Ad Integrity & Fraud l
I Site & SSL
Mobile App Privacy & Security Best Practices -
March 26, 2014
OTA Glossary - March 4, 2014
New Account Risk Evaluation Framework for Email, Hosters & Cloud
Service Providers - October 1, 2013
Framework (Recorded webinar members
only) - October 3, 2013
Anti-Malvertising & Advertising Fraud Risk Evaluation Framework
- October 1, 2013
Anti-Botnet Remediation Best Practices
- October 1, 2013
developed by OTA and OTA member companies to enhance business and consumer
protection from cybercrimes and deceptive business practices including
identity theft, spam, phishing, privacy exploits and account
Malvertising is the cybercriminal practice of injecting malware into
ads that are served on websites. A malvertisement is a malicious or
deceptive advertisement that exhibits behavior including, but not limited
to, conducting a drive-by-download, delivering deceptive downloads such as
fake anti-virus pop-ups, and/or redirecting the user to sites that a user
has not elected to visit.
Anti-Botnet - OTA
is working with key stakeholders in the public and private sectors to
address the threats resulting from bots.
The strategy is to focus on a holistic view, including prevention,
detection and remediation. OTA
efforts encompass working with law enforcement, ISPs and web site hosting
companies in take-down efforts, promoting best practices to reduce the
distribution of bots and aiding users to reduce the vulnerability attack
Always On SSL -
Always On SSL (AOSSL) is a proven, practical security measure that should be
implemented on all websites where users share or view sensitive information
including banking, commerce sites and personal communications.
Data Breach Response - All businesses should create an
incident response plan and be prepared for the likelihood that they will
experience a breach or data loss in the future.
A well-designed plan is emerging as a key part of regulatory
compliance, demonstrating that a firm or organization is willing to take
reasonable steps to protect data (and the consumer) from abuse.
Email Security & Integrity - Email Authentication helps to
detect spoofed and forged email and controls the rising tide of spam and
forged email. These efforts ultimately produced two key email authentication
technologies: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM),
each of which received RFC status from the Internet Engineering Task Force (IETF).
In addition this initiative includes the recently announced Domain-based
Message Authentication, Reporting & Conformance (DMARC) draft specification.
Extended Validation SSL Certificates - (EVSSL) An added
barrier and tool to help combat deceptive and illicit businesses, providing
differentiation and recognition for holders of EV Certificates. EV
certificates represent a standard now adopted worldwide by all leading
browsers. It is recommended that web sites which conduct online transactions
and use log-on credentials evaluate EV certificates as part of their
security and brand protection strategy.
Messaging Ecosystem Security - As cybercriminals have
targeted businesses with increasing malice and precision, interactive
marketers, their service providers, and others in the messaging ecosystem
need to recognize their valuable data assets are at risk.
To help combat these threats, the OTA has created the "Security by
Design Framework" and its recommended practices are intended to provide a
basis for immediate action.
©2014. All rights reserved. Online Trust