Third Party Security Seals: Examining the Differences

Identity theft is a serious problem. According to scambusters.org:

“Identity theft is the fastest growing crime… Experts estimate that about 10 million people become victims each year. That means every minute, 19 people become new victims of identity fraud!

In fact, according to the US Department of Justice, drug trafficking is now being replaced by identity theft as the number one crime.”

I don’t know about you, but to me that’s a scary thought.

In my previous post, I ran over some lesser known ways that people can steal your information. I also mentioned that a third party verification service can help minimize these threats.

I have since done some research on the companies that offer that service and have learned that there are, in fact, several different processes available to a site operator interested in double checking their defenses. In this post I hope to clarify to both business owner and consumer what varying services three of the industry leaders have to offer their customers, and consequentially what their trust seals represent.

I’ll begin with what’s probably the best known seal provider: Hacker Safe.

Hacker Safe was acquired by McAfee in 2007 for over $50 Million, but the focus of the service remains the same, namely PCI Security Scanning. This service scans a server’s firewall and defenses for many types of vulnerabilities. They then contact their customers and inform them that intruders may be forcing their way through the protections in place. If the customer wants their trust seal, they must adjust their firewalls to remedy the problems first.

Probably the biggest benefit of this seal is flat out brand recognition. People are familiar with the phrase “Hacker Safe” and that puts customers at ease.

There are some things, though, that may make Hacker Safe a poor choice for many sites. One of the biggest issues I found was that they are pretty expensive. The scanning seems to add quite a bit to their cost over other companies, and many sites don’t even need the scans at all.

If a site does not store personal info on their server (credit cards, social security #’s, etc,) for example by using a service like Authorize.net, the scans are unnecessary to comply with the credit card companies’ security requirements. Plus, if your site processes fewer than 20,000 transactions a year, you don’t need to be scanned anyway.

Hacker Safe, of course, doesn’t mention any of this on their site. They also fail to mention some major invasion threats they don’t scan for at all, or that they don’t verify the legitimacy of a business’ practices or privacy policy. They only perform a basic scan on the server, not the site.

But marketing gimmicks aside, if you are required to have the scans, Hacker Safe’s brand recognition may play to your benefit. Just be aware that you will need to purchase additional trust seals from different providers to compete with some other verification services conversion rates, and that can add up to a pretty penny.

UPDATE (AUGUST '08): Hacker Safe is now known as McAfee Secure. Same product, different name. Thought I oughta clarify :)

The Better Business Bureau has been around for a long time, so consumers are inclined to trust them and the reports they offer. But that’s only part of why I chose their seal to focus on in this piece. A more important reason for dedicating some time to the BBB, is that their service is very different from the ones offered by the scanning companies like Hacker Safe.

Most people know the BBB as a place to file complaints and get their concerns addressed. They have always verified the businesses themselves. This is still the primary concern of their operation and it carries over to their trust seal. They, for the most part, keep track of the complaints filed through them against you and require that they be dealt with in a satisfactory manner and time frame to retain their seal on your website.

They also verify the street address of a company. This is extremely important to preventing scams. The FBI, on its webpage, advises online customers to “Try to obtain a physical address rather than merely a post office box and a phone number. Call the seller to see if the number is correct and working.” A verified address and number means, if it is a scam, the authorities know just where to look.

Again, familiarity with the service is a definite plus to using their seal. Shoppers, especially those of an older generation, are aware of the BBB and it’s uses.

There are some reasons the BBB may not be the ideal choice for all site operators.

First, they do verify your business’ address and make it accessible for your customer’s verification, but, other than the usual BBB procedures, that is all they do. There are no scans should you require them. They don’t check the privacy of your site. And again, the cost is fairly high, and can be just as expensive as Hacker Safe (I assume because they have a well known name. It’s the only reason I can think of.)

However, they do make your customer service record fairly public, and that can help reassure a customer as to your business’ legitimacy. If the familiar brand is worth the cost to you and they suit your needs, then by all means sign up. But be aware that there are other concerns their seal fails to address, and additional seals may be required to match conversion rates from other companies, again driving the cost higher.

Trust-Guard is a rising star in the world of website verification. One of the key things that set them apart from their competition is that they offer multiple seals, with multiple color schemes, with multiple purposes.

They like Hacker Safe (now McAfee Secure) provide PCI compliant scanning, where they perform extensive vulnerability scans on the companies website and server. Trust Guard however, does scan for more security holes and does it for less.

They also focus on individual website verification and security by verifying information about the business’ and it's SSL Security Certificate. For those who don't know, if the certificate is expired, sensitive information sent may not be encrypted and is vulnerable. If the system is up to date (after some other checks) they offer their "Security Verified" trust seal.

But they also have other seals that serve other consumer concerns.

Their “Business Verified” seal verifies the same concerns as the BBB seal, without the customer complaint record. Their “Privacy Verified” Seal requires a privacy policy that meets their strict criteria. And, finally, their “Certified Seal” addresses all the previous verification and takes it one step further. They also verify the name and contact information of the managing member of a business.

All of these seals require verification of address, and phone number.

Now, this may seem like overkill. But tests have shown that multiple seals that speak to specific and separate concerns increase the overall conversion rate of a site. Customers seem to like the ability to see the answers to their doubts all lined up (so to speak) before their eyes. Doubters are able to click on a seal and view the information for themselves. In fact, the multiple seals Trust-Guard offers beats out the single, if higher profile, seal from Hacker Safe in tests.

The price of their products is not a detrimental factor to this option. A package of multiple seals costs a fraction of a single seal from many of the other verifying services, due in part, I’m sure, to the omission of the firewall testing. In tests, their seals seem to address customer’s fears as well or better than their competitors, and that comfort, due to Trust-Guard’s verification process, is legitimate.

For the reason Trust-Guard may not be for every site, refer to the Hacker Safe option above. If your site falls into the small category that requires the scanning, these seals, by themselves anyway, are not for you. Otherwise, they are probably a good option to look at.

There is an abundance of proof that trust seals increase online conversions, and put customer’s minds at ease, and, like in many other situations, multiple seals are better than one. But when it comes down to deciding which seals you should put on your website, there are many factors that come into play. If you don’t require scanning, Trust-Guard would be the way to go due to the price differences and multiple seals. If scanning is required, perhaps a Hacker Safe Seal combined with another company’s is the way to go. If a shopper sees these seals, they can rest assured that the company is a legitimate one… which is a big deal online.

I do have one final note. There are, unfortunately, scammers in this arena as well. There are companies that claim they offer the same services for unbelievably low prices. 500 bucks or more may seem a lot to pay per year, but it costs money to perform the services they offer. If someone offers you web verification for five bucks a month, chances are it’s a scam and no service is actually performed. Also, you may have just put your company at risk by signing up for their phony service.

All the companies I have listed above are legitimate and represent some of the industry leaders. You can rest assured that the services they advertise are being delivered. Whether you are a business owner or a customer simply looking for clarification on what the seals mean, I hope that this hub has helped explain some of the differences between the various trust seals and just how important it is to have them and look for them.

‘Till next time, safe surfing!