Michael Roebuck's Blog

In reference to my post yesterday titled, "Hackersafe - McAfee Secure vs. ControlScan" as well as a post by Cresta Pillsbury titled, "What is McAfee thinking?????", and to quote Bob Dylan; "The Times They Are a-Changin'".

Karl Ribas came into my office today asking what yesterday's post was supposed to mean. "It doesn't make sense," he said. After pulling up a website to show him, I see McAfee Secure changed there secure page and removed the link to the shopping sites. I really wish I has taken a screen shot, but I didn't.

It looks like McAfee has removed the big link to the shopping sites but replaced it with a smaller text link under the content. The second large link now reads, "Stay Safe From Online Threats" and links you to there Site Advisor product. Using Cresta's example, below is the screen shot of what her client site now looks like with the text link:



But, Wait.... Below is a screen shot of one of my clients and they don't have the text link:



What's going on McAfee? Are you testing landing pages? Anyway, if you look at the fist screen shot, the text link I pointed out now takes you to a listing of all the McAfee Certified Sites. I admit it doesn't take you directly to the McAfee Secure Shopping portal like yesterday, but it does have a rather large listing of alternative sites for you to browse as well as a really nice link smack dab center of the page that will take you to secure shopping portal.

Below is a screen shot of the landing page you go to if you click on the company link as shown in the first image:



If anything new happens, I'll keep you posted. Maybe McAfee Secure is testing landing pages. Maybe they have read our posts and maybe companies have complained. Whatever the reason, as long as traffic stops being diverted to shopping portals, I would think clients will be satisfied.

Labels: controlscan, cresta, hackersafe, mcafee, pillsbury, secure, security, yahoo

It's been a while since my last post. The summer has been slow with major events but I'm currently watching a new event slowly unfold.

Back in July, 2007 I posted about HackerSafe and compared them to ControlScan. (Should you use Hackersafe? ControlScan?) HackerSafe has now merged with McAfee and has been re branded as "McAfee Secure." I won't go into the price increase of using McAfee Secure but will touch on some changes that I and others are seeing.

Last month I was talking with my good friend Cresta Pillsbury who used to work for Hackersafe. She was made redundant and now works for the E-Commerce Merchants Trade Association. We were discussing the HackerSafe merge as well as the benefits of ControlScan. She has recently posted her own blog post about HackerSafe here: What is McAfee Thinking??

Basically, she exposes McAfee's attempt to steal traffic away from there own merchants. I was dumbfounded when I originally read her post because I was completely oblivious to this trick and I usually look for this type of stunt.

Cresta writes, "Anyone who is currently using the McAfee seal on their site is actually paying McAfee to take their traffic and send it to their competitors. What?!! I know but check out this link. www.gothamcityonline.com, now click on the McAfee seal https://www.mcafeesecure.com/RatingVerify?ref=www.gothamcityonline.com , once you do this their are two different links that will take you to McAfee's secure shopping portal which lists your competitors products. one is the "Attention Shoppers" the other is your company name directly under your URL... So tell me this, how is McAfee helping to increase your conversion if you are spending money for good traffic and they are directing it elsewhere? How is that good business practices?"

I don't need to write any more on this. After you have paid top dollar for Pay Per Click, Email Marketing, SEO, or whatever you do in order to get a customer to your site, McAfee comes along under the guise of "Secure Shopping" and offers them an option to buy from someone else. And you pay McAfee for this service?

Needless to say, I've brought this to the attention of some of my clients and suggest if you use HackerSafe / McAfee Secure, please look into this.

Now, for my rant on third party security......

I'm not too sure I think paying for a third party secure shopping logo is a good idea. I specialize in the design of Yahoo Stores and Yahoo Stores are already secure. I make my own "Secure Shopping" icon and link it directly to Yahoos' Secure Shopping page.

As my previous post on the comparison of HackerSafe and ControlScan stated, we were really testing brand recognition to see if the third party security banner increased conversions or not.

I feel in todays marketplace, PCI compliance mandates security. In order to accept credit cards on your web site you must be PCI compliant. I've filled out several exceptionally long questionnaires sent to me by clients whose banks required this information as well as required the site be scanned by someone other than HackerSafe or ControlScan. (One of the other companies, www.securitymetrics.com has there own "secure" logo as well.) Therefore, I think it's the bank who dictates who ultimately needs to scan the web site. Also, if the web site wasn't secure, they wouldn't be able to accept credit cards.

In closing, while it's a hot topic right now, maybe this will eventually die away as the online credit card industry evolves. Whoever gets to the banks first will win and everyone else will try to hang on and tout increased conversions due to "Brand Loyalty." Wasn't the reason these companies started up in the first place to increase customer perception that the site they are giving financial data to was secure? I admit I'm a fan of the brand McAfee Virus Protection whereas others in my office prefer Norton and some even use AVG. But when I think of McAfee or Norton, I do not think web site security. Nor will I condone McAfee Secure as long as they continue to try to steal my customers by linking to a private shopping portal.

Labels: controlscan, cresta, hackersafe, mcafee, pillsbury, secure, security, yahoo

The question of whether or not you should use the Hackersafe or ControlScan type security logos on your Yahoo! Store has always been a mystery to me that I've been fighting with for some time now. On one hand, they claim to make users feel safe and secure and thus increase sales. On the other hand, Yahoo Stores are already scanned and already secure. Why pay for a service when I can create my own logo and link to a page describing Yahoo! Store Security?

I've recently had the opportunity to meet two wonderful people. Cresta Pillsbury from Hackersafe and Savannah Finney from ControlScan. By "wonderful", I really mean "wonderful." You won't find two nicer, more professional people anywhere, who bend over backwards to help you. My life has improved just by knowing them. Yes, they are that great. Unfortunately, this is business and my clients expect me to make and save them money.

HackerSafe Test

Hackersafe allowed us to run an A/B test on one of our clients. Half of the visitors saw the Hackersafe logo, the other half didn't. I felt the Hackersafe A/B data was a little skewed as they tagged duplicates by the same IP address. I fixed this by manually removing repeats who didn't have an order number. What I found was Hackersafe counted 112 legitimate orders as repeats and thus weren't included in the results they provided. In actuality, these 112 orders were repeat customers and should have been included. I have 25 days of data comprised of 1831 orders.

To throw another wrench into the test, this client sends an email blast out about every 2 days. Apparently, email can skew the results because existing customers already trust us and the HackerSafe logo has less of an impact. Because of this, I went one step farther and looked at each of the 1831 orders. Yahoo! gives me the ability to track if they are new or repeat customers so I looked at the days where new customers placed more orders than repeat customers. Of those days, it was a fairly even split of orders placed whether they saw the HackerSafe logo or not.

In aggregate, in the 25 day test period, I noticed an increase of orders of 4% (as opposed to the 12% HackerSafe claims). Because of the increase, I'm still skeptical, but we are willing to continue the tests. We'll run the HackerSafe logo on a full time basis for a few months and see what happens. Until then, I'm afraid I still haven't answered the question of whether or not you should pay for the HackerSafe logo. You should though, test it and be sure to look at the data file provided and review that data yourself. If you need any help or find any flaws in my methodology, give me a call.

ControlScan Test

ControlScan was going to let us do an A/B test but they use a third party software package that isn't that compatible with Yahoo. Because of that, we had to go by sales alone. In a 3 week period, the sales after ControlScan was added were fairly level with the 3 weeks prior. We think we could squeeze a 1% increase to ControlScan. Certainly not enough to justify itself.

This was actually very surprising to me because ControlScan consisted of tall skyscraper banners as well as a banner on the top of the website and check-out pages. HackerSafe was only a tiny little banner on the top of the website. I really thought ControlScan would outperform HackerSafe. Needless to say we removed the ControlScan banners and will follow up with a HackerSafe A/B test.

Final Word

Test, Test, Test. Results will differ on everyone's website. The websites we added the banners too already had a link to Yahoo security. We were really testing whether or not the name recognition of the banners would increase sales. Everybody I spoke with at the client site hadn't even heard of HackerSafe or ControlScan and nobody cared or said they would click on the banner to see what it was. The Marketing Director recently went to a site and noticed the HackerSafe logo but only because she knew we were testing it with her site. Is a commercial logo really better than just writing that your order is secure on the website headers? Does a customer really recognize "HackerSafe" or "ControlScan" as better than, "Your order is Secure" or a homemade "Site Security" banner linking to a descriptive page on your own website?

I can't show you the client banners we created and I'm not sure if I can copy the HackerSafe logos, but what would mean more to you:

Hackersafe Banner reading:
"HackerSafe tested July 13, 2007"

ControlScan Banner reading:
"verified July 13, 2007 - Verified Secure"

Client A:
"Secure Shopping - learn more"

Client B:
"Site Security - Yahoo Shopping"

Client C:
"ECommerce by Yahoo!"

I guess I still have to fight with myself on whether or not we want to recommend this product or not. Certainly bigger companies are using it, but does that make it right? If anybody has any information on these or other site security services, please comment or let me know.

Labels: controlscan, hackersafe, security, yahoo