We verify every site through a multi-stage process that includes real-money purchase tests. No site can earn the Verified badge without passing each stage.
Identity check
The process starts with confirming who runs the site. We look for a registered business entity, public contact information, and a real address. Anonymous operators or sites hiding behind privacy proxies do not pass this stage.
We cross-reference company registration details with domain ownership records and any public business filings. If the operator has a track record under a different brand, we examine that history too.
Security audit
Next, we review the site's technical security posture. This covers:
- SSL/TLS configuration - valid certificate, no mixed content, HSTS headers
- Payment security - PCI-compliant payment processors, no direct card handling on unverified infrastructure
- Account security - two-factor authentication availability, password policies, session management
- Data handling - presence of a privacy policy, GDPR compliance where applicable
Sites that fail the security audit receive specific feedback on what needs to change before re-evaluation.
Real purchase test
This is the core of our verification. We create a real account, deposit real money, and complete a real transaction - the same experience any user would have. We document the full process: registration time, deposit speed, item accuracy, delivery time, and withdrawal process.
If the site serves multiple categories, we test at least one transaction in each category. A trading site that also sells currency gets tested in both flows.
Ongoing monitoring
Verification is not a one-time event. After a site earns the badge, we continue monitoring through:
- Automated checks - daily uptime, SSL validity, and DNS monitoring
- User review analysis - patterns in community feedback that may signal changes
- Periodic re-tests - repeat purchase tests at regular intervals
If monitoring flags an issue, the site enters re-evaluation and may lose its Verified status.