View Poll Results: HackerSafe logo will attract more customers?

Voters
28. You may not vote on this poll
  • Yes

    10 35.71%
  • No

    10 35.71%
  • It depends (if you vote this, please leave a post and clarify what it depends on)

    8 28.57%
Page 1 of 2 12 LastLast
Results 1 to 40 of 44
  1. #1
    Join Date
    Dec 2006
    Posts
    205

    Exclamation HackerSafe or PCI Compliance

    Does "HackerSafe" (PCI Compliance http://www.pci-compliance.eu/) logo on a website make sense to attract more customers?
    Will you (as a customer) prefer to see that logo on the hosting website where you bought your hosting from?

  2. #2
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,087
    It might work to attract lower-end clients but generally anybody looking for professional or medium to high end hosting would likely be turned off by a "HackerSafe" logo. The HackerSafe logo I think probably has a tendancy to cause more problems than it solves. DDoS or hack attempts come to mind.

    As for being PCI Compliant - that is a given... Generally a merchant account won't allow you to process payments on your site without being PCI Compliant.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/

  3. #3
    Join Date
    Dec 2006
    Posts
    205
    I know merchant account requires it, I was just asking about attracting customers...

    Please clarify your exact definition of "lower-end clients "?
    so HackerSafe may cause some problems? please clarify them, what are the problems and please ex0plain what is DDoS?

  4. #4
    Join Date
    May 2006
    Location
    EU & USA
    Posts
    3,684
    Merchant accounts require you to be PCI compliant, not to use hackersafe its services. Hackersafe will help you audit your servers, but as long you can show to your CC company you do use/hire other external auditors it will be fine too.

  5. #5
    Join Date
    Dec 2006
    Posts
    205
    sorry, I never used it before. I thought HackerSafe is the same as PCI compliance. So by "be PCI compliant, not to use hackersafe its services" do you mean HackerSafe service is separate from PCI compliance?

  6. #6
    I thought HackerSafe is usefull!
    <<< Please see Forum Guidelines for signature setup. >>>

  7. #7
    Quote Originally Posted by nimasdj View Post
    sorry, I never used it before. I thought HackerSafe is the same as PCI compliance. So by "be PCI compliant, not to use hackersafe its services" do you mean HackerSafe service is separate from PCI compliance?
    PCI compliance is standard. HackerSafe is audit company.
    PCI compliance requires to have third party assessment (quarter scan, on-site audit etc.etc.etc depends on compliance level)

    So if you want to be compliant with PCI-DSS you should make your environment according to this standard and involve certified third party (HackerSafe, TrustWave etc.etc) assessment company to confirm that.

  8. #8
    I prefere to make purchases only on certified site. it is kinda guarantee from stupid mistakes like SQL Injects etc.

  9. #9
    Join Date
    Dec 2006
    Posts
    205
    Quote Originally Posted by perfsys View Post
    I prefere to make purchases only on certified site. it is kinda guarantee from stupid mistakes like SQL Injects etc.
    Do you mean you would perefer to buy your website from a hosting which is PCI compliant + HackerSafe?

    Quote Originally Posted by perfsys
    So if you want to be compliant with PCI-DSS you should make your environment according to this standard and involve certified third party (HackerSafe, TrustWave etc.etc) assessment company to confirm that.
    Do you mean in order to become PCI compliant, I should use HackerSafe or any other recognized third party like that?

    To Perfsys:
    Please participate in poll too.

    To dynamicnet & FHH - Tim:
    please clarify it depends on what?
    Last edited by nimasdj; 04-02-2008 at 09:42 AM.

  10. #10
    Quote Originally Posted by nimasdj View Post
    Do you mean you would perefer to buy your website from a hosting which is PCI compliant + HackerSafe?
    I meant as a customer (purchasing products/services on internet) I would prefere PCI compliant site. I'm not quite sure that there are any out-of-the-box hosting package that includes PCI DSS compliance.

    Do you mean in order to become PCI compliant, I should use HackerSafe or any other recognized third party like that?
    Yes, it is required by this standard.

    try to find out some info at visa site.

  11. #11
    Join Date
    Dec 2006
    Posts
    205
    Perfsys, I thought you would vote for "Yes" because of what you said here. Please clarify it depends on what in your opinion?

  12. #12
    Join Date
    Dec 2006
    Posts
    205
    To ALL folks:
    Please participate in this poll too:
    http://www.webhostingtalk.com/showthread.php?t=683288

    also if you vote for "It depends" for this thread, please leave a post and clarify it depends on what?
    Last edited by nimasdj; 04-02-2008 at 09:59 AM.

  13. #13
    sorry. misstyped.
    my answer is - Yes

  14. #14
    Join Date
    Dec 2006
    Posts
    205
    To a Moderator:
    Polls are not editable by users. Please move prefsys's vote from "It depends" to "Yes" in order to get a more serious result from this discussion as I believe this discussion is serious and important.
    Last edited by nimasdj; 04-02-2008 at 10:05 AM.

  15. #15
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,190
    Quote Originally Posted by nimasdj View Post
    Please move prefsys's vote from "It depends" to "Yes" in order to get a more serious result from this discussion as I believe this discussion is serious and important.
    Done.
    There is no best host. There is only the host that's best for you.

  16. #16
    Join Date
    Dec 2006
    Posts
    205
    Sorry, I still see prefsys's name for "It dpends" however the statistic became 2 which is correct. I can't see his name for "Yes".
    I appreciate your own vote too!

  17. #17
    Join Date
    Mar 2008
    Location
    Orange County, CA
    Posts
    2
    I voted YES because i work for a computer accessory manufacture and i get calls about our website security all the time. Most people i talk to are paranoid about punching in their credit card info on someone's (our) website. The "hackersafe" logo, i believe, would give us more sales and allow so many of our customers to have some piece of mind.
    "Hackersafe" is a name everyone understands, but "PCI compliance" is something only a geek would know off the top of their head. The every-day individual would have google it to know what it is and what it stands for.

  18. #18
    Join Date
    Oct 2005
    Posts
    393
    Besides hacker safe are there any other PCI compliant services that are good?

    Does hacker safe check for vulernable php applications? Like and out of date phpBB?

    Or if the user is including() a variable without validation? and if it does, how is it able to tell if a user is using proper validation on the variable he is including.

  19. #19
    Quote Originally Posted by jalapeno55 View Post
    Besides hacker safe are there any other PCI compliant services that are good?

    Does hacker safe check for vulernable php applications? Like and out of date phpBB?
    it should.

    [QUOTE]
    Or if the user is including() a variable without validation? and if it does, how is it able to tell if a user is using proper validation on the variable he is including.
    [QUOTE]

    not sure that it will check all, but most of certified assessors have "penetration test" which is usually performing manual break-in attempt.

  20. #20
    Join Date
    Oct 2005
    Posts
    393
    [QUOTE=perfsys;5041203]it should.

    [QUOTE]
    Or if the user is including() a variable without validation? and if it does, how is it able to tell if a user is using proper validation on the variable he is including.

    not sure that it will check all, but most of certified assessors have "penetration test" which is usually performing manual break-in attempt.
    Does it check for popular out of date 3rd party scripts like phpBB wordpress, joomla, etc?

    If it just scans the IP of the server, how does it know what domains to check? Like if I have 100 domains all on the same IP?

    How about if like my kernel is out of date, does it check that? Or is only able to do something like nessusd would do?
    Last edited by jalapeno55; 04-02-2008 at 02:19 PM.

  21. #21
    It depends on what utility will be used for scanning.
    usually it utilize huge vulnerability database to lookup and scan all such 3rd party things and much more.

  22. #22
    Join Date
    Oct 2005
    Posts
    393
    Quote Originally Posted by perfsys View Post
    It depends on what utility will be used for scanning.
    usually it utilize huge vulnerability database to lookup and scan all such 3rd party things and much more.
    How will it know the kernel version without being able to run uname -r on the server?

    Seems to me its still fairly likely to get hacked even after passing a pci scan.

  23. #23
    The point of PCI-DSS is not just a scan.
    PCI scan is to confirm that your external resources patched and secured.
    take a look at PCI DSS documents on visa site.
    scan is just a one point from hundred.

  24. #24
    Join Date
    Oct 2005
    Posts
    393
    Quote Originally Posted by perfsys View Post
    The point of PCI-DSS is not just a scan.
    PCI scan is to confirm that your external resources patched and secured.
    take a look at PCI DSS documents on visa site.
    scan is just a one point from hundred.
    By one hundred points do you mean the 12 main points, plus all the sub points from this:
    https://www.pcisecuritystandards.org/tech/pci_dss.htm ?

  25. #25
    yes. exactly.

  26. #26
    Join Date
    Oct 2005
    Posts
    393
    Quote Originally Posted by perfsys View Post
    yes. exactly.
    Which is the rule that says you should be scanned daily by a 3rd party? I skimmed through the thing and didn't see it.

  27. #27
    PCI Compliance = paper tiger, but needed for insurance claims.

  28. #28
    Quote Originally Posted by jalapeno55 View Post
    Which is the rule that says you should be scanned daily by a 3rd party? I skimmed through the thing and didn't see it.
    http://www.visaeurope.com/documents/...ants_guide.pdf

    section 7.2
    quarterly scan

  29. #29
    Join Date
    Jun 2006
    Posts
    1,765
    I don't pay much attention to the Hacker Safe logo but I know that some of our customers would.

  30. #30
    Join Date
    Oct 2005
    Posts
    393
    Where is the cheapest place to get the HackerSafe seal/service?

  31. #31
    Join Date
    Jan 2005
    Posts
    326
    http://www.hackerguardian.com/ is another company like HackerSafe.

    Most sites that are doing e-commerce will have an SSL which in turn means that the site will
    have its own IP Address!!
    Charles

  32. #32
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    The whole HackerSafe stuff is a joke, but if it lets a client more immediately know you've had the basic checks/scans done and you passed, if they even know what it means, then it could save some questions from them, or even make them think it means you really are a more secure provider over another. I'm unsure how it could be a bad thing for potential clients to see, other than it might give some the impression that you believe your servers are more secure than they actually are, just because of some lame, basic scans by a service like that.

    What I mean by that, is that it could make people think that you believe that's all you need done/checked to have a secure server. Of course, that doesn't mean that's the case or you believe that, but that would be my only concern about displaying such a seal (since I don't put much credence into that sort of service). I.e., an informed client might think that the hosting company was ignorant about it enough to pay some pointless service to do a basic scan just to use their seal -- so I'd never do it for that reason.

    I know it's a lot of meaningless nonsense, but I still order items online from stores that have the logo (it doesn't make me not order -- I don't think they are more secure or safer, but it doesn't turn me off from ordering), so I think if anything it's a good thing to have since most clients see media nonsense about "hacking" and if you can have some meaningless seal that says you're safe from it, it might earn you more uninformed clients and that's still more clients.

    I don't think informed clients will usually hold it against you, even if I worry that they would. I see a lot of "services" and "seals" used on sites that seem people are just paying these services to collect icons on their pages, and it makes me think they are suckers. But, for a HackerSafe seal, I'm not offended by them passing the basic checks. I doubt most potential customers will know or care what PCI compliance means, and if you run an online order form, you usually have to pass those checks anyway, so I think you're better off with the HackerSafe logo to appeal to them, even though it's pretty much nonsense anyway.

    Anyway, why not have both? You'll need a PCI compliance check for most merchant services to accept clients for your hosting anyway, so have the PCI Compliant logo or text, and if you're going to pay for a HackerSafe seal, then do that, too. Do both, the PCI Compliant verification seal or text should be of no cost. Just create one, it's not immoral if you are compliant. There's no reason to pay someone for a PCI Compliant test that your bank or merchant service will perform before you can accept orders anyway.

    In fact, why not just ensure you're secure from the same things HackerSafe checks and just create a logo that says you're Hacker Safe (just make it clear it's not their service's seal). I don't see any reason to pay anyone to run a basic test, as long as you truly are at least the level of secure as those services will check for anyway.
    Last edited by Tim Greer; 04-03-2008 at 01:49 PM.

  33. #33
    Join Date
    Nov 2003
    Location
    USA
    Posts
    784
    I guess it work out good i be use hackerguardian.com
    WHMCS Services - sales (at) whmcsservices.com
    WHMCS Development | WHMCS Addons / Modules

  34. #34
    Join Date
    Apr 2000
    Location
    California
    Posts
    3,051
    Well, there's a good point. If you want to put some "hacker safe" type of seal on your web site and if you want to pay someone to run those basic scans, then I seriously doubt it matters which company you use. Any client that will be drawn to your service from such a seal, will not know enough about it or what it really means in the first place, so I really doubt it matters which company's seal you use.

  35. #35
    Join Date
    Dec 2006
    Posts
    205
    Nice points Tim Greer, I completely agree.

  36. #36
    Join Date
    Dec 2006
    Posts
    205
    I think if evetually I will buy HackerSafe service, I'd pay only to become PCI Compliant to use a merchant account and not just pay to show the seal to clients to tell them we are secure. I am sure clients won't care about that seal and they have their own factors to decide if you are secure or not and buy from you.

  37. #37
    Join Date
    Jan 2005
    Posts
    326
    HackerGuardian is a lot cheaper than HackerSafe!!
    Charles

  38. #38
    Join Date
    Nov 2003
    Location
    USA
    Posts
    784
    True but it do the same b/c I try both I dont see nothing differ
    WHMCS Services - sales (at) whmcsservices.com
    WHMCS Development | WHMCS Addons / Modules

  39. #39
    Join Date
    Dec 2006
    Posts
    205
    To a moderator:
    one poll option is:
    It depends
    please change it to:
    It depends (if you vote this, please leave a post and clarify what it depends on)

    To Folks who already voted for "It dpends":
    Please clarify what it depends on.

  40. #40
    Join Date
    Jan 2001
    Location
    Kihei, HI
    Posts
    576
    Quote Originally Posted by nimasdj View Post
    Does "HackerSafe" (PCI Compliance http://www.pci-compliance.eu/) logo on a website make sense to attract more customers?
    Will you (as a customer) prefer to see that logo on the hosting website where you bought your hosting from?
    I've never once seen one of those logos tell me a site was not safe. I'm sure it has or could happen, but after seeing dozens of such logos I really am not sure I can trust that they actually mean anything.

    I mean, I think in many cases all those logos do is test connections. If all they are saying is that the site has a non-expired SSL certificate, well, yeah my browser does that for me.

    In short, I don't think either of those is going to weigh positively on prospective customers.
    :: 1StopWebHosting.com :: - Professional Web Hosting Services
    ::
    :: Featuring the CPanel Control Panel running on CENTOS Linux servers
    :: We offer Shared Web Hosting, Business Hosting, Java / J2EE Servers and Dedicated Server solutions.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •