I guess the only thing that would make me feel a little more comfortable would be a PCI Compliance or Security Scan by Comodo, McAfee, ControlScan or SecurityMetrix. Since they do active scanning (daily) on a site and you have to submit the business practice information it at least makes the owners of the site aware of what they should or shouldn't do .
I'm not aware of any outside agency that actually does full testing to verify what the site is doing, how the data is secured etc. Most of the scanning places that I"ve dealt with it's just a form that the site owner fills out.
If anyone knows of an agency, please post.