I heard it gives your potential clients a "secure", warm and fuzzy feeling about your website. Just like the lock in the bottom area of the browser window. But I don't think it's essential to your success. Nor will it prevent you from hackers.

In reality I don't know what it does. Their website does not provide any clear information.

Do a forum search, I remember it was discussed in detail some time ago. Can't find the thread quickly though.

It's kind of a rip off to be honest ... you can accomplish the same thing yourself by downloading the Retina demo from eEye.com.

ScanAlert wants a $100 setup and $1,790 a year to run daily scans & security checks. Basically you're paying for the HackerSafe logo. There may be some value to having that if your buyers are complete computer novices, but anyone who isn't would pretty much ignore that logo.

Unless you're hosting your own site, it's not something you should be paying for - security is the responsibility of your web host. I suggest downloading Retina, running a scan on your site, and if you find anything you don't like send the report to your host so they can fix it.

WOW

Do they provide any others services or is this just it?

I dunno, when the rep I talked to told me the price I kinda just laughed at him. He directed me to their White Papers and pointed out that there were more than 60,000 sites using their service including "top ecommerce sites".

I pointed out that there were more than 60,000 people who invested in Enron. Then he told me "In regards to your comment on the eEye demo, remember the old adage, 'you get what you pay for'." That was the last conversation, and I never looked up the white papers.

As far as I'm concerned, you're basically paying $150 a month to put their logo on your site. To some buyers that might be worth something, but I would think it would just attract hackers by offering a challenge.

You are just paying to have their logo on your site. However, I have no problem paying some cash just to make my customers feel more secure. The online buying population is increasingly older and less tech savvy. While I don't disagree with any of digitalv's criticisms, I still think that having the logo on the right part of your site can make money for you.

<added>You have to understand that what you are paying for is not the scanning service, but the potential increase in sales from putting their logo on you site</added>

>>>run daily scans & security checks

That is pretty much all you get.

They used to call me all the time. But I never bought it.

I remember there was one of the most senior members here who had a really good point about this kind of service. He/She said something like "why would you even want to remind customers about hackers when they are about to give up their credit card number". I thought that was a good point.

Make your own little logo that says "Hacker Protected" and have it link to a page within your site that says "yadda yadda - we are so safe. hackers fear us. blah blah blah"

And it will have 99% of the same effect for free.

I personally went with Shopper Safe. I got them down to 29.99 per month and my sales have increased. No matter what anybody says it DOES make people feel safer.

[edited by: lorax at 1:49 am (utc) on June 27, 2005]
[edit reason] removed URL [/edit]

I think it mostly depends on your target market. I, personally, laugh when I see those icons. But I am sure there are people that don't know much about the web and they see something in it.

It's like offline businesses providing BBB logos and such other crap.

You can always put up a fake logo (1337 hax0r fr33) and test out your sales ;).

>>> "why would you even want to remind customers about hackers when they are about to give up their credit card number"

That is right . . .It always scared me as a customer.

>>>little logo that says "Hacker Protected" and have it link to a page

I would say it still does the job. After implementing maxmimum security of your own to your web, you can still put that little logo and make your customers feel more secure. The web is a web for customers no matter what you put - be it "hacker protected" or "hacker safe".

Habtom

We just finished implementing our required PCI (Payment Card Industry) Data Security Policy and audit and we choose ScanAlert since they also do the PCI auditing for us. We are currently running an A/B test to see if the HackerSafe logo does anything to conversions. I'll let you know the results.

By the way, ignore the "asking" price. Getting a heafty discount is no problem.

We used it for the PCI requirements also. But if you do run your own servers, it's not a bad product. It keeps you informed on a majority of holes that might be vulnerable on your servers. And yes if you're only doing $5,000 a month in sales it might not be worth it. But if you're doing $150,000 plus a month in sales what's $150 a month to keep your servers a bit more secure...

If you don't use RedHat linux, say you use Mandrake, they don't track the version numbers properly so for your server so they crank out a ton of bogus things even though you are 100% up to date.

As a host they kept yanking our chain and delisted a customer that was 100% up to date so we finally told them to either support Mandrake properly and stop bothering us or go pound sand and give the guy a refund.

His site says it's SAFE and they still show a boatload of bogus errors.

C'est la vie.

Well, it does increase conversion rates with 10-15% according to some research.

I am just wondering: If I was a hacker, I would try to do anything to hack such sites. So my guess is that it will also increase hack attempts.

I do agree however that it will mostly support novice internet buyers to give out their credit card details. For me personally, the logo looks kind of cheap, as if you are ordering from a website that was build in 1998 and never updated.

I'm extremely skeptical of the value of this service. All things considered, you're paying for their logo. In order for this service to be valuable, your users must be familiar with scanalert-and at this point, very few are. Until customers associate their specific name/brand/image with safe shopping, you're better off making your own.

My 0.02¢

Well, we are a community here. In that order we might establish our own logo, say "Safety Site" and put into our web-sites. Since it appears on more than one site, it will earn some credibility.

And it will be free.

We might introduce some basic criteria(s) for a site to satisfy, say,
- you shall not publish CC numbers collected on site's front page.
- you shall use SSL... or swear to implement SSL not later than next Monday (or at least find out what the hell SSL is)
- you shall not sell Viagra and OEM Software on your site... at least, for 1/100 of real price :)

Since "Hackers Safe" is merely a fake in terms of real security provided, our logo will not be a completely fake, as well :)

Any logo designers volunteer? :)

>>> "why would you even want to remind customers about hackers when they are about to give up their credit card number"

This is something I tend to agree with. I would like to know what you think about a 'SSL128 Secured Server' or similar statement and a 'Security & Privacy' link under the 'Buy Now' button?
Similar re-action? On a large well-known site i'm sure it doesn't matter too much, but on a smaller site?

As a security consultant in a former life I wonder how they even hint of making a site hacker safe. I'm sure that somewhere in small print it says they "aren't responsible for intrusions" or limit their exposure in some other way, but still...

In all the security programs I've worked on I've been quick to point out that no system is %100 secure.

btw, automated external security scans from a company not familiar with your systems and needs will only give people a false sense of security. It would be hard to get a good ROI (from a security perspective) if it were free.

Of course I can't speak to it increasing sales because potential customers feel safer. If it works use it. But keep in mind that it is a function to meet a sales goal and not a function to meet a security goal.

We were going to implement it last year...at $79 a month, the profit from half a sale would cover the cost...We never pulled the trigger... If I was truly convinced it would increase conversions...I'd do it...
Anyhow...my point....
I was talking to the rep and he was doing his pitch.. It think he said they had over 100k customers....! I thought jesus..100,009 x79 .....These guys make 8 million a month doing pretty much nothing other than running automated bots on your site
100 million a year!
I was tempted to find a progammer on elance to write a similar script , package it, get a few big name companys to slap the logo on there site for credibilty,,,, and be off to the races

As I mentioned earlier, we had no problem getting them to adjust the asking price. We're paying less than $20/month and mainly because of the PCI requirement. If the MasterCard/Visa Mafia didn't require this silly, meaningless, testing we wouldn't be using ScanAlert.

get a few big name companys to slap the logo on there site for credibilty

Out of curiosity, if you weren't willing to spend "the profit from half a sale" for the service, how were you going to convince the big name companies to use your logo?

BTW, in our split testing, using the logo did not increase our conversion rate at all. We've stopped displaying the logo but continue to pay them for the quarterly PCI certification.

We weren't willing to do it because there didnt seem to be a benefit in doing so....Like you said...your test proved that the logo did NOT increase conversion...so why pay? for the visa/mc req.?..you must be doing huge volume...

so why pay? for the visa/mc req.?..

Yes, exactly. Some of the Visa/MC certified auditors for PCI charge $400-$500 per audit (per quarter). $19.95 a month makes it worthwhile.

you must be doing huge volume

Anyone doing over 20,000 credit card (MC/Visa) transactions per year MUST have this done. If 20,000 is huge, then we're more than huge.

We saw a 7% increase in conversions with the logo. Ugly, but effective.

They also alerted us to a pretty gaping security hole we introduced unknowingly.

We ran A/B testing for well over a month and saw a 25% increase in conversions with the logo. I was a non-believer until we looked at the stats. We now use a similar service from Square Trade and have the Square Trade Safe Shopping logo on the site. They also offer the PCI services.

-ABertone

Corbing
20,000 transactions/year...Id say thats significant! unless their for $5 each...

Abertone
25% increase? Thats very significant! Are you selling higher ticket items?

Coronella
7% is pretty healthy as well...again , are you selling higher ticket items?/

Curious as to how this may affect our biz. as most of what we sell is $400-700/item....

I'm about to begin using this for a month to see how it goes. Have people who used it ran it through all of their site, or just key pages?

I'm wondering if just certain key pages such as the home page and privacy etc might be more effective than distracting those people who have already decided to proceed with their order.

I try to do alterations to my site along the physicians tenet - 'first do no harm'. I'm of the opinion that at worse, this will be conversion neutral, and hopefully will increase the rate.

Still, that's what facts are for, to shatter beautiful theories and ugly opinions. We'll see.