-
Symantec Guide:5 ways to increase online salesby building
customer trust
101101001011010010110100100010100101101001011100100001001011
01001010100001101010101100101101111111111000
0010100101100100101101011010010
0010100101101000010010000100101101001010100001101010101010010110
111111111100000101001011010010100101101001011010010110100101101001
00010100101101001011101001010010000100101101001010100001101010101010
01011
01111111111000001010010110100101001011010010110100101101001011010010001010010110100101110100101101010010010000
5
$
0101101
-
5$
2 I Symantec Corporation Symantec Guide: 5 ways to increase
online sales by building customer trust
Contents
5 ways to increase online sales by building customer trust
Introduction 3
Preventing third-parties from viewing communications 4
Mitigating the risk of customer data exposure 5
Providing SSL on all web-accessible servers 5
Demonstrating validated identity 6
Use SSL certificates from a security leader 7
Build trust 7
-
5$
3 I Symantec Corporation Symantec Guide: 5 ways to increase
online sales by building customer trust
5 ways to increase online sales by building customer trust
With consumers facing a steady stream of news reports about
corporate data
breaches, major retailers hacked for credit card information,
nation state sponsored
cyber attacks, and the Heartbleed Bug vulnerability in OpenSSL
it is understandable
if they are hesitant about online commerce.
Fortunately, businesses have an opportunity to build trust with
potential customers by demonstrating a clear understanding
of customers privacy concerns and implementing controls to
protect customer data. There are key ways businesses can
use Secure Sockets Layer (SSL) certificates to build trust with
consumers.
There is a clear need for security controls that protect
customer data, particularly the need for end-to-end encryption
of
communications over the Internet. In addition to implementing
security controls, it is best to provide clear indications that
those controls are in place. SSL technologies form the
foundation of five key practices that implement security
controls
and provide evidence that such controls are active.
The five recommended practices are:
1 Preventing third parties from viewing communications2
Mitigating the risk of customer data exposure3 Providing SSL on all
Web-accessible servers4 Demonstrating validated identity5 Using SSL
certificates from a security leader
Together, these five practices demonstrate a commitment to
protect your
customers data and help to establish the trust necessary for
online
communications and commerce.
-
5$
4 I Symantec Corporation Symantec Guide: 5 ways to increase
online sales by building customer trust
Preventing third parties from viewing communications
To prevent others from monitoring communications, it is
important
to encrypt any data transferred between browsers and Web
servers
and from servers to servers. If someone were able to intercept
traffic
between your customers and one of your servers, all they
would
have is apparently random text.
For example, an email message with the text:
The last draft of the strategic plan is attached. Do not
circulate.
Appears as:
SSL certificates enable encryption with no effort on the
part of the customer. Support for SSL is ubiquitous in
modern browsers, making support among customer
browsers widely available.
M0niJp2vfKd0ikGzGZW+fTwiH0DHakfhlpOcIwZ
Scr5LnTZbDe/hckFRS6x9jaNWS3+ZAICYzPk0ESRZTryIt6zfwjxMdu9XQ9Imsq6TP6TO6yQE5F/GnYjjCJQ3vfYQk92/VmdR0vMPZhKC7ZvTgLhZzDySxUHGCUZYGhSk6F6c2bMLDkp9GoPPoG7Ig9Z9ig8OEg/4CuNmxIpCG/Vec6kISRhl4AJdUrZf+i1Z2H2vmFXti40gwJpwu7YgRPG2qPkh6+7txWt8l3CVriofLW9YgAHDtxfQC4J53Q/sMz0URPT0or6hGw1hagrLd9SJfYxeYnQqLIPgoIYw7mU4Z22Fjb+houBcXxyHgHrQ4vMLTaX8TzJB0hzO1OWHB/1toHbPV4b4TTqkK3k0gMN/sUFTTLxPqDSX+wIIIoRZ0hE8h4QVF25PIar58fPO8/PqUSugfpSDMY9bQgQA==
STEP 1
-
5$
5 I Symantec Corporation Symantec Guide: 5 ways to increase
online sales by building customer trust
Mitigating the risk of customer data exposure In addition to
encrypting data as it is transmitted from your servers
to your customers browsers, private and confidential data at
rest in
your data center requires encryption.
The motivation for encrypting data at rest is that attackers
might be able to breach other security defenses and access
your servers. If that occurs, attackers might have access to
private and confidential data. If the data is encrypted, it will
be
of no use to attackers.
When using encryption, it is important to minimize the risk that
if one encrypted message or file is compromised, the risk
is increased that other messages might also be compromised. To
address this concern, an important feature of key
generation software is perfect forward secrecy. Perfect forward
secrecy is available in an encryption system when random
public keys are generated on a per session basis and uses non
deterministic algorithms to compute those keys. Consider
using encryption systems that support perfect forward
secrecy.
Providing SSL on all web accessible servers IT departments are
dynamic. Server configurations
change, networks are reconfigured, and devices
are added and removed from the network.
In addition, virtualization and cloud computing make it a simple
matter
to instantiate or destroy virtual machines. One way to help
ensure the
authenticity of servers within your organization is to ensure
all servers
within a domain are protected with SSL certificates
STEP 2
STEP 3
-
5$
6 I Symantec Corporation Symantec Guide: 5 ways to increase
online sales by building customer trust
Demonstrating Validated Identity It is fairly easy for attackers
to create fake Websites that appear
legitimate. This process of spoofing sites can be used to trick
users
into providing login credentials, private information, or
other
information useful to the attackers. To help demonstrate the
validity
of sites, SSL certificate vendors have created a standard for
extended
validation (EV) certificates.
EV certificates require additional authentication steps than
conventional SSL certificates. Some low service SSL certificate
providers might provide certificates as long as there is an
active email address at the same domain as requested in the SSL
certificate application. This security level might be sufficient
for low risk sites, such as personal Websites, but business
sites
should require more stringent authentication procedures.
EV SSL certificates provide clear visual cues to demonstrate the
legitimacy of the site, such as the green bar indicator in a
browser address line. Additional information is available as
well, as Figure 1 illustrates.
Figure 1: Extended validation certificates provide evidence that
the business has demonstrated
more stringent authentication procedures than normally
required
STEP 4
-
5$
7 I Symantec Corporation Symantec Guide: 5 ways to increase
online sales by building customer trust
Use SSL certificates from a security leader SSL certificate
vendors are essentially vouching for
the authenticity of SSL certificate holders.
There is more to providing SSL certificates than simply
generating and
distributing certificates. Vendors must protect their
infrastructure and
certificate information. Unfortunately, some SSL vendors have
been
breached. It is important to use certificates from a vendor with
a known and
respected brand and one that follows the highest authentication
practices.
Build Trust The public is justifiably concerned about privacy
and data
breaches.
Businesses can build trust with customers by deploying
established security controls, including
those based on SSL, and by demonstrating their commitment to
protecting the interests of
their customers. These five practices help to leverage the
benefits of SSL to both establish and
then maintain that trust.
STEP 5
-
5$
8 I Symantec Corporation Symantec Guide: 5 ways to increase
online sales by building customer trust
About Symantec
Symantec Corporation (NASDAQ: SYMC) is an information protection
expert that
helps people, businesses and governments seeking the freedom to
unlock the
opportunities technology brings - anytime, anywhere. Founded in
April 1982,
Symantec, a Fortune 500 company, operating one of the largest
global data-intelligence
networks, has provided leading security, backup and availability
solutions for
where vital information is stored, accessed and shared. The
companys more than
20,000 employees reside in more than 50 countries. Ninety-nine
percent of Fortune
500 companies are Symantec customers. In fiscal 2013, it
recorded revenues of
$6.9 billion. To learn more go to www.symantec.com or connect
with Symantec at: go.symantec.com/socialmedia.
-
For specific country offices and contactnumbers, please visit
our website. For product
information in the AsiaPacific region, call:
Australia: +61 3 9674 5500New Zealand: +64 9 9127 201
Singapore: +65 6622 1638Hong Kong: +852 30 114 683
Taiwan: +886 2 2162 1992Or email: [email protected]
[email protected]
SymantecSymantec Website Security Solutions Pty Ltd
3/437 St Kilda Road, Melbourne,3004, ABN: 88 088 021 603
Symantec Guide: 5 ways to increase online sales by building
customer trust
No part of the contents of this white paper may be
reproduced or transmitted in any form or by any means
without the written permission of the publisher.
Copyright 2014 Symantec Corporation. All rights
reserved. Symantec, the Symantec Logo, the Checkmark
Circle Logo and the Norton Secured Logo are trademarks
or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names
may be trademarks of their respective owners.
Symantec Guide:5 ways to increase online salesby building
customer trust
101101001011010010110100100010100101101001011100100001001011
01001010100001101010101100101101111111111000
0010100101100100101101011010010
0010100101101000010010000100101101001010100001101010101010010110
111111111100000101001011010010100101101001011010010110100101101001
00010100101101001011101001010010000100101101001010100001101010101010
01011
01111111111000001010010110100101001011010010110100101101001011010010001010010110100101110100101101010010010000
5
$
0101101