Re:booted: an SSL journey

Whitepaper Report Published October 2012

In the tradition of a Harvard Business School case study, we created a fictional company that uses real Symantec technology to tell the story of how SSL technology can help a start-up build its business online.

Today, in 2014, when people think of Re:booted, they think of custom trainers, Says Becky Haas, founder of the bespoke shoes company she
started in 2012

but when we think about it inside the business, we think of the web site. Its our brand, our shop front, our customer service and our income stream. Re:booted is our web site.
The company has just broken through the 2m barrier in revenue and continues its profitable growth. The self-described love child of Nike and Savile Row has changed the way people think about footwear with its combination of user-created designs, high-fashion credibility and made-in-Britain respectability.

Humble beginnings
But how did it get started? In her final year project at London College of Fashion, Becky created a range of trainers by upcycling her old trainers, sewing in sections from box-fresh pairs and layering high-end fabrics and other materials (including expensive metal wire mesh used in spacesuit gloves). The result was frankentrainers but they made a splash and so, after leaving the college, she started making them to order for fashionistas and friends.

Imagine Etsy meets Nike, says Becky.

Called Re:booted, the business proved popular and word spread. At this point, in 2011, she decided to turn a profitable hobby into a real business and set about creating a simple web site to showcase her previous designs and promote the business. A college friend built her a simple gallery site. But when phone calls and emails started coming in from complete strangers and new customers, she began to see the business as a potential money-spinner and the web site as a powerful marketing tool.

Bespoke design
Initially, Becky opened a shop to sell her designs.

It was important for credibility in our market, explains Becky, but it was the web site that really exploded for us. It was unexpected, scary and exciting at the same time.
She read other fashion and tailoring blogs and decided to start her own and, as a twenty-something digital native, she also went all out on Facebook, Twitter and Pinterest. Social media marketing brought more customers and more people visited her web site and signed up for her newsletter. As her site became more popular she hired a professional firm of web designers to develop it.

Becky became concerned about security and trust when a rival site was hacked and disappeared from search engines for a few weeks.

In my business, its all about the relationship between the designer and the customer, she says, I cant afford to risk their trust.

The danger of infected websites

Symantec security researchers find nearly 10,000 infected web sites every day and nearly two-thirds (61%) are actually legitimate sites that have been compromised and infected with malicious code by internet criminals1. Businesses with infected websites run the risk of being blacklisted by search engines.

For example, Google blocks 6,000 sites a day2

Figure 1

Average Number of Malicious Web Sites Identified per Day, 2011

10,000 8,000 2011 2010 6,000 4,000 2,000 2010 2011

9,314

6,051

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

The risk of infection means that all web site owners have to be on their guard and protect their web sites in the same way that they keep their own PCs up to date and scan them regularly for malware. Symantecs Web Site Malware Scanning scans customers web sites every day and warns site owners directly if theres a problem. Its part of the service if you choose Symantec SSL Certificates.

Symantecs Web Site Malware Scanning scans customers web sites every day and warns site owners directly if theres a problem.
Symantec Internet Security Threat Report (ISTR), Volume 17 http://mobile.businessweek.com/articles/2012-05-07/protect-your-companys-website-from-malware

1 2

Mass customisation
At the beginning of 2013, Re:booted launched the third generation of their web site funded by an oversubscribed crowdfunding campaign. Now customers could design and order their own shoes online. The web site company built a tool that lets people pick one of a range of trainer templates and then personalise it completely using a range of materials and template designs chosen by Becky.

At this point, the company decided to offer shoes for sale over the internet so that customers could specify their own designs, pay for them online and get them delivered by post. Initially, Re:booted decided to use a third-party checkout and payment portal rather than store and process credit card data. This meant that the company needed an SSL certificate for the areas on the site where customers entered personal information, such as name and address for deliveries or email addresses for newsletters. The company was getting more and more traffic from search engines, especially as it began to attract more attention and good PR. Thanks to its Symantec SSL Certificate, Re:booted benefitted from Symantec Seal-in-Search.

Its like a little seal of approval right there in the search results it shows that were the real deal and that customers can trust us, says Becky.

Increasing sales by building trust

The Norton Secured Seal shows customers that you value their trust and that your site is secure because it has been scanned weekly for malware and vulnerabilities. This extra confidence is good for business and the Norton Secured Seal is the most recognised trust mark on the Internet3 and 94% of respondents are more likely to continue an online purchase when they see it4 . Companies can further increase customers trust and confidence with Symantec Seal-in-Search, which displays the widely-recognised Norton Secured Seal trust mark in web search results. Both Seal-in-Search and the Norton Secured Seal are included with Symantec SSL Certificates.

When the company was about to launch the new site, they took advantage of the free vulnerability assessment that comes with the Symantec SSL Certificate they had.

We were really lucky, because the assessment spotted a few potential problems with the site that hackers could have exploited, says Becky.
The problems turned out to be easy to fix but if they had been left open, these vulnerabilities could have allowed hackers to compromise the site.

Our motto is Designed by you, handmade in Chelsea, says Becky, but it wouldnt be a viable business without the web site.
Going online gives the company access to a global marketplace and generates enough business to allow the company to grow quickly and profitably.

International Online Consumer Research: U.S., Germany, U.K. July 2012 Symantec U.S. Online Consumer Study, February 2011

Building customer trust

As the role of the web site grew to include ecommerce, so did the importance of trust and confidence. The company made this a top priority and Re:booteds designers took further steps to ensure that the site was secure. The company also decided to implement its own payment page and get a merchant account to process credit card information themselves, rather than relying on a third party. This reduced the commission they paid but increased the need for higher levels of security and trust. They choose to upgrade their Symantec SSL Certificate to use Extended Validation. As a result there was a noticeable uptick in sales and a reduction in abandoned carts5 .

EV was a smart move in terms of orders, says Becky, but the message it sends to customers about our commitment to their security is even more important.
They also recommended Always-on SSL using Symantec Secure Site Pro SSL Certificates.

Its what Facebook and LinkedIn do and if its right for them, its right for us, says Becky.

Site-wide encryption also known as Always On SSL

A recent report by the Online Trust Alliance6 highlights a number of serious security risks, including session hijacking that can put users privacy at risk on unencrypted websites. These risks have led leading companies, including Google, Facebook and LinkedIn, to encrypt every page on their website from first sign-in to logout. This is known as site-wide encryption or Always On SSL. According to Google researchers7, it added less than 10KB or memory and less than two percent of network overhead a very small price to pay for increased protection and user confidence.

Although this is a fictional case study, there is strong evidence that EV SSL Certificates mean that most shoppers feel more secure,

are more likely to enter their credit card and are less likely to abandon a purchase, according to a Symantec Online Consumer Study (UK, France, Germany, Benelux, US and Australia) conducted in January 2011
6 7

Protecting Your Website with Always On SSL, OTA, May 2012 Ibid

The business value of Extended Validation

An Extended Validation (EV) SSL Certificate gives customers more confidence that they are using a trusted web site that will protect their privacy. It displays a green background in the address bar as a strong visual signal of trust and it also confirms the identity of the company behind the website. This level of trust has direct business benefits. Online shoppers are more likely to enter their credit card and/or other confidential financial information into a website with the SSL EV green bar8. EV SSL Certificates require rigorous authentication to verify the identity of the site owner, including third party checks to verify the existence of the organisation through trusted third parties and verification of the identity and authority of the contact given in the EV SSL order.

Get the green address bar

Security status bar toggles between your organisation name and the certificate authority that performed your extended validation authentication The green address bar shows the name of the business verified to use this website address and means that this web page is secure

The certificates were a small part of the overall web site budget and, on the advice of her developers,

We wanted the extra security and trust features that come with a Symantec certificate, says Becky.
In addition, she had also read about the hacker attacks on other Certificate Authorities and felt reassured by Symantecs reputation and track record.

Symantec Online Consumer Study (UK, France, Germany, Benelux, US and Australia) conducted in January 2011

Not all Certificate Authorities are the same

Over the past couple of years, Certificate Authorities have come under attack by hackers and several have been compromised. This is why it is important to choose a CA that has the resources to protect itself and a track record of high security.

Symantec is the market leader in SSL certificates9.

Back to the future We think the Re:booted model can apply to other fashion and clothing lines, says Becky
but she remains tight-lipped about the details. Overseas expansion is also definitely on the cards. As the company grows, it faces new challenges. While many entrepreneurs would call them luxury problems, the company will have to deal with an ever-growing online presence with multiple sites in multiple languages and an increasingly competitive marketplace. Beckys not nervous.

Weve made smart moves to get here and well just have to keep doing that. The next couple of years are going to be very exciting!

Netcraft SSL Survey, 1/2012, shows market share at 65.6%, including Symantec subsidiaries, resellers and affiliates

To speak with a Product Specialist 0800 56 29 24 or +41 22 54 50 288 Symantec Switzerland AG Andreasstrasse 15, 8050 Zurich, Switzerland