Trustmarks, and why I think HackerSafe is a waste of money

May 17th, 2007 by Chris

A trustmark is a badge placed on your site that gives consumers a feeling of security so that they will buy from you. It doesn’t mean actual security, just the perception of security. You can get a trustmark from your SSL provider, which means they verified your phone number and you paid for it, hardly a bastion of security. This mark is usually included for free though along with your SSL certificate.

You can get a trustmark from your payment gateway sometimes. Authorize.net started making them available. They are free with your Authorize.net account, and while they look and sound all “security-like” in reality all they do is verify you have an account at Authorize.net.

You can make up trustmarks. I did one for my newest ecommerce site, its just a little lock icon reminding the people the connection is secure.

There are lots of other vanity trustmarks you can buy. You can pay Truste to review your privacy policy, you can pay the BBB for a membership, you can pay Dun & Bradstreet for a membership, you can pay numerous chamber of commerce like organizations for memberships.

You can also buy a trustmark from a so-called “security auditing company” like ScanAlert (makers of HackerSafe). When you send a request for information to ScanAlert you will start getting phone calls and emails, regularly, from very enthusiastic people who really want you to sign up and pay them the $80 or $150 a month or whatever it is. They make a compelling argument; they have numerous statistics showing how a trustmark can increase conversions, they will tell you how much money they will make you, they will tell you that you’ll get PageRank from their search engine friendly directory and that will help you in the search engines (until Google bans them for selling links anyways), and oh, they’ll scan your server from the outside for basic security things like not having a firewall setup. Sure sure, they scan for thousands of vulnerabilities, most of which are going to be killed by your firewall. It’s like an anti-virus company bragging about how many threats they’ve protected you against, not that there really are 100,000 active Windows XP viruses in the world…

Anyways, I get the distinct impression the company is 90% salesmen and 10% tech guys, which makes me not want to do business with them.

So, to sum up, the first main benefit is increased conversions. This can be had with any trustmark, HackerSafe isn’t better in my opinion than any other. The second main benefit is a link from their search engine friendly directory, but small merchants are buried deep and it isn’t likely to pass PageRank for much longer I think. The third main benefit is superficial (in my opinion) security scanning, which most people just don’t need.

A new company has a different, and I think better, approach.

BuySafe more or less acts like an insurance provider for online merchants. They offer purchasers the option of buying a bond for their purchase that will pay them if something goes awry with the transaction. This is free to merchant providers, as they make their money selling the insurance. They have a variety of ways to implement their system, from a widget post checkout that offers customers the ability to buy the insurance, or a module that integrates inline with your checkout process if you use one of a number of popular hosted solutions or shopping cart scripts (including most of the ones mentioned throughout this site).

Mostly I dislike HackerSafe because the numerous times on the phone with them I recognized attempts at high pressure sales tactics, and their salesmen were just plain wrong about some security, technical, and marketing things that I’m well versed in. I got the distinct impression that they cared far more about selling to me, than security or anything else, so I couldn’t even use them out of principle. In the end though thats fine, there are numerous free alternatives

Posted in: Ecommerce » by: Chris

3 Responses to “Trustmarks, and why I think HackerSafe is a waste of money”

Josh P Says:
May 17th, 2007 at 1:54 pm
I’m with you on this one. I’ve recently been around the loop with ScanAlert. The sales guy called me almost a dozen times and everytime I told him I’m just not interested he acted like I just killed his dog. Really. I’ve got MANY better things to do than listen to a lame sales guy try to make me feel sorry for him so I can buy his sub-par product.

What you say about ANY trustmark is true. HackerSafe isn’t the end all “trustmark” that customers feel like they need to see. Customers just like seeing _something_.
ToddW Says:
May 17th, 2007 at 1:57 pm
Atleast you got HackerSafe on the phone. I called and e-mailed and no one ever got back to me… now I’m glad I never got through with them.
Xander Says:
May 18th, 2007 at 4:56 am
HackerSafe is just a badge, too many sites rely on it for their security and you end up with their badge being using to target sites (http://ha.ckers.org/blog/20061109/hackersafe-sites-are-likely-targets-for-exploitation/)