They're still in the "enforce your privacy policy" stage.
There's got to be a consumer-funded privacy initiative somewhere.