http://www.informationweek.com/story/showArticle.jhtml?articleID=8800552 By George V. Hulme Apr. 22, 2003 Sites showing proof of increased Web security say that up to a third more people went beyond shopping and actually bought, according to an auditing firm. Can you boost sales on your Web site by promoting your use of tough security? Web-site auditing firm ScanAlert argues that the answer is yes and says it has the facts to back up that claim. ScanAlert says it has analyzed the shopping behavior of more than 300,000 visitors to 11 online retailers. Sites showing "proof" of increased Web security enjoyed a 10.5% to 33% boost in converting browsers to buyers. ScanAlert's service, Hacker Safe, does what standard Web-site security-scanning software does, only with a twist. Starting at $149 a month, the company scans Web retailers' sites for security holes, which are often caused by unpatched systems or unnecessary services running. If a site is found to be vulnerability-free, it qualifies to post the Hacker Safe certification on its site. Retail Web sites are scanned daily, and, should a vulnerability show up, they have 72 hours to fix the flaw or lose the Hacker Safe designation. In a test begun in October, half the visitors to participating Web sites were shown the Hacker Safe certification, while the other half were not. Online retailer Clubfurniture.com reported a 33% increase in buyers among those shown the certification, Binoculars.com improved sales by 32%, and CDconnection.com saw an increase of 13%. "The results surprised me," says Ken Lovett, president of CDconnection, which has been selling CDs online since 1990. He also notes that a site has to work to display the certification. "You have to keep earning the right," he says. If a problem is spotted, "you get an urgent alert and have to fix it or they'll bounce you." No automated vulnerability-scanning application can spot all flaws that might leave an open door for hackers. But ScanAlert says its service will protect consumers from 99.9% of credit-card fraud and identity theft caused by hackers. Analysts aren't so sure. "That's hyperbole," says Eric Ogren, a senior analyst with the Yankee Group. But using the service does send a message. "It shows that the retailer is doing much more that other retailers and that security is important to them." Ogren says he doesn't know of any other vendors providing a similar service. In the past year, numerous Web sites have been hacked and crucial customer data stolen. That has made some people leery about shopping online. Consumer Janell Elyea, who has been buying things from Web sites for about five years, says she's cautious. She uses the same credit card, which has a modest credit limit, for all online purchases. "I look carefully at my billing statement every month," she says. She says the Hacker Safe certification would give her some added confidence, but not much. "I don't think I'd choose one retailer over another because of it," she says. "There's really no way to make Web sites completely safe. I think most already know that the little lock at the bottom of the screen doesn't mean much of anything." Perhaps. But Web sites that see a boost in sales find ScanAlert's sales pitch compelling. "Just a 1% boost would have justified the expense," CDconnection's Lovett says. If such sales increases hold up over the long term, more online merchants are likely to see if they also can boost sales by boasting of better security. Elyea says she'll continue to check her credit-card statement each month, even from sites sporting the Hacker Safe certification. That's a good idea. ScanAlert's disclaimer reads, in part: "ScanAlert makes no warranty or claim of any kind, whatsoever, about the accuracy or usefulness of any information provided herein or the security of the Website herein rated." According to ScanAlert, less than 2% of Web browsers bother to click on the certification mark to read the disclaimer. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 00:41:30 PDT