“Mistrust makes life difficult, trust makes it risky.”
- Mason Cooley
There are a number of reason why it’s hard to start a payments or financial startup. Aggressive regulators, capital requirements, partnerships… but the hardest part is gaining the trust of your customers.
As usual, the market has a solution - brands for sale. Companies like Verisign, McAfee, SquareTrade, TRUSTe, and the Better Business Bureau all sell badges you can put on your site.
The problem is that these badges are EXPENSIVE. I’ve been trying to get us setup - most of these badges cost thousands of dollars each. That’s a lost of lost marketing money or development time to a small company.
In addition, they have little real bearing on the security of your site. Many run daily penetration tests (McAfee, TRUSTe), some certify that you own the domain you say you do (Verisign, etc). But these checks are next to worthless - the penetration testing & code review we’ve conducted on WePay (using $50,000 software) is far more advanced and rigorous than anything these guys are running automatically. And yet, people are still looking for the brand.
Can’t we as a developer or entrepreneurial community come together and build some nonprofit brand? Some exist, like trusted-site.org, but they aren’t recognized or accepted. Or perhaps some lower cost competitor can come in and undercut more of these guys, like GoDaddy has done with SSL certificates?
I guess the brand itself is expensive to establish, keeping competition out. But with the proper education, hopefully we can bring the audience on the web around to cheaper (but just as tough or tougher) authorities.
