Security seals and the "perception of safety"?

As Rook pointed out, security theatre is a big part of how consumer perception is exploited to ensure that customers believe that something is safe, without the vendor having to go through all that complicated hassle with actual security.

The TSA is a great example, but there are many others:

  • Extended Verification on SSL certificates are largely theatre, as the EV process does nothing to actually improve the cryptographic or algorithmic security of the transaction. If a 3rd party wants to get a certificate for the domain from a dodgy CA, they can do so without the EV and 99% of users wouldn't notice.
  • The design of certain enterprise-level security appliances, from a physical and interactive perspective, are often tailored to invoke images of robustness. This usually involves building the unit out of sturdy black metal, with a few blinky blue lights on the front, and putting padlocks and other such imagery on the web panel.
  • Bag searches at large events like concerts are largely security theatre. It's near impossible to get a few hundred people through a proper bag search process, so the staff take a quick look and let you through. More often than not, they're just trying to stop you bringing a big bottle of vodka, so you have to pay at the bar. But part of it is to make you feel safer, despite the fact that anyone could easily conceal weapons, drugs, etc. without detection.
  • Anti-phishing techniques such as secret images are (usually) security theatre, in that it is often either trivial for a 3rd party to steal the secret image from the site without authentication, or that the image is displayed after the user has entered their full set of authentication credentials.

At the end of the day, it's all about marketing. If a company can sell you the image of something being more secure than it is, they are more likely to get a sale because you have peace of mind.


Security seals are used on phishing sites, and our tax dollars fund the TSA. Whether we like it or not, "Security Theater" rules us all.


Can security seals (badges) be used by a sophisticated customer to verify certain aspects of a site's authenticity? Yes

Do they make their host site safer? No

Can their presence increase customer trust and conversion rates? Yes

It's mostly about marketing and somewhat about allowing customers to gain additional validation of your identity if they so choose. If only one percent of your customer base are suspicious skeptics (like me) then it can be worth the small investment. (I made up that number... Don't hold me to it)

http://econsultancy.com/us/blog/7941-which-e-commerce-trustmarks-are-most-effective