Three out of four online retailers and top-100 U.S. banks are failing to adopt online security and privacy best practices, but there are improvements year over year – perhaps not enough to make us feel comfortable, though.
The Online Trust Alliance (OTA) recently released its 2013 Online Trust Honor Roll report, which reveals the top-scoring websites recognized for excellence in privacy, security and consumer protection. Its comprehensive audits reviewed more than 750 domains and privacy policies, 10,000-plus Web pages and over 500 million emails associated with the Internet Retailer 500 (IR500), Federal Deposit Insurance Corporation (FDIC 100), and Top 50 Social and Federal Government sites.
Only 32 percent of the companies audited made the Honor Roll. Twitter had the top-overall composite score and American Greetings achieved the number one ranking of all Internet retailers. American Greetings, Amazon, Big Fish Games, Bike Bandit, Books-A-Million, iHerb, JackThreads, Levenger Co., LivingSocial, Netflix, Ralph Lauren and Rock Auto qualified for the top-10 e-commerce sites (two sites tied for two rankings are included in the top 10).
Key findings of the 2013 Online Trust Honor Roll include:
• Though 26 percent of the Internet Retailer 500 made the Honor Roll, a slight improvement over 2012, 53 percent are still failing to achieve passing scores in one or more categories, unnecessarily exposing users to security, privacy and social engineering threats.
• FDIC member banks demonstrated significant improvements over last year with 25 percent making the Honor Roll. Of those that did not qualify, 71 percent received failing grades in one or more categories, largely attributed to inadequate email and domain protection or outdated privacy policies with inconsistencies observed between their written policy and actual data collection observed.
• The banking sector led in the adoption of Extended Validation SSL (EV SSL) certificates, at 60 percent, while overall worldwide growth of EV SSL certificates grew 28 percent over 2012.
• Top U.S. Government (Federal 50) sites made improvements across all sectors; achieving 88 percent support of DNSSEC, yet significantly lagged in helping protect consumers from forged and deceptive email and securing their sites from known vulnerabilities. Only 20 percent adopted both SPF and DKIM and one third received failing grades for their SSL server security.
• Adoption of email authentication to counter forged and malicious email experienced double-digit growth across three of the four segments with IR100 adoption of both SPF and DKIM jumping 20 percent to 76 percent.
• Privacy scores climbed in all categories representing the importance of transparency for data collection and controls on sharing with third parties. OTA member companies led all segments with an average of 83.7 percent increasing five points over 2012.
OTA will host an online briefing on Wednesday, June 12 at 10-11:30 a.m. PDT. To attend, register at: https://www1.gotomeeting.com/register/557281512