The idea
Shoppers land on a store they have never heard of. They have no way to tell a real business from a shell that will take their money and vanish. A trust badge is meant to close that gap. It says someone else has looked at this site and found it sound.
That is a good idea. The problem is in how most badges are built.
Most trust badges are just images
This is the uncomfortable part of our own category, so we will say it plainly.
The majority of trust badges on the web are a picture file sitting in a folder. Nothing more. A scammer can right click, save, and drop that same picture onto a fake store in about ten seconds. Nobody checked them. Nothing stops them.
So the badge itself is not the proof. If a shopper cannot check the claim against something outside the site making the claim, the badge is decoration. A site that would lie about its products will happily lie with a graphic.
What makes a badge real
One question separates a badge worth trusting from a sticker. Can the shopper verify it, and does the verification live somewhere the site owner cannot edit?
- →Clicking it goes somewhere useful. Not back to the same site, and not to a generic marketing page. It should open a profile on the badge provider's own domain, about this specific site.
- →The provider hosts the record. If the evidence sits on the store's own server, the store owner controls it, and it can say anything.
- →The claim is specific and dated. "Checked" means little. What was checked, and when, means something.
- →A copied badge fails the check. Paste the image onto another domain and the verification should refuse to confirm it.
Different badges verify different things
People treat "trust badge" as one thing. It is not. The word covers several unrelated claims, and mixing them up is how shoppers get caught out.
- →Site security scanning. The site has been scanned for things like malware, phishing and a valid SSL certificate.
- →Customer reviews. Real buyers rated the shop. That says nothing about whether the checkout is secure.
- →Business identity. Someone confirmed a real registered company stands behind the domain.
- →Purchase guarantee. A promise of money back, backed by the provider, under their terms.
Even a genuine badge only proves its own claim
This matters. A properly verified security badge tells you the site was scanned and came back clean. It does not tell you the sizing runs small, the delivery estimate is honest, or the support inbox is staffed.
Read the badge for what it actually says. A verified narrow claim is useful. A vague broad claim is not, however official the graphic looks.
If you are weighing up an unfamiliar shop, the badge is one input. So is paying by card, which is covered in the safest ways to pay online.
How we do it
We built TrustedOrigin around the copying problem, because it is the whole problem.
Our badge carries a cryptographic key. That key matches a public profile on our domain, which we host and the site owner cannot change. Click the badge and you land on that profile, showing what we checked and when. Lift the image onto another site and the key will not match, so the check fails and the badge does not confirm anything.
The full explanation is on how our verifiable badge works. You can also run a free check on any site and see the underlying results for yourself.
We have step by step instructions for every major platform, including the ones that will not let you.
See how to add a verifiable badge