SEATTLE AND CHICAGO – June 11, 2014 – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust and user empowerment while promoting innovation, announced today the results of its 2014 Online Trust Audit. Out of nearly 800 top consumer websites evaluated, 30.2 percent made the Honor Roll, distinguishing themselves by safeguarding data via best practices in three categories: domain/brand protection, privacy and security. Conversely, a disappointing 69.8 percent didn’t qualify for the Honor Roll with 52.7 percent failing in at least one of the three categories.
“Our 2014 Honor Roll recipients have demonstrated a commitment toward responsible management of sensitive consumer data and privacy,” said OTA Executive Director and President Craig Spiezle. “OTA commends the companies who made this list—but remains concerned about the failures of some of the world’s largest online brands.”
This comprehensive audit underscores the importance of continued monitoring of security and privacy practices and the risks of becoming complacent. As cybercrime escalates, yesterday’s practices may no longer be applicable or meet today’s regulatory or threat landscape.
TOP PERFORMERS
Social networking market leader Twitter topped the Honor Roll for the second consecutive year with the highest overall trustworthiness score. Of all sectors analyzed, the “Social 50”—comprised of social networking, gaming and dating websites—outpaced all others in terms of average score and percentage of companies on the Honor Roll (50 percent).
“Twitter is honored to again receive the top overall award for the highest score on the OTA Honor Roll. It has become increasingly clear over the past year that companies need to be even more vigilant in applying security and encryption technologies like always-on-SSL, forward secrecy, and DMARC in order to protect their users, and we’re glad to partner with organizations like the OTA to raise the security and privacy bar,” said Bob Lord, Director of Information Security at Twitter.
American Greetings scored best among the Internet Retailer 500, a strong testimony of its management’s commitment to collaboration and data sharing. The 2014 top 10 most trustworthy online retailers (11 due to a tie) are:
1. American Greetings
2. Netflix
3. Christian Book Distributors
4. Sony Electronics
5. Ancestry.com
6. Big Fish
7. Walmart
8. Newegg
9. Books-A-Million
10. JackThreads
10. Zulily (Tied)
“Data security and respecting consumer privacy are guiding principles for American Greetings, said Joseph Yanoska, Executive Director, Interactive Operations at American Greetings. “Trust is the foundation of our businesses and we are honored to be ranked number one among all ecommerce sites worldwide. We share OTA’s vision on the importance of collaboration, consumer choice, stewardship and self-regulation.”
“These companies represent a broad spectrum, ranging from the fourth highest revenue earner among retailers to the 476th highest,” said Spiezle. “This validates that the Honor Roll is achievable by retailers of all sizes and that the criteria is not onerous or costly to achieve.”
The 30.2 percent success rate among all evaluated websites constitutes a drop-off from 32.2 percent in 2013. This decline is attributed in part due to more stringent security standards, as well as the addition of a new category—the top 50 news and media sites. The online media sector fared poorly in its debut, with only a 4 percent success rate and a 62 percent fail rate. Discounting the news sector, the overall percentage of Honor Roll members across all sectors remained on par with 2013 (32.1 percent).
REPORT HIGHLIGHTS
Internet Retailer 500: Online merchants showed strong growth in email authentication, as 88 percent complied with recommended best practices. However, their privacy policies need improvement, as more than one-third of the sector failed in that regard.
FDIC 100: The banking industry continues to dominate all sectors in adoption of Secure Sockets Layer (SSL), a technology that establishes an encrypted link between web servers and browsers. Nevertheless, banks suffered the highest industry failure rate—65 percent—due to inadequate email authentication support and insufficient and vague privacy policies.
Social 50: Despite sporting the best Honor Roll success rate among industries, the social sector possessed the highest percentage of websites experiencing a data breach within the past year (18 percent).
Federal 50: The top 50 Federal Government websites (not factored into Honor Roll due to lack of privacy data) lag in all aspects of email authentication and SSL. On the bright side, these websites are devoted adopters of DNSSEC, a technology designed to prevent hijacking of the Domain Name System. The Fed 50 boasted a 92 percent implementation rate, reflecting a White House mandate.
News 50: Considering their collection of registration data, many news media sites are not complying with best practices or regulatory requirements. Their low scores are attributed to several issues including third-party data collection, indefinite data retention policies, and failure to encrypt their registration or login screens with SSL, leaving personal data exposed and ripe for abuse.
METHODOLOGY
OTA used a combination of resources, including Alexa, comScore, the FDIC, government rankings and Internet Retailer Magazine’s Internet Retailer 500, to determine which organizations to evaluate. The complete 2014 Audit & Honor Roll report and methodology can be accessed at https://otalliance.org/HonorRoll.
The Online Trust Honor Roll winners will be honored this evening in a ceremony at the Internet Retailer Conference & Exhibition in Chicago. OTA will host a webinar reviewing the data and research on Tuesday, June 17 at 1 p.m. EDT, accessible here: https://otalliance.org/HonorRollBriefing.
About The Online Trust Alliance (OTA): The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. OTA’s goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, meaningful self-regulation and data stewardship. https://otallliance.org