OTA Publishes 2010 Online Safety Honor Roll Citing Adoption of Consumer Protection Best Practices

8% of the Leading Companies Make the Grade

Washington, DC – April 22, 2010 – The majority of consumer websites remain vulnerable to online fraud, even as growing numbers of businesses deploy online safety measures, according to a new survey announced today by the Online Trust Alliance.

The annual survey of best practices to help protect consumers from the onslaught of forged email, phishing sites and malware found of the 1,200 companies analyzed, only 113 qualified to be named to the OTA Online Safety 2010 Honor Roll. The survey examined 1,200 domains and analyzed 500 million email messages purporting to come from the Fortune 500, Internet Retail 500, top 100 financial Institutions in North America and consumer facing federal government web sites. Sites were evaluated based on their usage of email authentication standards and Extended Validation SSL Certificates (EV SSL) and the presence of malware.

While 92% of the companies failed to adopt these best practices, 14% Internet Retail 500, 13% of the top 100 financial institutions and 6% of the Fortune 500 passed. Only 3% of the top consumer facing government sites made the grade, while 29% of OTA members walked the talk, demonstrating their commitment and leadership to locking out online fraud.

“Security has always been a top priority for PayPal, and we appreciate OTA's acknowledgement of our efforts to provide millions of customers around the world with a safer online payment service," said Michael Barrett, chief information security officer of PayPal. “We support OTA's efforts to drive industry adoption of standards that make the Internet safer for consumers and look forward to continued collaboration."

2010 Honor Roll Report

Appendix & Honor Roll Company Listing

Highlights:

8% (113 companies) earned entry into the OTA 2010 Online Safety Honor Roll, for their adoption of EV SSL Certificates, one or more forms of email authentication and successful scan for malware.

Over 26% of the Internet Retail 500 and top 100 financial services companies have adopted EV SSL certificates.

Worldwide growth of EV SSL certificates has exceeded 90%, growing to 23,000 deployments.

26% of leading financial institutions (FIs) have adopted EV SSL, and 51% adopted email authentication, a growth of 13% in one year, yet only 13% have adopted both recommendations.

OTA members lead in embracing best practices with over 98% adopting email authentication and nearly 32% adopting EV SSL.

14% of the Internet Retail 500 and 13% of the Top 100 FIs have adopted both email authentication and EV SSL certificates.

The largest retailers and businesses continue to show the highest level of adoption of email authentication with 76% of the Internet Retail 100 and 54% of the IR 500.

Government agencies adoption of email authentication remains stagnant at 32%, while over 60% of their sites and/or email have been spoofed in the past four months.

“While major corporations, banks, governmental agencies and industry working groups talk about best practices, the majority are failing to adopt, risking demands for added regulations,” said Craig Spiezle, Executive Director and President of the OTA.

OTA has recognized several “North Stars,” organizations demonstrating commitment to best practices, industry collaboration and consumer education. Leaders include Apple Computer, Cisco Systems, Microsoft, Internal Revenue Service, Social Security Administration, Charles Schwab, Bank of America, eBay, Microsoft and PayPal.

“These organizations are to be commended for their security and privacy leadership and commitment to self-regulations, helping drive others to do the same,” Mr. Spiezle said. “Not only do their consumers benefit, but so do their employees and stockholders.”

OTA is calling on all consumer financial institutions, commerce sites and consumer facing governmental agencies to implement EV SSL certificates, email authentication and complete daily site scans for malware and vulnerabilities by September 1, 2010. It the belief those brands who do so, will increase consumer protection and trust while demonstrating a commitment to self regulation.

Updates to this report will be shared at the Online Trust & Cybersecurity Forum at Georgetown University on September 22-24, 2010.

https://otalliance.org/dc.html

* Percentage adjusted for companies who are on one or more list.