Is Verisign necessary?
February 3, 2006 7:27 AM   Subscribe

In my experience, both as an online seller and consultant to many online retailers, I've found that some customers look for the little lock symbol in their browsers... but I've never seen anyone look specifically for a Verisign label.

With that said, I don't think it hurts to be redundant and show in the browser window itself, with the Verisign label, that the site is secure. Your only "loss" is the cost of the seal, and the upside is that more customers will see that you're secure. (Whether Verisign is more important to show than the badge of another SSL vendor, though, I really don't know.)

Question is, how big is your customer base, and how much does it cost per customer-lifetime-value to invest in this extra badge or two. You'll have to make the decision based on that analysis.
posted by mark7570 at 7:36 AM on February 3, 2006

No, Verisign isn't necessary. We host probably a couple hundred SSL sites, including front-ends to banks, maybe a half dozen use Verisign (mostly because they're sticks in the mud). The rest use RapidSSL and Comodo, with tons of cost savings and way less hassle. Both RapidSSL and Comodo offer the little trust seals/logos, although I've always found those seals/logos to be annoying.

The cost of Verisign is outrageous, and their ordering process is much much more annoying. The only thing that they give you is the fancy name, and potentially a bit more insurance (depending on the certificate that you order with an alternate vendor). It's worth noting that they own Thawte, and have managed to make it equally sucky in the last couple of years.
posted by togdon at 8:46 AM on February 3, 2006

Nobody gives a damn about trust logos. They're essentially meaningless for the purpose of commerce, anyway -- the logo indicates nothing about how reliable or trustworthy a merchant is, which is what buyers care about -- end users don't care who your CA is. Most end users don't even know what SSL is.

You could just as easily whip up your own little "We're Secure!" badge that would serve the same purpose, as long as it looks reasonably official or expertly drawn. Remember: most of your customers aren't concerned about signal interception and server identity verification, which is what SSL provides. They just want the reassuring appearance of trustworthiness and a nebulously-defined "safety."
posted by majick at 9:50 AM on February 3, 2006

SSL isn't really good for anything but encryption.

The whole trust hierarchy has never actually done what it claims to do. There have been numerous cases where people have been granted certificates on misspelled domains, domains someone else has a certificate for, "Micro soft.com" for example. More broadly, no one cares. No one inspects certificates. Bruce Schneier talks extensively about this in Secrets and Lies.

Really, all the consumer cares about (if they're educated enough to care at all) is the yellow address bar. If not for the stupid "Firefox can't validate this certificate." and "Domain name mismatch." pop-ups, I would say just generate your own certs and save the money.
posted by joegester at 10:50 AM on February 3, 2006

As mentioned above, the technical aspect of the security isn't the issue, it is if your customers and prospects trust you. Having a logo might help. Having copy explaining the measure you take to ensure a secure transaction might do more.

My guess is the BBBOnline logo might have more resonance with consumers -- especially on a site that isn't a household name like Amazon.

A sketchy website might get me to feel a little better about buying something if I saw a logo. I'm aware of Verisign but then again I've been buying shit on the interweb for 10 years. My mom probably doesn't know Verisign from Veritas.
posted by birdherder at 10:53 AM on February 3, 2006

BBBOnline is a seperate membership charge then just joining your local BBB. The BBB has no real authority and is basically just a complaint collector.

Do not let Verisign take you to the cleaners. Instead invest that money in really securing your site.

Purchase a SSL cert from RapidSSL

Design your own security buttons

Always list your phone number and address somewhere on each page. Also have easy spotted links to your privacy policy, contact page, & your page that mentions your return policy.
posted by Dreamghost at 8:58 PM on February 3, 2006

I work in Internet banking, and all of our clients have Verisign certificates. Not all of them have seals on the page.

The primary client complaints regarding security tend to be that either the padlock isn't showing up or the page is not loading secure (https).

I have never seen a request to add a seal to a page, but I have gotten planty of requests to update outdated seals (no longer necessary with the way Verisign builds links, but we used to have to update the links each year) because customers were calling in with alarm that the Verisign seal was out-of-date, which made them sure that somehow the site was insecure.

My point? Someone is looking for them, or at least clicking on them when they are there. And maybe I've been conditioneded by working with them so frequently, but I now look for them too. Even though as a techie I know they don't really mean anything, for some reason they give me extra piece of mind.
posted by Famous at 9:22 AM on February 4, 2006

I wouldn't bother with Verisign; spend the money/time on refining all those little design/content touches that make sites feel secure and trustworthy.
posted by malevolent at 11:23 AM on February 4, 2006

I agree that some certificates are way overpriced, but companies are somehow seem willing to pay for them.

You can get some cheap certs at ssl.com, but you can also get the expensive ones. There are differences, but you'll have to investigate to found out what they are. Check out information.ssl.com for specifics between the ceap certs and the more expensive ones (ie Verisign).
posted by nuttysqurrl at 9:12 PM on May 30, 2006

« Older Anyone know where I can find a...   |   My girlfriend cheated. We're s... Newer »

This thread is closed to new comments.