Security seals aren't worth the bits they're made of, let alone the fees.
Seals certifying the security of e-commerce sites and other online destinations have
long aroused suspicions that they're not worth the bits they're made of—much less the hundreds or thousands of dollars they cost in yearly fees. Now, computer scientists have presented evidence that not only supports those doubts but also shows how such seals can in many cases make sites
more vulnerable to hacks.
The so-called trust marks are sold by almost a dozen companies, including Symantec, McAfee, Trust-Guard, and Qualys. In exchange for fees ranging from less than $100 to well over $2,000 per year, the services provide periodic security scans of the site. If it passes, it receives the Internet equivalent of a Good Housekeeping Seal of approval that's prominently displayed on the homepage. Carrying images of padlocks and slogans such as "HackerProof," the marks are designed to instill trust in users of the site by certifying it's free of vulnerabilities that hackers prey on to steal credit card numbers and other valuable customer data.
