Comments on: Herd Immunity Via Trust Seals

By: Pat Moore

Pat Moore — Sat, 18 Oct 2008 00:18:25 +0000

I would add: “Hacker Safe” … is that “Safe FROM Hackers” or “Safe FOR Hackers”.

But at the end of the data … anyone who knows anything about data security would say that the three causes of data breeches are:

1) corporate indifference securing customer data - resulting in sloppy/no data controls.
2) employees with access to data, a desire to “monetize” that access, and an expectation that they would get away with the data theft (Opportunity, motive, ability)
3) Poor execution of security measures.

For grins and giggles some time… go to various websites and ….

By: Steve

Steve — Mon, 30 Jun 2008 16:00:38 +0000

Oh, BTW I completely agree with the vaccination comparision! It is very apt!

By: Steve

Steve — Mon, 30 Jun 2008 15:59:37 +0000

I think spending over 1000 dollars for hacker safe is not wise. I did my reaearch and ended up with business verification seal from Merchant-Safe.com and I saw my conversion go up by 7.5% the very first month. I invested only about couple of hundred bucks on the seal itself and the process was very simple. I recovered my expense plus few hundred bucks more on the very first month.

Now This is great for me because I am a small merchant, I am sure this will be an ideal choice for small and medium businesses owners and websites.

I was always skeptical in displaying something that says hacker safe, because I IMO nothing is 100% secure. Even on the disclaimer all these guys say that. Then my question is why pay more? Not everyone can afford it to begin with.

If you are spending for a 3rd party seal, make sure you get ROI in first 3 months or so. The seal has to be cheap in order for you to be able to do that. Not every one of us make thousands from adsense

By: John Marshall

John Marshall — Tue, 10 Jun 2008 14:48:22 +0000

It’s really interesting to see widespread skepticism surrounding Hacker Safe. I thought I was in a minority but I’m struggling to find anyone who thinks they really make a difference these days.

Many thanks for the additional insight

By: Alex Brasil

Alex Brasil — Tue, 10 Jun 2008 12:58:18 +0000

John, your timing is impeccable in that I’m about to embark on a trial with Hacker Safe to see if they raise conversion rates as much as they claim (I remain highly doubtful). Thanks nonetheless for providing this discussion as it lends to my preconceived notions, but I’ll test it out anyway.

Alex

By: MitchellT

MitchellT — Tue, 10 Jun 2008 12:37:33 +0000

Very interesting topic!

The company I worked at used Hacker Safe back in 2004 when it was still kind of new on the scene. The A/B test for displaying the logo or not did indicate a very slight increase in conversions (with logo) back then, so we bought the service. It was a good learning experience to use the product, because it helped that company (less than a household name) to establish credibility with customers, and exposed me to shoring up my servers for the nightly barrage of thousands of hacks. And I had to learn how to apply filters to my analytics so those hits did not skew our metrics. The other benefits of using HackerSafe were the detailed reports useful for maintaining PCI compliance (something I rarely hear mentioned) and as proof of security audits.

By: HackedAnyway

HackedAnyway — Thu, 22 May 2008 17:37:55 +0000

I know of a site (geeks.com) that had the HackerSafe logo but was compromised. So, what good is a logo if the systems they are placed on are not, in fact, secured. If HackerSafe does indeed scan for vulnerabilities, its obvious hackers perform new exploits or unknown exploits. Security is about having procedures and practices in place to eliminate or, at least, minimize risk. Personally, I think the only ones that benefit from such a logo is HackerSafe since they get a fee for allowing you to use the service.

By: Anne H

Anne H — Thu, 22 May 2008 16:57:16 +0000

Interesting points as usual. If I were an ecommerce site, I would employ some service that does systematic checking of my site for security reasons. I don’t know if sites need to use these services for PCI Compliance or not. To me the seal is a secondary benefit that may be losing its luster as it becomes more common.

I think it would be an interesting test if someone did an A/B split with the Hacker Safe seal with one which didn’t use words that are in my mind negative. I know what the service does, but I also think words like “hacker” and “alert” cause the viewer to think in more negative terms.