I think this is a very good idea. Thinks I can think of:

1. Company owners should be know and should confirm with official company records and should be checked
2. Company structure in terms of what kind of registration should be one where the company can be hold accountable, not an anonymous registration in a tax haven.
3. Security audit
4. Terms of us should contain enough buyer / user protection sections
5. Rating for support quality and time

I'll update when I have more time to think about this. Maybe also use bronze, silver, gold, platinum levels and define what these include.