We talk a lot about building trust with visitors, and as part of that discussion the use of Trust Badges, aka Secure Badges, often comes up. You'll read about this all over, the issue is, you're probably using them wrong (and possibly, illegally!).
It seems that people have a habit of grabbing any and all 'secured by' badges they can find on the internet and throw them on their site, the issue is thats not how most trust badges work, and with many, require a payment!
You can't use most 'Secured By' services
You've probably seen the above badges on a range of sites, but in order to use third party security badges from the likes of GoDaddy, GlobalSign, Norton, etc two things must happen:
- You must first PAY these companies for the security scanning to ensure you are indeed safe and protected and,
- You must use THEIR SSL certificates to be able to use the service.
You CANNOT use a third party SSL certificate with Shopify, and therefore cannot use these third parties to claim security. Claiming these companies secure your website when they don't can land you in legal trouble for misrepresentation.
How these badges actually work
You'll notice in the image above that the GoDaddy badge says "Verify Security". This is because these badges, when used correctly, are clickable. When you click the badge, it verifies for the user when the last security scan was done and what the results were.
That said, that really only applies to third party badges from companies like Norton and GoDaddy. The Shopify Secure badges, or other SSL Secure badges, do not have this capability, they are just a graphic and do not verify anything.
Are there secure services that work with Shopify?
Yes! You can install TrustedSite (Formerly McAfee SECURE) to have a proper Trust Badge that can be clicked and verified.
There is a free tier that covers up to 500 visits a month before having to upgrade to a paid plan. When you click the TrustedSite Badge you will get a popup like you see below that indicates that everything is secure.
This is what should happen if you click on third party Trust Badges from the likes of Norton or GoDaddy. You can see there is a 'Verify' link in the top right to trigger a confirmation scan and you can expand each section for additional details.
Friends don't let friends claim secure
The long and short of it is that putting one of these paid third party badges on your site without actually paying for the service, is fraudulent.
If you see a site with these badges and you can't click on them for verification, drop them a line to let them know their options!