Herd Immunity Via Trust Seals

Trust seals such as the ubiquitous Better Business Bureau or the online equivalents such as Hacker Safe are designed to put the consumer at ease when doing business with a stranger. A website displaying Hacker Safe should yield better conversion rates since the consumer has confidence their credit card data cannot be stolen by hackers.


In line with the recent focus on teaching best practices for testing, we recommended to a Market Motive subscriber that instead of assuming Hacker Safe improves conversion rates they actually test it. Subscribing to Hacker Safe is not cheap and it must be justified through ROI.

To our surprise, showing the logo or hiding it made no difference all to conversion. This puzzled us because all the sources we have read indicate such logos make a big difference. We extended the run time of the test to make sure it encompassed latent conversions, and saw the same result.

Naturally this member didn’t pay to renew Hacker Safe and diverted the budget to other marketing programs, but I kept wondering why our experience contradicted that of others so strongly. Instinctively I felt the data surrounding the Hacker Safe effectiveness was old, and our more recent test was reflecting a recent change in online behavior. The question is: what is driving the change?

Many smaller sites display the Hacker Safe or similar logo. Consumers therefore see it a lot, and get used to seeing it. One might theorize that a site failing to display would be viewed suspiciously by consumers. However, I strongly suspect that Hacker Safe has unconsciously told consumers ‘online shopping is safe’ rather than saying ‘shopping at this site is safe’. As consumers shop at one site and nothing bad happens, they begin to assume all sites are OK. It’s the expectations of the consumer that have changed, and not the Hacker Safe concept itself.

It’s a vaccination

The situation is analogous to vaccinations. A site vaccinates itself against fear of hackers by displaying the logo. More and more sites buy the vaccine, and the disease (consumer’s fear) is abated. At this point the web in general has Herd Immunity and the disease no longer occurs. Now it no longer matters if some sites drop out of the immunization program because enough other sites are displaying the logo, and the consumer has enough confidence. This will probably remain true until some external event like massive fraud re-introduces fear into the mind of consumers, much as polio has re-emerged in some places because it’s no longer routinely vaccinated against.

In summary: you can probably skip Hacker Safe and get away with it.

P.S. In our faculty call with Bryan Eisenberg yesterday, he pointed out that sites might be able to simply display some type of official-looking shield logo, and achieve the same effect as Hacker Safe.

Be Sociable, Share!


  1. Anne H says

    Interesting points as usual. If I were an ecommerce site, I would employ some service that does systematic checking of my site for security reasons. I don’t know if sites need to use these services for PCI Compliance or not. To me the seal is a secondary benefit that may be losing its luster as it becomes more common.

    I think it would be an interesting test if someone did an A/B split with the Hacker Safe seal with one which didn’t use words that are in my mind negative. I know what the service does, but I also think words like “hacker” and “alert” cause the viewer to think in more negative terms.

  2. HackedAnyway says

    I know of a site (geeks.com) that had the HackerSafe logo but was compromised. So, what good is a logo if the systems they are placed on are not, in fact, secured. If HackerSafe does indeed scan for vulnerabilities, its obvious hackers perform new exploits or unknown exploits. Security is about having procedures and practices in place to eliminate or, at least, minimize risk. Personally, I think the only ones that benefit from such a logo is HackerSafe since they get a fee for allowing you to use the service.

  3. says

    It’s really interesting to see widespread skepticism surrounding Hacker Safe. I thought I was in a minority but I’m struggling to find anyone who thinks they really make a difference these days.

    Many thanks for the additional insight

  4. MitchellT says

    Very interesting topic!

    The company I worked at used Hacker Safe back in 2004 when it was still kind of new on the scene. The A/B test for displaying the logo or not did indicate a very slight increase in conversions (with logo) back then, so we bought the service. It was a good learning experience to use the product, because it helped that company (less than a household name) to establish credibility with customers, and exposed me to shoring up my servers for the nightly barrage of thousands of hacks. And I had to learn how to apply filters to my analytics so those hits did not skew our metrics. The other benefits of using HackerSafe were the detailed reports useful for maintaining PCI compliance (something I rarely hear mentioned) and as proof of security audits.

  5. Alex Brasil says

    John, your timing is impeccable in that I’m about to embark on a trial with Hacker Safe to see if they raise conversion rates as much as they claim (I remain highly doubtful). Thanks nonetheless for providing this discussion as it lends to my preconceived notions, but I’ll test it out anyway.


  6. Steve says

    I think spending over 1000 dollars for hacker safe is not wise. I did my reaearch and ended up with business verification seal from Merchant-Safe.com and I saw my conversion go up by 7.5% the very first month. I invested only about couple of hundred bucks on the seal itself and the process was very simple. I recovered my expense plus few hundred bucks more on the very first month.

    Now This is great for me because I am a small merchant, I am sure this will be an ideal choice for small and medium businesses owners and websites.

    I was always skeptical in displaying something that says hacker safe, because I IMO nothing is 100% secure. Even on the disclaimer all these guys say that. Then my question is why pay more? Not everyone can afford it to begin with.

    If you are spending for a 3rd party seal, make sure you get ROI in first 3 months or so. The seal has to be cheap in order for you to be able to do that. Not every one of us make thousands from adsense ;)

  7. Pat Moore says

    I would add: “Hacker Safe” … is that “Safe FROM Hackers” or “Safe FOR Hackers”.

    But at the end of the data … anyone who knows anything about data security would say that the three causes of data breeches are:

    1) corporate indifference securing customer data – resulting in sloppy/no data controls.
    2) employees with access to data, a desire to “monetize” that access, and an expectation that they would get away with the data theft (Opportunity, motive, ability)
    3) Poor execution of security measures.

    For grins and giggles some time… go to various websites and ….

Leave a Reply

Your email address will not be published. Required fields are marked *