Paid Advertising
web application security lab

ControlScan Settles with the FTC

Got this in the mail today from ControlScan:

This letter is to tell you that we recently settled Federal Trade Commission (FTC) allegations that certain of our privacy and security seals were deceptive. Among other things, the FTC, the nation’s consumer protection agency, alleged that our Privacy Protected, Privacy Reviewed, Business Background Reviewed, and Registered Member seals falsely claimed to consumers that we had verified the privacy and security of the websites displaying them, when, in many instances, we had not.

We already have discontinued these seals, so you should not be displaying them. If you are still displaying any of these seals on your website, you must remove them immediately.

You may continue to display the Verified Secure seal.

If you have questions about this matter, please contact Joan Herbig at –snip–.

Sincerely yours,

Joan Herbig
Chief Executive Officer
ControlScan, Inc.

It’s interesting that the FTC has been looking into this - I’d be curious what sort of other security business practices are getting scrutinized. Could this be a new wave of deeper enforcement? There are certainly a lot of faulty business practices in security - so there would be no end to the possibilities there for an agency that just wanted to make a point.

3 Responses to “ControlScan Settles with the FTC”

  1. Hacxx Says:

    Some help required for a small indoor project


    Is there anyway to obtain a “code” (session id) from a secondary website and define as variable in my site.

    Roboticaly speaking, if it’s possible to obtain the ID from a diferent site/page and use that id as a javascript variable.

    Also the whiteacid script is no longer available for download, does anyone know where i can get it.

    Thanks for your time

  2. Chris Clark Says:

    This is pretty similar to what happened to Microsoft’s Passport several years ago. Microsoft had to respond by demonstrating that they actually took steps to protect user privacy and secure Passport as an application.

  3. Wes Says:

    Who knows what these companies actually do to verify the security of sites? You could easily dupe small business owners into paying out the ass for some kind of ’security verification’ and then put a bunch of stuff in small print saying you don’t really guarantee full security.