It sounds like they are trying to sell you an SSL certificate. You can go way, WAY cheaper than $900/year!

But unless you're going to start accepting credit cards on your site, there's probably no need for one.

Hello,

They were probably trying to sell you the "McAffee" security logo program and not an SSL.

I'm a software engineer and I developed countless eCommerce systems.
Some of my clients do use the "McAffee" security program.

As a tech person, I can say it is worthless.
They have mediocre systems running scans against your servers trying to find vulnerabilities.

Needless to say, it's funny to see how many websites that are "McAffee" secured, are promptly vulnerable to even the most basic attacks such as XSS and SQL Injection.

What does "secure" mean.

System and software patches all as up to date as possible to avoid exposure to known vulnerabilities. These range from operating system to publicly accessed programs such as PHP.

Closing any unused ports, etc., and using secure methods to connect to your server.

Regular reviews of any programming accepting input to verify it's as invulnerable to injection attacks as you can make it.

And of course, forcing any sensitive data over an encrypted connection.

And if it is needed/warranted what is the best (cheapest) way of becoming secured ?

If you use a merchant account provider, the merchant account will **usually** foot the bill for a security company to run quarterly scans on your site. The one used by one of our processors charges $700 a year.

Their hope, I'm sure, is that most people won't make heads or tails of the scan results so will just fork up the extra $20/month penalty to the merchant account for not passing the scan. We passed, but as each quarterly scan comes up there are new vulnerabilities.

One would think this helps your site be secure, which it really does, but I'm not fooled for an instant. It's just one more way to wiggle their greasy palms into our pockets. And little we can do about it, at that. Either pass the scan, pay the fine, or poof goes your merchant account.

No you don't need it.

They just want to sell you their product.
Your payments go through PayPal.

Hi,

When you use paypal, the transaction goes direct to paypal servers so you do not really need to 'secure' your site. Paypal's servers are secured and will process the whole transaction for you securely.

Regards,
Christine

Like everyone said, you dont need this service. McAfee bought Hacker Safe a few years back and they are very agressive at finding new clients, just like Hacker Safe was back in the day. Its an expensive service and don't let them talk you into it for only 1 product. They will tell you all kinds of stories of increased conversions, which may be true but probably not as good as they suggest. There are all kinds of threads here going back years on this very topic. Do a site search for McAfee and Hacker Safe.