I was with the BBB years ago but gave up when they wanted another high upfront set up fee just because I moved. I think they are stuck in the brick and mortar mold with the idea that just changing a physical street address for an online only business. No credit for the already paid amounts or anything. They just demanded a whole new setup of fees from the move.

I declined.

The last few times those companies contacted us I requested that they send me proof or technical information/stats that would show the relavency of their promises prior to discussing the issue further. Not one would fax me anything.

I agree with Trinorthlighting... it does make it more tempting for hackers.

And since this was a "first post" whos to say that you aren't working for one of those companies.

Yes we're a tough crowd... we've all been scamed at one time or another by marketing schemes.

I'd like to see real statistical data from multiple sites.
I'd like to see one of the senior members of the forum be given a seal for a 30 day trial period and give us all updates to the success or failure.

That would impress me.

And since this was a "first post" whos to say that you aren't working for one of those companies.

Rarely do people at WebmasterWorld be interested in one relatively narrow topic and not be tempted to post anywhere else, which raises quite a bit of a red flag with the initial post.

Here is a great article on how even "hacker safe" sites are targeted.

"Harrington said the company had installed "hacker safe" software before the breach, but the system was compromised anyway."

[realtime-itcompliance.com...]

"Hacker Safe" is basically a Google PR playground and then another fancy logo to add to your site.

Whatever happened to the scrutiny of the card services themselves when simply having your card services logo meant you were trusted? oh well.. As long as there is money to be made in fraud companies will do whatever they can to leverage that into a market.

Money could be better spent elsewhere!

Anyone who stores credit card numbers will be hacked at some point. Aren't there laws against storing all the data anyway? Its especially since the company only found out about the breach because 2 of their customers called.

I tell my customers that I don't store there credit card number next to a lock icon, I think these seals are a bit of a marketing scam. Hacker Safe is just a red rag to a bull anyway. My message is also aimed at the hackers too, I am saying don't bother to hack me, theres nothing interesting here anyway.

Anyone who stores credit card numbers will be hacked at some point. Aren't there laws against storing all the data anyway? Its especially since the company only found out about the breach because 2 of their customers called.

Not entirely true... by the same logic simply being on the internet means you will be hacked. An attacker who is good at what he/she does will not need to find what is stored in the DB already when they could just as easily intercept it or modify the code to do so. Just because you aren't saving it doesn't mean it isn't passing through something that has been compromised. Thats just part of doing business on the internet.

As for storing the information - there is a lot of advantages and the biggest one is being able to process orders in batches or do an auth and then bill when shipped. It seems more respectable to the clients that should anything arise you wouldn't have to incur a refund but better manage your billing process to begin with.

With stored data - at least short term i can adjust shipping, have people modify orders, validate addresses and manually process or scrub orders and fix anything that may need to be fixed.

Storing the data has its risks but hopefully you have the controls in place to manage that risk and that is what PCI compliance and Hackersafe is all about. I surely hope you aren't implying there is no value in the service or understanding what compliance means but on the flipside i hardly see it is a method to decrease cart abandonment and and increase ROI either.

I use the PCI scanning to remain compliant and to understand the security controls as required and by sticking to those controls you lower your risk. Its not about being hack proof but doing everything you can to be hack safe and the "hacker safe" tool set is an automated scan to help bring awareness to your PCI compliance. (but they like to sell it as a sales increase tool)

Bewenched
You suggested having a moderator test and report.

I think that's a great suggestion, I bet they would consider it.

Mod's if you contact me I can give you the company name and you can contact them.

I bought 2 Hackersafe seals for my sites and put them accordingly where they suggested and after 4 weeks sales are about the same..

The only difference I could say was that it made the site look more professional, just as if you saw a new gadget product with all these certifications proudly placed under it like "CE, roHos certified, ISO 9001 etc". I bet you don't think much of them but you know it cost at least $50,000 to be cert ready for each of these off-line gadgets. I have a friend who manufactures stuff and thats what he said..

775 is not a big enough sample size.

I approached one of the 'hacker safe' sites last year to see how much it would cost to display their logo.

The price I was quoted was extremely high and I quickly said no thanks. After that the sales person kept calling me with price reductions. His last offer was less than 10% of the original quote.

At that point I told him where to go as his first price was so over inflated.

my mother language is not english
could you tell me what is seals?

Seals are what go ur, ur, ur in the Oceans.

:)

No, they are used as a way to make users "feel" safe on an ecommerce site. They are images that ecommerce sites put on their site to make them users "feel" like they can trust them with their money. Really they are just a psychological type of thing.

I'm always amused by the general negativity and skepticism when someone says something works that goes against the community line of thinking.

The only way anyone can know with any certainty that trust seals work or not for their particular site is to test it out themselves.

Is a few hundred dollars not worth the test for your business if it can improve sales even marginally? You can write it off as a business expense....at least in the US.

I've tried seals on 3 of my sites, 2 site's conversions actually went down and one improved overall conversion by about 11%. What works for one site/market may not work in another but one thing I have learned when it comes to testing is to never let my personal assumptions prevent me from testing something because I'm wrong A LOT when it comes to what I think will win in a test and what actually does.

In the past, I've had a site that the uglier/more amateur I made it the better it performed!

jkwilson78, thanks for the words of support. It may help to know that I'm using three seals from the same company, the combination of seals may be making the difference.

Here are the results for my trust seal active split test as of Friday evening 12/07/07.
Status, Views, Sales, Percentage, Increase
seals off, 3076 89 2.89%
seals on, 3076 133 4.32% 49.4%

The other site I added the seals to is currently showing a 41.5% increase.

Regards,
Reuben

Why pay a fortune for BBB when they don't list the complaint and its outcome?

They only report how many complaints and if they were resolved or responded to without saying where the fault lies or the issue. Many customers assume the worst when no details are given. Its also an invitation to blackmail for the more vindictive customers and an invitation for a business to be unfairly advantageous towards such customers.

A couple complaints even filed no matter the reason and you have lost your hefty subscription fee and the seal works against you so you have to remove the logo altogether.

I think whether the complaint and its outcome is listed depends on the local BBB. I checked my former payment processor's record with the BBB and the complaints were all listed with brief detail as to their nature as well as how they were resolved. Then, when a customer complained about my company to another location of the BBB, all it said was that 1 problem had been resolved in the last 12 months or something very vague.

I have actually dealt with the BBB several times and they have never asked me to become a member. They have been helpful in dealing with customers who are basically nutz. It hadn't occurred to me that having their seal up might prompt complaints to them, though. That's a good point.

HS and BBB are expensive and have many problems as has been stated many times above. That is exactly why I went looking for another company.

Any website can get a hackersafe one, even one that defrauds people, the BBB is quite a bit different and it has a verification process that the business is legit. We are a member of the BBB, when it comes to larger transactions (Business to Business) people do verify you are real.

Why pay a fortune for BBB when they don't list the complaint and its outcome?

Because if it helps you sales improve it is worth the price. Either way you can write it off as a business expense come tax time.

Reading your post I got the uncomfortable feeling that you work for one of these 'trust' seals and are running into opposition. Not saying you are, just saying it came across like that to me.

The cost is more than 'not cheap', the cost is exorbitant for what it does. It's extortion if you ask me. A third part 'claims' you are safe by doing a few tests and IT guy worth his salt could do. Then this third party charges an arm and a leg for their 'blessing'.

Also their stats are not only misleading, they are almost criminal. In our testing, we found no significant increase in sales, and no where NEAR worth the expense of the cefiticate. We also had an issue with one of these sites names (can't say it here) but it had the word 'hacker' in it. That's a word we don't allow on our site. Out of site out of mind is our philosophy.

Even Verisign is not what it used to be. Now we find customer accept a wide range of security certificates. Verisign is still gouging for their so called 'service' but more and more they are losing people. They will lose our company next year which will include dozens of sites because frankly they charge too much.

That's my 2 cents.

Reading your post I got the uncomfortable feeling that you work for one of these 'trust' seals and are running into opposition.

Could it be this part:

That is exactly why I went looking for another company.

From the first post:

[edit reason] removed company name [/edit]

Not saying you are, just saying it came across like that to me.

hmmmm, it came across like that to me too :)

reuben, if trust seals had such a benefit, why have I lost trust in this thread? :)

Seems this thread has run it's course.