Editor’s note: The complete 2014 Audit & Honor Roll report and methodology can be accessed here. All quotes come from an OTA press statement. OTA used a combination of resources, including Alexa, comScore, the FDIC, government rankings and Internet Retailer Magazine’s Internet Retailer 500, to determine which organizations to evaluate.
The Online Trust Alliance (OTA), announced the results of its 2014 Online Trust Audit earlier this summer. Out of nearly 800 top consumer Web sites evaluated, 30.2 percent made the Honor Roll, distinguishing themselves by safeguarding data via best practices in three categories: domain/brand protection, privacy and security. Conversely, a disappointing 69.8 percent didn’t qualify for the Honor Roll with 52.7 percent failing in at least one of the three categories.
This comprehensive audit underscores the importance of continued monitoring of security and privacy practices and the risks of becoming complacent. As cybercrime escalates, yesterday’s practices may no longer be applicable or meet today’s regulatory or threat landscape.
Social networking market leader Twitter topped the Honor Roll for the second consecutive year with the highest overall trustworthiness score. Of all sectors analyzed, the “Social 50” – comprised of social networking, gaming and dating Web sites – outpaced all others in terms of average score and percentage of companies on the Honor Roll (50 percent).
“Twitter is honored to again receive the top overall award for the highest score on the OTA Honor Roll. It has become increasingly clear over the past year that companies need to be even more vigilant in applying security and encryption technologies like always-on-SSL, forward secrecy and DMARC in order to protect their users, and we’re glad to partner with organizations like the OTA to raise the security and privacy bar,” said Bob Lord, director of information security at Twitter.
American Greetings scored best among the Internet Retailer 500, a strong testimony of its management’s commitment to collaboration and data sharing. The 2014 top 10 most trustworthy online retailers (11 due to a tie) are:
- American Greetings
- Christian Book Distributors
- Sony Electronics
- Big Fish
- JackThreads and Zulily (Tied)
“Data security and respecting consumer privacy are guiding principles for American Greetings,” said Joseph Yanoska, executive director, interactive operations at American Greetings. “Trust is the foundation of our businesses and we are honored to be ranked number one among all e-commerce sites worldwide. We share OTA’s vision on the importance of collaboration, consumer choice, stewardship and self-regulation.”
The 30.2 percent success rate among all evaluated Web sites constitutes a drop-off from 32.2 percent in 2013. This decline is attributed in part due to more stringent security standards, as well as the addition of a new category – the top 50 news and media sites. The online media sector fared poorly in its debut, with only a 4 percent success rate and a 62 percent fail rate. Discounting the news sector, the overall percentage of Honor Roll members across all sectors remained on par with 2013 (32.1 percent).
Internet Retailer 500: Online merchants showed strong growth in e-mail authentication, as 88 percent complied with recommended best practices. However, their privacy policies need improvement, as more than one-third of the sector failed in that regard.
FDIC 100: The banking industry continues to dominate all sectors in adoption of Secure Sockets Layer (SSL), a technology that establishes an encrypted link between Web servers and browsers. Nevertheless, banks suffered the highest industry failure rate – 65 percent – due to inadequate e-mail authentication support and insufficient and vague privacy policies.
Social 50: Despite sporting the best Honor Roll success rate among industries, the social sector possessed the highest percentage of Web sites experiencing a data breach within the past year (18 percent).
Federal 50: The top 50 Federal Government Web sites (not factored into Honor Roll due to lack of privacy data) lag in all aspects of e-mail authentication and SSL. On the bright side, these Web sites are devoted adopters of DNSSEC, a technology designed to prevent hijacking of the domain name system. The Fed 50 boasted a 92 percent implementation rate, reflecting a White House mandate.
News 50: Considering their collection of registration data, many news media sites are not complying with best practices or regulatory requirements. Their low scores are attributed to several issues including third-party data collection, indefinite data retention policies and failure to encrypt their registration or login screens with SSL, leaving personal data exposed and ripe for abuse.