One of the scariest scenes in any film must be when Laurence Olivier tortures Dustin Hoffman with a dentist's drill in Marathon Man: "Is it safe? Is it safe?" to the sound of drilling and screaming.

But that refrain of "Is it safe?" is one that we should all be saying to ourselves every time we visit a web site - and not just where web sites ask for our money.

Web pages can contain many insecurities and annoyances: we might find viruses and Trojans downloaded to our visiting browsers; we might find seemingly endless sequences of pop-up screens appearing, multiplying maniacally as we try to shut each one.

Links from a web page to sites that we already trust might include harmful instructions, executed without protection on our computers, to expose secrets or delete data. We might find ourselves conned into altering our browser start page, or even the ISP access number that we dial, changing it from a local to a premium rate call. Worst of all, our email address might be captured and then used by spam merchants. Or perhaps other details - that should be protected under the Data Protection Act requirements - are being collected and disseminated in ways we know nothing about.

Many bad things can happen on a web page, even without considering what can happen if we provide our credit card details. But, of course, the worst things do happen in relation to our credit cards and sites that process payments. If the database is not well protected then a hacker can collect thousands of individual data records, and can sell or use the card details to defraud the card holder or card issuer.

Perhaps we shouldn't simply be asking ourselves, sotto voce, whether the web site we are about to enter is safe; perhaps we should be demanding proof that it is.

Of course, some web sites do try to persuade us that they are operating in a trustworthy manner. Some assure us that they are handling our credit cards "securely" by providing encrypted communication. Unfortunately, that's about all that they provide - and few if any credit card details are in fact stolen by hackers while the numbers are being transmitted.

Details are stolen by hacking into data collections. And sometimes the operators of web sites do not follow good business practices, and they share our details in ways we would not approve of.

What we need is some form of certification to prove that all aspects of trustworthiness and sensible operating practices are in place. We need to know that personal data is being handled in a way that conforms to the Data Protection Act; we need to know that the web site is tested and maintained securely; we need to know that the credit card details in the database are encrypted and stored safely. We need a stamp of reassurance, a certification that proves that the answer to "Is it safe?" is a definite "Yes!"

Have your say: reply to IT Week

More IT Week Comments