Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Instructions for Use - Delete before Printing

advertisement 
Instructions for Use - Delete before Printing
Microsoft provides this material for partners’ convenience and informational purposes only.
2 Key Ways to Gain Online Shoppers' Trust
Consult with your own attorney to ensure you follow all applicable laws, including any anti-spam
laws.Attention, please, those of you who sell merchandise online: Not all of you are honest, competent and
credible. Some of you are incredibly greedy. More than a few of you ought to be in jail for the things you
do to consumers.
Be sure to:

Display only the headline and first paragraph in your online newsletter. Link the
But remainder
most of you, of
I suspect,
are worthy
of my
trust. TheSmall
troubleBusiness
is, how doCenter
consumers
your article
to the
Microsoft
at: and other businesses
tell you from the bad guys on the Web?
http://www.microsoft.com/smallbusiness/resources/overview.aspx%20
TheyInclude
an attribution
line
in buyers
your print
newsletter
crediting
the merchants
content to
the
Microsoft
can't really.
But one way to
help
feel more
secure about
the online
they
shop
is
through
certificates
andwith
privacy
Smalldigital
Business
Center
theseals.
URL:
http://www.microsoft.com/smallbusiness/resources/overview.aspx%20
How
digital certificates work
Let's first talk about digital certificates. They were invented to facilitate trust in Internet transactions. These
VERY
IMPORTANT!
send
anthat
email
certificates,
among otherWhen
things, using
validatethe
for content,
customersplease
shopping
online
theyto
are dealing with a
specific person or company that
has abeen
checked
outnewsletter
by the companies
to overall
issue thedistribution
mslocalp@microsoft.com
with
copy
of your
alongauthorized
with your
certificates.
(number of customers you are sending the marketing to).
An online merchant buys a digital certificate from a certification authority (often abbreviated as CA on the
Web and in marketing materials). Before the certificate is issued, the CA checks out your company, to be
sure you are who you say you are and are worthy of the certification. (For more on this process, see one of
the Web sites whose addresses are mentioned below.)
Assuming you pass muster, the certificate is uploaded to your site. Typically, a logo is posted on your Web
site assuring the world that you have been checked. Again, this is intended to build customer trust.
Next, a customer comes to your site to buy a product. When the transaction begins, the customer's
browser contacts a secured address on your Web site. That address will start with "https," rather than
"http." Your server sends its digital certificate to the browser, authenticating itself.
That initiates the Secure Socket Layer (SSL). No, that's not a name you will hear at cocktail parties. But it
means that the data transmitted by the customer's browser is protected with encryption. A padlock
symbol at the bottom of the customer's browser shows that the session is secure.
What follows is a series of things that take place behind the scenes, all transparent to the customer: The
customer's browser generates a session key (a long number), and uses that to encrypt the customer's
credit-card number or other sensitive data. The browser then encrypts the session key, using a public key
sent by your server. The browser sends the encrypted credit-card information to your Web server, along
with the encrypted session key. The server uses a private key to decrypt the session key, and then uses the
session key to decrypt the credit-card information.
No certificate, no encryption
The encrypted transaction here is made possible by the digital certificate. Without the certificate, the
encryption would not take place. Without the encryption, the customer's information would be sent in a
manner that could be intercepted by evil-doers in transit. If you don't have a certificate, the padlock icon
on the customer's browser will not close.
The browser probably would generate a message warning the customer that the transmission is not
secure. The customer might decide to do business with someone else.
There are a number of certificate sellers. The biggest is VeriSign (www.verisign.com), which sells
certificates under that name and Thawte (www.thawte.com). VeriSign has about 90% of the U.S. market.
Other major sellers are Entrust (www.entrust.com), Comodo (www.comodogroup.com) and Baltimore
Technologies (www.baltimore.com).
Those five have high compatibility with browsers. There are other certificate sellers, but at least some are
not compatible with older browsers, or those made by the browser publisher Opera.
For instance, some cannot handle Internet Explorer 5.0, which was distributed with Windows 98. Be sure to
check compatibility when buying a certificate. About 10% of the people who connect to my Web site are
using old browsers — you don't want to lose that business.
Prices can vary widely. VeriSign certificates, with the highest level encryption (128-bit), cost around $900
for one year or $1,600 for two. The much smaller Baltimore charges around $350 per certificate for one
year. You will need certificates for each secure server.
Why privacy seals are important too
People want not only to have their personal data encrypted, but they also want to know what the online
merchant is going to do with it. People today are concerned about identity theft and spam, and with good
reason.
Some Web pioneers recognized in the mid-1990s that this would be an issue. They formed TRUSTe
(www.truste.org), a nonprofit organization that sets standards for privacy. TRUSTe members agree to
follow these rules:
Adopt a privacy policy that allays the fears of consumers.
Disclose what information is collected and what is done with it.
Give consumers the option of refusing to supply certain information.
Take steps to secure sensitive information provided by consumers.
Sounds like common sense, huh? Well, it is. But written policies that reiterate these rules are a good idea.
When TRUSTe was formed, Internet commerce was brand new and exploding. It was -- and still is -important that companies follow the rules and make the online shopping experience a positive one for
consumers. Bad apples can wreck everything.
After companies apply to TRUSTe and submit a proper privacy policy, they are permitted to display the
TRUSTe seal. This seal tells customers that the company displaying it practices good privacy policies. The
fee for the TRUSTe seal is based on a company's sales. The fee for the smallest companies (those with
annual sales of less than $5 million) is around $600. It rises with higher revenue numbers.
Another registration service is provided by WebTrust (www.webtrust.net). This organization periodically
has member firms examined by a certified public accountant. Among the criteria are high standards in
online privacy, security and business practices. Fees vary, depending on the time the CPA spends
examining the firm.
Check out the BBB
Both of the above services serve to reassure customers. But I am even more bullish about the Better
Business Bureau Online (www.bbbonline.org), the Internet side of the same venerable watchdog
organization that provides BBB plaques for brick-and-mortar businesses' walls. Given its longstanding
service and strong reputation with the public, the BBB seal might be the most effective seal of all.
BBBOnline actually has two seals: reliability and privacy. You must join your local BBB to receive the online
reliability seal. And you must have a satisfactory record of resolving problems reported to the BBB.
The privacy seal requires that a privacy notice be adopted and posted. If a company appears to meet
threshold standards, it still must be assessed. Fees start at $200 for a company with $1 million or less in
revenues.
A privacy seal from any of these organizations can go a long way toward reassuring today's wary
customers (many Web sites display more than one seal). A privacy seal combined with a digital certificate
is an even better way that online merchants can show they are worthy of consumers' trust.
Kim Komando writes about workplace technology and security issues. She's the host of the nation's
largest talk-radio show about computers and the Internet, and writes a syndicated column for more than
100 Gannett newspapers and for USA Today. Find Kim's show on the radio station nearest you, and send
an e-mail to subscribe to her free weekly e-mail newsletter.
By Kim Komando
To read more valuable small business tips and articles, visit the Microsoft Small Business Center at
http://www.microsoft.com/smallbusiness/resources/overview.aspx%20.
Related documents
Application for Land Value Tax Rate Applicable to Land Used for
Application for Land Value Tax Rate Applicable to Land Used for
Curriculum Review Checklist for Department Chairs
Curriculum Review Checklist for Department Chairs
Preoperative Information - Cornerstone Animal Hospital
Preoperative Information - Cornerstone Animal Hospital
Industrial(Plant) Land Application
Industrial(Plant) Land Application
Child Protection study day 12th June 2007
Child Protection study day 12th June 2007
Application for Land Value Tax Rate Applicable to Land Used for
Application for Land Value Tax Rate Applicable to Land Used for
Form-3.5
Form-3.5
PAFCPIC "We Care Abuloy"
PAFCPIC "We Care Abuloy"
http://www.truste.org/docs/TRUSTe_Amicus_Brief_in_Klimas_v_Comcast.doc
http://www.truste.org/docs/TRUSTe_Amicus_Brief_in_Klimas_v_Comcast.doc
Adverse selection in online ‘‘trust” certifications and search results Benjamin Edelman
Adverse selection in online ‘‘trust” certifications and search results Benjamin Edelman
Download
advertisement