12 May 2011

The McAfee SECURE™ standard is an aggregate of industry best practices, designed to provide a level of security that an online merchant can reasonably achieve to help provide consumers with better protection when interacting with websites and shopping online.

What is McAfee SECURE standard?

In order for a merchant to display the McAfee SECURE trustmark, it is required to submit, at minimum, the target website for auditing and pass the required tests.  The website(s) must be audited by McAfee Inc.'s Automated Vulnerability Assessment technology on a daily basis without interference by Intrusion Detection or Intrusion Prevention System.

The McAfee SECURE data security standard is separate from the Payment Card Industry Data Security Standard (PCI-DSS).  McAfee SECURE requires daily auditing and certification, whereas PCI DSS requires quarterly scanning by an ASV and SSL doesn't require auditing at all.  The appearance of the McAfee SECURE trustmark on a website is not related to the retailer's PCI compliance.

Benefits of Complying with McAfee SECURE standard

Vulnerability assessment and the subsequent required remediation are costs that many merchants often choose to avoid.  This leaves the consumer unprotected and unaware of the risk to their personal information.  The McAfee SECURE service is the de facto method for creating a positive ROI for security.  By requiring the merchant to meet a defined level of security and then allowing them to publicly display their achievement in meeting the McAfee SECURE standard, consumers benefit from increased security and awareness.  Merchants benefit by the consumer's greater willingness to purchase from sites that display the McAfee SECURE trustmark.