Michael Cox, Andrew Larson, Brian Long, Jarrod Carlson
February 7, 2005
Acct 7630/4990 - Unit 3 Group Assignment
Links:
http://www.verisign.com/static/005435.pdf
http://www2.sprint.com/mr/news_dtl.do?id=1178
http://pages.ebay.com/help/policies/privacy-policy.html
http://www.truste.org/about/fact_sheet.php
The use of third-party organizations in securing or verifying the integrity of a business’s transactions has become relatively common practice and has gained popularity in parallel with the electronization of business. In introducing third-parties as a means of indicating conformance to specified standards, businesses stand to gain customer trust and reduce concerns of security when participating in online commerce. A number of standards and “seals” have been introduced in the past few years, including WebTrust, SysTrust, TRUSTe, Veri-Sign, Thawte, and others.
Veri-Sign, established in 1995 as a for-profit spin-off of RSA Data Security, Inc., is perhaps one of the most easily recognized names in the third-party assurance industry. Among the customers of Veri-Sign is the relatively young cellular phone company MetroPCS, which offers customers unlimited talk-time each month with a flat-rate and no contract. Initially, MetroPCS took interest in Veri-Sign’s billing systems for customer billing. As a forward-thinking company, MetroPCS allowed customers to view, manage, and pay bills online. With the integration of the internet into the company’s billing system, some form of assurance had to be put in place to assure customers that their sensitive account information would be secure when utilizing the online features offered by MetroPCS. It followed that Veri-Sign’s services for MetroPCS could extend to the internet and provide an analysis of MetroPCS’s business policies and privacy policies.
The additional services in the partnership between the two firms created revenue for Veri-Sign, and in return, MetroPCS was able to garner additional customer base on the offering that customers could now verifiably and securely access their account online with the assurance of Veri-Sign’s seal behind them.
In time, the partnership between Veri-Sign and MetroPCS expanded further, adding extensive database support from Veri-Sign to package calling features such as Caller-ID and Directory Services, and also uses the database support of Veri-Sign for compliance with the FCC’s mandated Wireless Number Portability act.
The SysTrust program, issued by the American Institute of Certified Public Accountants, functions in a similar fashion to the Veri-Sign services described above, with the exception that the SysTrust program is not-for-profit. Sprint acquired the seal of Systrust in March of 2002. Sprint underwent the rigorous process of acquiring the SysTrust seal to enhance marketability to potential customers of its web hosting and collocation services.
The SysTrust seal is especially important in the financial, manufacturing, and healthcare industries, and the communications service industry is no different. Customers of Sprint’s hosting services rely on the availability of Sprint’s services to power their businesses and e-businesses. With the success and repertoire of the client’s on the line to the end consumers, potential customers to Sprint take few chances in selecting a highly reliable service provider. Often, web hosting services require the singing of a Service Level Agreement contract guaranteeing 99.7% or greater uptime every month. With such critical reliability a must, Sprint needed a way to assure clients – potential and existing alike – that they were capable of providing the reliability, security, and availability necessary to support client’s operations.
Finally, the TRUSTe seal is a similar seal to the SysTrust program. The TRUSTe program was developed specifically with Internet security and privacy in mind. A logical candidate for the program is eBay, and eBay’s website, in fact, is one of 1,400 sites sporting the seal. For an enormous website such as eBay, security is a major concern. The success of eBay hinges on the confidence users must feel that use of the site is safe and that personally identifying data is secure.
Recently, eBay has fallen under much higher scrutiny. A number of spam emails circulating have attempted to pose as legitimate eBay messages, convincing users to enter personal information, such as credit card numbers and social security numbers into what turns out to be a bogus website. For this reason, it is even more important for eBay and similar web sites to maintain the third-party assurance seals of companies such as TRUSTe. In some cases, though, securing the web site may not be enough. The next step for eBay and security watchdog groups is to proactively inform end users of potential fraudulent scams or create new methods of communication between web sites and end users which can be readily verified by the users that the message is legitimate.