Everyone’s interested in improving their search visibility, whether it’s raising the position of a pay-per-click ad or turning up higher in organic search results. But that drive for enhanced positioning can sometimes lead companies to overstate the effects their products and services can have on Web customers’ search performance.
That seems to have been the case recently with ScanAlert, a Napa CA-based Internet security company that tests e-commerce sites for vulnerabilities and issues its Hacker Safe certification to those that pass its tests (and agree to periodic future testing.) The company maintains that by building consumers’ confidence that their personal data will be safe, its service can help greatly increase conversions and boost sales on Web sites—and ScanAlert has case studies and data that appear to back up those claims pretty solidly, including a reported 18.4% increase in sales for electronics vendor AbesofMaine.com.
All well and good, and we’ll talk about those effects in a moment. But in the run-up to last month’s Search Engine Strategies meeting in New York, both the ScanAlert PR and the Web site were also touting another effect of the Hacker Safe mark: namely, that earning certification, displaying the logo/ link combination and getting listed in the online Hacker Safe merchant directory would automatically give your site the benefit of linking to all the other Web pages that are similarly certified.
At that time a month ago, the site’s sales pitch claimed that Hacker Safe certification “boosts Google rank with over 100 million cross-links.” And this reporter was contacted with a public-relations pitch that also touted the beneficial effects on Google optimization, since Google uses incoming links to help build its picture of a Web page’s popularity and authority. The link-juice claim was also written up in a trade magazine article on ScanAlert’s benefits for one of its clients.
Unfortunately, Google takes a dim view of buying paid links in the hope of improving a site’s ranking. In fact, senior Google engineer and Web spam cop Matt Cutts blogged about streamlined procedures for reporting suspected paid links to Google only a day after the magazine article appeared.
Chris Boggs, a moderator on the Search Engine Watch forum, said of the notion that Hacker Safe could enhance Google ranking, “What if an announcement such as this causes G and others to start analyzing other such association/certification type links and devalue them since people are gaming them[?]”
In a follow-up post a day later, Boggs said that he had spoken to ScanAlert—which has a policy of not responding in online forums or blogs—and been persuaded that the company’s rep was “misquoted” in the article under fire.
In fact, no one from ScanAlert was specifically quoted making the Google claim, although the story’s lead did claim that Web sites using the Hacker Safe mark report improved search engine optimization. It also said that company reps at SED talked about “how offering three one-way PR6-PR8 text links [from the merchant directory] helped sites… raise organic search placement.”
The misquotation issue was rendered moot when Barry Schwartz, president of online marketing agency RustyBrick, posted to Search Engine Watch a screen shot from the ScanAlert Web site with the “100 million Google cross-links” claim. (The claim has since been removed.)
So what’s the answer? Who made the mistake?
An “overzealous” sales department, according to ScanAlert CEO Ken Leonard. He explains that the Hacker Safe merchant directory was intended to be a central location for Web users to locate merchants certified by the program in up to three product categories they could designate themselves and offering three one-way links to their sites from the directory, along with one reciprocal link on each page. As a large site with lots of outbound links, the merchant directory naturally gets spidered by Google bots, and its pages currently are ranked ranging from 8 for the home page down to 5 for lower pages.
Leonard says that Hacker Safe clients have reported improved organic rankings on Google after inclusion in the directory, but that the company always framed those benefits as anecdotal evidence from customer testimonials.
“At SES, our salespeople tried to put a lot of spin on that, which was probably the first time we’d ever spoken about it in public,” he says. “Unfortunately, most of the people hearing that message thought we were selling links. There’s only one way to get into [the Hacker Safe directory] no matter who you are, and we don’t sell those links. This [directory] is exactly the kind of information hub that Google does value, but it’s not a link farm. People got that confused, and I guess it’s our fault because we didn’t talk about it correctly.”
As for the online Google cross-link claim, Leonard says that was “an overstatement” of anecdotal customer reports. While the company does have quotes from clients that point to Google ranking improvements, “We really don’t have any evidence of that other than what customers tell us,” he admits. “The sales and marketing departments got a little over-zealous.”
Fair enough. With that controversy laid to rest, what does the Hacker Safe mark actually do for Web merchants?
Basically, apart from the added payment security, it can help boost sales conversions by building consumer trust, and Leonard says the company’s e-commerce clients have A/B testing to underscore those improvements.
The company runs daily payment-card industry (PCI) security checks on the transaction systems of its client sites. Those that pass are allowed to display the Hacker Safe logo for another 24 hours, delivered from ScanAlert’s own servers and updated hourly to make sure there’s no lag time between failing a test and automatically removing the mark.
Leonard says that more than 75,000 Web sites currently carry the Hacker Safe certification, including about half of those listed in the Internet Retailer Top 500, and that the mark is served at a rate of more than 5 billion images a month. ScanAlert is the world’s largest payment card industry (PCI) security scan vendor, he claims, having performed 25 million scans since its founding in 2001. The company has an exclusive partnership with Visa International to offer white-labeled PCI services to their members, and other deals with PayPal and BBBOnline.
The company also offers enterprise security services to check business Web sites for vulnerability, and sells those intramural services to such customers as Visa, HP, Yahoo! and Northrop Grumman.
In other words, they’ve got some credentials when it comes to their basic line of business, checking online systems for weak spots.
Leonard founded ScanAlert specifically as a service to identify those chinks in companies’ Web armor and to suggest patches. “But it soon became apparent to us that the real advantage of passing such a test was to be able to certify it to your customers and business partners, and the idea to develop a security certification mark developed very early,” he says.
That puts ScanAlert in a unique position in the world of online security scanning. Other companies test Web vulnerability, but they don’t offer a trust mark. Other trust mark companies don’t necessarily do the kind of intensive vulnerability scanning that ScanAlert does. That’s opened some co-opetition opportunities for ScanAlert to partner with other trust mark companies such as VeriSign, which certifies that sites are encrypting transferred data on the Secure Sockets Layer (SSL) protocol for privacy but doesn’t wring the payment system every which way.
For example, BBBOnline offers a data-privacy trust mark of its own, and ScanAlert has partnered with that group to offer merchants certified by one of the partners an incentive discount on certification by the other. VeriSign offers a similar bundling deal with the Hacker Safe mark.
All that takes care of the PCI services. In terms of the impact that displaying the Hacker Safe mark can have on sales results, Leonard points to some real-life e-commerce examples. For example, Vermont Teddy Bear Co. did A/B testing with and without the mark and found that showing the Hacker Safe certification resulted in an 8.9% higher conversion rate on its site, producing 205 more orders than the mark-less version. The company’s Pajamagram.com sister site found after similar testing that conversions jumped 12.3% with the mark, producing 174 more orders.
Meanwhile, housewares Web vendor StacksandStacks.com reported that A/B testing a hacker Safe version of their site boosted conversions 5.7% and rang up 67 incremental orders.
Leonard says ScanAlert does more A/B testing with its clients than any other trust mark company. In the course of running such tests on more than 600 sites selling a wide range of consumer goods, he says, the company has found that showing the hacker Safe mark increases site conversions anywhere from 3% to 33%, with the hike averaging out at 14%.
The wide variance depends on a number of factors, including the products being offered and the demographic groups that make up the site’s market. “Younger people are less risk-averse than middle-aged ones,” Leonard says. “Wealthy people are more risk-averse than middle-class people.” A site with no brand equity in the market might get a bigger impact from the Hacker Safe mark than a well-known brand such as Toshiba, a ScanAlert certification customer. And a site that specializes in high-end luxury goods won’t face much online competition and thus might not see the same benefit from a trust mark as another site selling, say, consumer electronics.
On the other hand, the site that posted the 33% conversion increase, Charlotte NC-based ClubFurniture.com, is a high-end supplier of custom-made furniture. “They’re expensive pieces, mostly retailing for $1000 or more,” Leonard says. “But the company noted not only that their Web sales went up 33% with the Hacker Safe mark but that they had a reduction in people calling before placing an order.” In that instance, the jump in online conversions was about half organic sales growth and half a transition from phone sales—a pattern Leonard says ScanAlert see often.
A/B testing has also taught ScanAlert and its merchant clients that where the Hacker Safe mark is displayed can also determine how effective it is at bumping up sales. PETCO did some tests, moving the badge around to different real estate on its Web pages, and found that while posting the Hacker Safe mark way down on the lower right of the page produced a 1.8% sales lift, locating it toward the bottom of the left rail hiked conversions by 6.3%. Best location of all was in the upper left, not far from the PETCO page logo: That created an 8.8% jump in sales.
The Hacker Safe mark has proven so effective in building both consumer confidence and online conversions that the company now has a number of multichannel clients who are including the mark in alternate media such as catalogs, including Lillian Vernon, Wine enthusiast, RedCats Group and Blair. Most often, these marketers are featuring the hacker Safe mark on the order forms included in their catalogs as an incentive to move customers to the online channel, as cheaper and more direct.
Other ScanAlert clients are currently featuring the Hacker Safe badge in e-mail marketing campaigns and testing to see if displaying the mark can give the same boost to open rates that it does to online conversions.