Symantec Guide:

5 ways to increase online sales

by building customer trust
0101101
1011010010110100101101001
0001010010110100101110
0100001001011 01001010100001101010101
100101101111111111000 001010010110
010010110101101001
0
0010100101101000010
0100001001011010010101000011010101010
10010110 11111111110000010100101101001
0100101101001011010010110100101101001
00010100101101001011101001010
0100001001011010010101000011010101010
10 01011 011111111110000010100101101001
0100101101001011010010110100101101001
0001010010110100101110100101101010010
010000

5
$

5
$

Contents
5 ways to increase online sales by building customer trust

Introduction

Preventing third-parties from viewing communications

Mitigating the risk of customer data exposure

Providing SSL on all web-accessible servers

Demonstrating validated identity

Use SSL certificates from a security leader

Build trust

2 I Symantec Corporation

Symantec Guide: 5 ways to increase online sales by building customer trust

5
$

5 ways to increase online sales by

building customer trust
With consumers facing a steady stream of news reports about corporate data
breaches, major retailers hacked for credit card information, nation state sponsored
cyber attacks, and the Heartbleed Bug vulnerability in OpenSSL it is understandable
if they are hesitant about online commerce.
Fortunately, businesses have an opportunity to build trust with potential customers by demonstrating a clear understanding
of customers privacy concerns and implementing controls to protect customer data. There are key ways businesses can
use Secure Sockets Layer (SSL) certificates to build trust with consumers.
There is a clear need for security controls that protect customer data, particularly the need for end-to-end encryption of
communications over the Internet. In addition to implementing security controls, it is best to provide clear indications that
those controls are in place. SSL technologies form the foundation of five key practices that implement security controls
and provide evidence that such controls are active.

The five recommended practices are:

1
2
3
4
5

Preventing third parties from viewing communications

Mitigating the risk of customer data exposure
Providing SSL on all Web-accessible servers
Demonstrating validated identity
Using SSL certificates from a security leader

Together, these five practices demonstrate a commitment to protect your

customers data and help to establish the trust necessary for online
communications and commerce.

3 I Symantec Corporation

Symantec Guide: 5 ways to increase online sales by building customer trust

5
$

STEP 1

Preventing third parties from

viewing communications
To prevent others from monitoring communications, it is important
to encrypt any data transferred between browsers and Web servers
and from servers to servers. If someone were able to intercept traffic
between your customers and one of your servers, all they would
have is apparently random text.

For example, an email message with the text:

The last draft of the strategic plan is attached. Do not circulate.

Appears as:

M0niJp2vfKd0ikGzGZW+fTwiH0DHakfhlpOcIwZ Scr5LnTZbDe/hckFRS6x9jaNWS3+ZAI
CYzPk0ESRZTryIt6zfwjxMdu9XQ9Imsq6TP6TO6yQE5F/GnYjjCJQ3vfYQk92/VmdR0vMP
ZhKC7ZvTgLhZzDySxUHGCUZYGhSk6F6c2bMLDkp9GoPPoG7Ig9Z9ig8OEg/4CuNmxIp
CG/Vec6kISRhl4AJdUrZf+i1Z2H2vmFXti40gwJpwu7YgRPG2qPkh6+7txWt8l3CVriofLW9
YgAHDtxfQC4J53Q/sMz0URPT0or6hGw1hagrLd9SJfYxeYnQqLIPgoIYw7mU4Z22Fjb+hou
BcXxyHgHrQ4vMLTaX8TzJB0hzO1OWHB/1toHbPV4b4TTqkK3k0gMN/sUFTTLxPqDSX+
wIIIoRZ0hE8h4QVF25PIar58fPO8/PqUSugfpSDMY9bQgQA==

SSL certificates enable encryption with no effort on the

part of the customer. Support for SSL is ubiquitous in
modern browsers, making support among customer
browsers widely available.

4 I Symantec Corporation

Symantec Guide: 5 ways to increase online sales by building customer trust

5
$

STEP 2

Mitigating the risk of customer

data exposure

In addition to encrypting data as it is transmitted from your servers

to your customers browsers, private and confidential data at rest in
your data center requires encryption.

The motivation for encrypting data at rest is that attackers might be able to breach other security defenses and access
your servers. If that occurs, attackers might have access to private and confidential data. If the data is encrypted, it will be
of no use to attackers.
When using encryption, it is important to minimize the risk that if one encrypted message or file is compromised, the risk
is increased that other messages might also be compromised. To address this concern, an important feature of key
generation software is perfect forward secrecy. Perfect forward secrecy is available in an encryption system when random
public keys are generated on a per session basis and uses non deterministic algorithms to compute those keys. Consider
using encryption systems that support perfect forward secrecy.

STEP 3

Providing SSL on all web

accessible servers
IT departments are dynamic. Server configurations
change, networks are reconfigured, and devices
are added and removed from the network.
In addition, virtualization and cloud computing make it a simple matter
to instantiate or destroy virtual machines. One way to help ensure the
authenticity of servers within your organization is to ensure all servers
within a domain are protected with SSL certificates

5 I Symantec Corporation

Symantec Guide: 5 ways to increase online sales by building customer trust

5
$

STEP 4

Demonstrating Validated Identity

It is fairly easy for attackers to create fake Websites that appear
legitimate. This process of spoofing sites can be used to trick users
into providing login credentials, private information, or other
information useful to the attackers. To help demonstrate the validity
of sites, SSL certificate vendors have created a standard for extended
validation (EV) certificates.
EV certificates require additional authentication steps than conventional SSL certificates. Some low service SSL certificate
providers might provide certificates as long as there is an active email address at the same domain as requested in the SSL
certificate application. This security level might be sufficient for low risk sites, such as personal Websites, but business sites
should require more stringent authentication procedures.
EV SSL certificates provide clear visual cues to demonstrate the legitimacy of the site, such as the green bar indicator in a
browser address line. Additional information is available as well, as Figure 1 illustrates.

Figure 1: Extended validation certificates provide evidence that the business has demonstrated
more stringent authentication procedures than normally required

6 I Symantec Corporation

Symantec Guide: 5 ways to increase online sales by building customer trust

5
$

STEP 5

Use SSL certificates

from a security leader
SSL certificate vendors are essentially vouching for
the authenticity of SSL certificate holders.
There is more to providing SSL certificates than simply generating and
distributing certificates. Vendors must protect their infrastructure and
certificate information. Unfortunately, some SSL vendors have been
breached. It is important to use certificates from a vendor with a known and
respected brand and one that follows the highest authentication practices.

Build Trust
The public is justifiably concerned about privacy and data
breaches.
Businesses can build trust with customers by deploying established security controls, including
those based on SSL, and by demonstrating their commitment to protecting the interests of
their customers. These five practices help to leverage the benefits of SSL to both establish and
then maintain that trust.

7 I Symantec Corporation

Symantec Guide: 5 ways to increase online sales by building customer trust

5
$

About Symantec
Symantec Corporation (NASDAQ: SYMC) is an information protection expert that
helps people, businesses and governments seeking the freedom to unlock the
opportunities technology brings - anytime, anywhere. Founded in April 1982,
Symantec, a Fortune 500 company, operating one of the largest global data-intelligence
networks, has provided leading security, backup and availability solutions for
where vital information is stored, accessed and shared. The companys more than
20,000 employees reside in more than 50 countries. Ninety-nine percent of Fortune
500 companies are Symantec customers. In fiscal 2013, it recorded revenues of
$6.9 billion. To learn more go to www.symantec.com or connect with Symantec at:
go.symantec.com/socialmedia.

8 I Symantec Corporation

Symantec Guide: 5 ways to increase online sales by building customer trust

Symantec Guide:
5 ways to increase online sales
by building customer trust

For specific country offices and contact

numbers, please visit our website. For product
information in the AsiaPacific region, call:

0101101
1011010010110100101101001
0001010010110100101110
0100001001011 01001010100001101010101
100101101111111111000 001010010110
010010110101101001
0
0010100101101000010
0100001001011010010101000011010101010
10010110 11111111110000010100101101001
0100101101001011010010110100101101001
00010100101101001011101001010
0100001001011010010101000011010101010
10 01011 011111111110000010100101101001
0100101101001011010010110100101101001
0001010010110100101110100101101010010
010000

Australia: +61 3 9674 5500

New Zealand: +64 9 9127 201
Singapore: +65 6622 1638
Hong Kong: +852 30 114 683
Taiwan: +886 2 2162 1992
Or email: ssl_sales_au@symantec.com
ssl_sales_asia@symantec.com

Symantec
Symantec Website Security Solutions Pty Ltd
3/437 St Kilda Road, Melbourne,
3004, ABN: 88 088 021 603

No part of the contents of this white paper may be

reproduced or transmitted in any form or by any means
without the written permission of the publisher.
Copyright 2014 Symantec Corporation. All rights
reserved. Symantec, the Symantec Logo, the Checkmark
Circle Logo and the Norton Secured Logo are trademarks
or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names
may be trademarks of their respective owners.

Symantec Guide: 5 ways to increase online sales by building customer trust