Let's be honest here. Has any "Secured by X company" certification ever actually meant a damn thing? I swear I hear reports about sites like this getting broken into every week. Those banners are basically the equivalent of painting a target on your back.
I can't find a source just now, but I recall reading somewhere that user testing showed a much higher signup/purchase rate when using those sorts of 'certified hacker-proof' badges, with very little difference between
'legitimate' (from recognisable anti-virus/whatever brand name organisations) certificates and completely arbitrary ones.
I guess it's mostly about the perception of authority / security theatre.
I agree with you, these certifications are generally crap. My company signed up for Hacker Proof a few years ago (badges and shields look secure, ya know), and it found one SQL injection vuln we had in some old Classic ASP stuff that nobody used but was still out there. That was good, of course, but I'm sure it was the equivalent of running an off-the-shelf fuzzing app.
