OTA Publishes 2010 Online Safety Honor Roll
Citing Adoption of Consumer Protection Best Practices
8% of the Leading
Companies Make the Grade
Washington, DC – April 22, 2010 – The majority of consumer websites
remain vulnerable to online fraud, even as growing numbers of businesses
deploy online safety measures, according to a new survey announced today by
the Online Trust Alliance.
The annual survey of best practices to help protect consumers from the
onslaught of forged email, phishing sites and malware found of the 1,200
companies analyzed, only 113 qualified to be named to the OTA Online Safety
2010 Honor Roll. The survey examined 1,200 domains and analyzed 500 million
email messages purporting to come from the Fortune 500, Internet Retail 500,
top 100 financial Institutions in North America and consumer facing federal
government web sites. Sites were evaluated based on their usage of email
authentication standards and Extended Validation SSL Certificates (EV SSL)
and the presence of malware.
While 92% of the companies failed to adopt these best practices, 14%
Internet Retail 500, 13% of the top 100 financial institutions and 6% of the
Fortune 500 passed. Only 3% of the top consumer facing government sites
made the grade, while 29% of OTA members walked the talk, demonstrating
their commitment and leadership to locking out online fraud.
“Security has always been a top priority for PayPal, and we appreciate OTA's
acknowledgement of our efforts to provide millions of customers around the
world with a safer online payment service," said Michael Barrett, chief
information security officer of PayPal. “We support OTA's efforts to drive
industry adoption of standards that make the Internet safer for consumers
and look forward to continued collaboration."
Honor Roll Report
Appendix & Honor
Roll Company Listing
8% (113 companies) earned entry into the OTA 2010
Online Safety Honor Roll, for their adoption of EV SSL Certificates, one
or more forms of email authentication and successful scan for malware.
Over 26% of the Internet Retail 500 and top 100
financial services companies have adopted EV SSL certificates.
Worldwide growth of EV SSL certificates has exceeded
90%, growing to 23,000 deployments.
26% of leading financial institutions (FIs) have
adopted EV SSL, and 51% adopted email authentication, a growth of 13% in
one year, yet only 13% have adopted both recommendations.
OTA members lead in embracing best practices with
over 98% adopting email authentication and nearly 32% adopting EV SSL.
14% of the Internet Retail 500 and 13% of the Top 100
FIs have adopted both email authentication and EV SSL certificates.
The largest retailers and businesses continue
to show the highest level of adoption of email authentication with 76%
of the Internet Retail 100 and 54% of the IR 500.
Government agencies adoption of email authentication
remains stagnant at 32%, while over 60% of their sites and/or email have
been spoofed in the past four months.
“While major corporations, banks, governmental agencies
and industry working groups talk about best practices, the majority are
failing to adopt, risking demands for added regulations,” said Craig
Spiezle, Executive Director and President of the OTA.
OTA has recognized several “North Stars,” organizations
demonstrating commitment to best practices, industry collaboration and
consumer education. Leaders include Apple Computer, Cisco Systems,
Microsoft, Internal Revenue Service, Social Security Administration, Charles
Schwab, Bank of America, eBay, Microsoft and PayPal.
“These organizations are to be commended for their
security and privacy leadership and commitment to self-regulations, helping
drive others to do the same,” Mr. Spiezle said. “Not only do their
consumers benefit, but so do their employees and stockholders.”
OTA is calling on all consumer financial institutions,
commerce sites and consumer facing governmental agencies to implement EV SSL
certificates, email authentication and complete daily site scans for malware
and vulnerabilities by September 1, 2010. It the belief those brands who do
so, will increase consumer protection and trust while demonstrating a
commitment to self regulation.
Updates to this report will be shared at the Online Trust
& Cybersecurity Forum at Georgetown University on September 22-24, 2010.
* Percentage adjusted for companies who are on one or
About The Online Trust Alliance (OTA)
OTA’s mission is to create
an online trust community, promoting business practices and technologies to
enhance consumer trust and the vitality of interactive marketing, ecommerce,
governmental and online financial services. Through its member companies
and organization affiliates, OTA represents over one million businesses and
500 million users worldwide with regional chapters in Asia Pacific, Canada
and Europe. OTA is governed by a Board and Steering Committee including:
Adperio, BoxSentry, DigiCert, Epsilon, Internet Identity,
Intersections, Lashback, Cisco Systems, MarkMonitor, Message Systems,
Microsoft Corporation, McAfee, Publishers Clearing House, Return Path,
Secunia, Symantec Corporation, TRUSTe and VeriSign.
For media-related inquiries contact:
Online Trust Alliance (OTA)