McAfee, ScanAlert and a Happy Christmas

Written By:
Content Copyright © 2007 Bloor. All Rights Reserved.

Abandoned shopping baskets are a real problem for online
retailers as potential customers select their goods, walk up to the virtual
cash desk and then get cold feet as something is not quite right. For some
shoppers this may be an early feeling of “buyer’s remorse” but for those on
less well known sites it may be a feeling of suspicion as you are about to part
with your credit card details.

I know, as I have been there and done it.

For some reason the site just didn’t “feel” right and I
was concerned as to whether my credit card details would soon be appearing in a
store in Russia and my goods never appearing in a home in Surrey.

To alleviate this problem and give customers a sense of
confidence a number of companies have grown up in the area of web site testing
and security evaluation. Well known in the United States, ScanAlert has created
a $20 million business doing just this, and they have been so successful that
McAfee recently announced an intention to buy them.

The ScanAlert solution is, on the surface, fairly
straightforward. They test a vendor’s website for security vulnerabilities on a
daily basis and, assuming the vendor passes, they get to display the ScanAlert
HackerSafe logo. The logo contains the current scan date and if for some reason
a scan should fail the logo is rendered semi-transparent until the problem has
been fixed.

Visitors to the web site get an instant visual check that
the sight has been approved and if they click on the HackerSafe logo are
redirected to the ScanAlert website which has further details of the testing.

The real power of a solution like this is the brand
equity of the logo used to measure the “goodness” of a site. Of course anyone
can create a logo program and pretend to certify sites, but unless it is a brand that consumers trust then it is a pointless exercise. I equate
this to finding a builder to fix my house—I got the latest chap from a
trading standards website as I believe they do a better job of vetting trades
people and certainly it is more reliable than getting someone straight out of
the phone book (or should be, let’s see in the new year if he does the work!).

To this end HackerSafe is likely to be more recognised
and therefore respected when it becomes McAfee HackerSafe, and the brand will
really start to gain some traction.

That said, McAfee are already starting from a ScanAlert customer
base of 8,000 which, out of interest, has a renewal rate of 80% so there has to
be some value to the website retailer of being HackerSafe. In fact some vendors
have, apparently, seen an uplift in buyer conversions from 10–15%. Even
better known (and therefore one assumes better trusted) retailers are seeing
conversions uplifted by 8% or 9%. Not being privy to the research methodology I
can’t vouch for these numbers being solely attributable to having the HackerSafe
logo on the page but I can believe it does have an impact on many users, myself

The natural extension of the HackerSafe daily scan is
into the world of PCI-DSS, the new(ish) Payment Card Industry standards that
insist retailers that use online credit card facilities operate in a safe way
according to a set of rules. By being scanned daily by HackerSafe retailers go
someway to addressing some rules of PCI compliance. I would fully expect that
McAfee would get under the skin of PCI further should the purchase go ahead and
offer a fully compliant PCI scan as part of the service in the long term.

I was initially a bit concerned when I heard that McAfee
had proposed buying ScanAlert as I thought the “independence” of these
monitoring companies is important. I now realise that in fact the further
promotion of such safety logos can only benefit consumers in the long run and
with the McAfee machine behind it I would expect the HackerSafe site approval
to become one of the defacto website safety brands in the market.

After all, with safer online shopping we are all winners,
and should all be able to enjoy a happy, fraudulent free Christmas break.