I do all my banking online. I watch my transactions carefully and I’m confident that if any of my accounts were compromised, I’d know soon enough to stop any damage. False sense of security? Maybe. My Aunt refuses to make a single online purchase, much less do her banking online. Is she being overly paranoid?
Aside from banking sites and places we enter credit card information, we put a great deal of trust into the sites we visit, giving them a lot of personal information. We are learning how to protect our children online, but how reckless are we being ourselves?
All too often, web applications ask for a lot of trust from visitors but don’t give it in return. Recently I visited a new site that promised to “budget, plan, forecast, organize and analyze your personal finances to achieve your goals.” It sounded like the perfect site to profile for a post here at WWD. After sign-up, you were expected to enter all of your personal financial information, short of the account numbers or PINs. No “About Us” or “FAQ” page. No forum or blog to reveal the thinking behind the site. The payment for the “enhanced” service was handled through PayPal, and even the domain was registered through Domains by Proxy (to hide the real contact information of the owner). I don’t think so.
Many sites use the “About” or “FAQ” page to talk about their hopes and dreams. That’s nice. But now tell us why we should trust you. If you’re not Google or Yahoo or another publicly traded company (or even if you are), give us a glimpse of the people behind the technology, and give us an idea of the steps you are taking to safeguard the data we are sharing with you. Nowadays, a http:// link isn’t enough to put anyone’s mind at ease. Going on instinct, I look for things like Truste or BBBOnline verification. I search for independent information about the company or site. Nothing is 100%, of course. The more a site asks from me, the more steps I expect the site to take to not only protect my data, but to be transparent about the methods they are using to do so.
Even if all the right pieces are in place, would you use a service like StolenID Search, a web application that searches stolen social security numbers to see if your number is compromised? The catch is that you have to enter that number into the site. For many people, myself included, social security numbers are very closely protected and we will not enter those digitis into a website easily. With good reason.
When it comes to trust, what do you look for in a web application before you hit that “sign up” button? Is there information that you won’t put online no matter what?