[dba-Tech] ScanAlert

Mitsules, Mark S. (Newport News) Mark.Mitsules at ngc.com
Tue Jul 13 10:03:42 CDT 2004 

I tried going to their site but it isn't loading at the moment, therefore I
am probably missing something.  I get the impression that this is more of a
B2B service (protect your site, show our seal, get more customers)...  Is
that how you've interpreted it?  It seems that at the customer level the
most they could possibly offer is to reimburse you for purchases made at one
of their member sites if in fact it can be proved that a hacker bypassed
their security (have you seen that claim?).  Yet my credit card company
already offers that level of protection for fraudulent purchases.  I'm still
not seeing the added value of their "seal"...

Now, on the other hand, if credit card companies start limiting their
liability by only covering purchases made at member sites then the value of
that seal starts to increase.

Mark



-----Original Message-----
From: Steven W. Erbach [mailto:serbach at new.rr.com] 
Sent: Tuesday, July 13, 2004 8:46 AM
To: Discussion of Hardware and Software issues
Subject: RE: [dba-Tech] ScanAlert


Mark,

>> aside from the protection offered by the credit card companies, how much
more protection can they offer? <<

They claim to offer shoppers protection from identity theft. Prevention, in
other words:

"We thoroughly audit every HACKER SAFE site using over 2,500 different
security tests. These tests are based on hacker activity information
collected every 15 minutes from hundreds of private and government sources
worldwide.

"When we find any holes that could allow hackers to steal your personal
information, we notify the merchant with instructions on how to secure their
site. As long as the merchant does so quickly, we certify the site as HACKER
SAFE. ScanAlert controls the certification image, not the merchant. You will
not see the certification if the site does not pass our security audits."

"Nearly every Web site where hackers have stolen private information had an
SSL certificate in place... SSL simply has nothing at all to do with Web
site security or safety from hackers." P.J.Connoly, INFOWORLD

"SSL is basically like providing security for the bank teller when the vault
is wide open. People rely too heavily on SSL. It gives them a sense of
comfort; it just doesn't give them security," Pete Lindstrom, research
director, Spire Security, LLC. 

For on-line merchants they claim:

"HACKER SAFE certification meets the full set of requirements for the
FBI/SANS Top Twenty Internet Security Test (vendor list PDF). Our
vulnerability scanning technology has also been tested and accredited to
meet the requirements for both American Express' CID Data Security program,
and MasterCard's Site Data Protection program."

Regards,

Steve Erbach
Scientific Marketing
Neenah, WI
920-969-0504

"The too open mind is an empty mind." - Douglas Kern


_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

More information about the dba-Tech mailing list