Does the 'hacker safe' logo make you feel more comfortable buying online?

[deathpunk dan]

Do you feel more comfortable making an online purchase with sites that display a 'hacker safe' or similar logo at the top of the page/in a highly visible area?

Does it make a big difference to you? No difference?

We are a decent sized e-commerce/catalog operation that does not currently display anything like this. I'm not worried about the actual security of our site: a 3 person IT/programming team in-house is pretty on top of things, and we do have the 'verisign secured' icon at the bottom of every page...plus we don't really have a hard time getting people to buy from us.

However, there are white paper studies out there suggesting significant conversion rate improvements (one cites a Petco case study...not exactly an unknown or non-trusted brand) with sites displaying this logo 'above the fold' in a highly visible area.

So...from a consumer standpoint...how important is seeing some kind of 'trust' icon to you when shopping online? Do you assume a site is secure?

Any others with web business background please feel free to chime in as well.

Thank you.

[The Gaijin]

Using a credit card does. Zero liability.

[stomachmonkey]

Just move your Verisign or make it more prominent.

Yes people do notice them and it does make a diff.

And it's cheap so why not.

[widebody911]

Doesn't make a difference to me. Ranks right up there with the "Good Houskeeping Seal of Approval"

[berettafan]

what widebody said.


and 'free shipping' is what makes me most comfortable buying online!

[cstreit]

So long as my connection is secure (noted by the lock icon), I dont look much further than that. Anyone can put a graphic of "HACEKR SAFE" on their website... In fact if I was spreading a virus, i'd put it right at the top of my webpage.

[Pingo]

This site is tested and certified daily to pass the HACKER SAFE Security Scan. To help address concerns about hacker access to confidential data, the "live" HACKER SAFE mark appears only when a web site meets the HACKER SAFE standard.

[KFC911]

I don't pay much attention to the "lock icon", but I do make a mental note of the connection itself (https vs. http) before I'll send sensitive data.

[jeffgrant]

I can tell you that most of the "Hacker Safe" scans are completely bogus, and check only simplistic things.

I do security engineering for a living (everything from EA Online gaming transactions to online banking sites), and 99% of these so-called services are complete BS.

It is VERY trivial to set up a properly "Verisigned" and "Hacker Safe" site that will completely hose you and rip you off.

"Verisign" just means that they've paid their money for a certificate, it does nothing to validate the intentions of the business, etc.

I could set up a simplistic numbered company, get a valid Versign cert, and easily pass the "Hacker Safe" scans, and still bilk you of your CC numbers, etc.


I think that the Hacker Safe stuff is there doing the same thing as the TSA... providing a SENSE of security to the uninformed end-user, but in reality it does nothing to promote true security/etc.

All that stuff is put into context by the amount of technical knowledge that the end-user has... the more they understand, the less it means.


$0.02

[cstreit]

Quote:

Originally Posted by Pingo

This site is tested and certified daily to pass the HACKER SAFE Security Scan. To help address concerns about hacker access to confidential data, the "live" HACKER SAFE mark appears only when a web site meets the HACKER SAFE standard.

Not really, For example - My post here is now "Hacker Safe", read it with confidence.

[KFC911]

Quote:

Originally Posted by jeffgrant

I can tell you that most of the "Hacker Safe" scans are completely bogus, and check only simplistic things...

That's why I primarily only pay attention to the actual connection itself (as I don't want unencrypted data traversing the Internet). As you have indicated, all bets are off if the site itself is "compromised".

[widebody911]

Like I said, a 'hacker safe' stamp-of-approval is meaningless. While they may do a half-assed scripted attack for the vulnerability du-jour, there's no way they can guarantee that an employee isn't stealing data, or a future s/w upgrade will leak data, or the data isn't being archived somewhere else in plain text - all of these things have happened and there's nothing that any 3rd-party can really do about it.

[speeder]

Quote:

Originally Posted by The Gaijin

Using a credit card does. Zero liability.

What he said. I buy everything possible online w/ a VISA and never give it a second thought. Who gives a schit if someone gets my CC info?

[widebody911]

Quote:

Originally Posted by speeder

What he said. I buy everything possible online w/ a VISA and never give it a second thought. Who gives a schit if someone gets my CC info?

Along the same lines, it bears mentioning to avoid PayPal like a geriatric hooker with bubonic plague whenever possible.

[Christien]

I think most of the fear of shopping with a CC online is hype. I have about zero concern, and couldn't care less about "hacker safe" or verisign, or anything. I know that if a hacker wants my CC info, it's not hard to get. I also know that if there's fraudulent activity on my CC I call them, have them fax me an affidavit, sign it, fax back, and boom, it's gone. It's happened before, it'll happen again.

I think the only time I wouldn't give my CC info online is a site that looks like it's a scam, and about 90% of those are painfully easy to figure out. The only time I NEARLY got fooled was a scam email pretending to be from ebay about a question for an item I didn't have listed. I almost logged in, figuring someone sent the message to me by accident, but luckily firefox picked it up as being a scam site. They were phishing for user id/passwords obviously to make purchases through.

[SlowToady]

I'm with JeffGrant on this...The HackerSafe Logo and things of that nature don't make me feel ANY better at ALL about buying online, and I wouldn't buy from a site that displayed it over a site that didn't, all other things assumed equal.

[old man neri]

If you still feel unsure just do what I did. Get a second credit card with a relatively low limit. That way if someone steals your number it's not as big of a deal to get it cleared up.

[KFC911]

Quote:

Originally Posted by Christien

I think most of the fear of shopping with a CC online is hype. I have about zero concern, and couldn't care less about "hacker safe" or verisign, or anything...

Although I do like my connection to be secure (https), I don't really worry about it either. I'd bet the CC info is more likely to be "stolen" while paying in a restaurant, etc. anyways, and although it might be a bit of a hassle, the CC company will take care of it.

[widebody911]

Quote:

Originally Posted by Wayne at Pelican Parts

Firstly, the HackerSafe people do back up their logo with good scanning. They emulate hacker attacks on the servers all the time - to the point where it is very annoying sometimes, and they actually bring stuff down (mostly through Denial-Of-Service type events).

This is still only relevant to a specific point in time, ie which vulnerabilities are known today that they can check for right now. Are they also constantly developing new intrusion methods? Re-running the same attacks over and over again is pretty much futile; the chances of certain ports etc magically opening up are pretty slender.

Even then, all this certifies is that your s/w & n/w were defensible at a given point in time from a specific perspective. It's entirely possible that there's a keylogger on one or more internal machines, sending data to a server in the Ukraine.

Quote:

The service is also coupled with something called PCI and CISP, which you are requied to adopt if you want to accept and process credit cards. Pelican is PCI and CISP compliant.

How is compliance checked/tracked? Is it audited?

I suffered through an IT HIPPA audit a while back, and I doubt that PCI/CISP are as stringent as that.

[KFC911]

Wayne, I hear ya and although "reputable" sites do provide better levels of security, I just don't worry about the one's that don't. IMO, that's what the CC companies are for (protection, whether the info is stolen online or in the "real world")... it's their "cost of doing business" .