June 7 , 2011
74 percent of websites fail to protect customers from malicious email
Three in 10 online Canadians now own a smartphone
The Online Trust Alliance’s (OTA) 2011 Online Safety Honour Roll has recognized 26 percent of the top public and private websites and government agencies for their adoption of key technologies to help protect users’ privacy and identity from abuse.
OTA Honour Roll criteria include implementation of email authentication, Extended Validation SSL Certificates (EV SSL), and testing for malware and known site vulnerabilities. In addition, federal government sites were evaluated for their support of DNSSEC. While the number honoured in 2011 represents a promising three-fold increase from this time last year, 74 percent of the top websites analyzed did not qualify and remain vulnerable to the increased levels of cybercrime and online fraud.
The OTA’s third annual survey examined 1,112 domains, their published DNS records, and over 500 million email messages purporting to come from them. The survey, which includes evaluation of best practices to help protect consumers from forged email, phishing sites, and malware, found that of the companies analyzed, only 26 percent (289) qualified to be named to the 2011 OTA Online Safety Honour Roll. This compares favorably to 8 percent which qualified in 2010.
The FDIC 100 led all surveyed sectors with nearly 27 percent making the Honour Roll, followed by 24 percent of the Fortune 500 and 22 percent of the Internet Retail 500. Unfortunately, only 12 percent of the measured federal government sites made the grade.
OTA’s criteria are acknowledged as industry best practices and effectively support President Obama’s National Strategy for Trusted Identities in Cyberspace (NSTIC). Combined, they serve as the foundation for several related cyber-security, interactive marketing, and identity protection initiatives.
“Domain level email authentication is a potent weapon in the fight against spam and phishing attacks. But, for it to work, legitimate emailers must authenticate the messages they send and receiving domains must refuse delivery of unauthenticated messages,” according to David Vladeck, Director of the FTC’s Bureau of Consumer Protection.
Across all surveyed sectors, more than 56 percent have adopted either Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM), two proven standards to help identify and block deceptive email. Recognizing the business value of email authentication, adoption has been led by 92 percent of the top social media sites, followed by 84 percent of the Internet Retail 100, and nearly 59 percent of the largest FDIC banks. Comparatively, only 38 percent of leading government sites have adopted email authentication, reflecting an 18.8 percent increase over 2010.
“We applaud OTA’s efforts to drive adoption of standards-based security best practices and we are Honoured to be recognized for our leadership in customer protection,” said Michael Barrett, CISO and VP Information Risk Management at PayPal. “We encourage other industry stakeholders to join us in deploying these solutions for the sake of our mutual customers’ safety, and the vitality of our ecosystem. The time is now.”
“While the level of adoption is failing to adequately protect consumers, the commitment and growth within the public and private sectors is encouraging,” said Craig Spiezle, Executive Director of the Online Trust Alliance. “Government and business leaders need to commit to these guidelines to help prevent a consumer trust meltdown and protect the vitality of the U.S. economy.”
- Almost 26 percent (289 companies) earned entry into the OTA 2011 Online Safety Honour Roll, for their adoption of EV SSL Certificates, and one or more forms of email authentication.
- The Honour Roll achievement was as high as 26.7 percent of the FDIC 100 and 24.6 percent of the Fortune 500. Only 12 percent of top federal government sites qualified.
- Email authentication adoption has passed the tipping point, with more than 56 percent adopting either SPF or DKIM on one or more of their domains or subdomains.
- EV SSL is nearing 45 percent adoption across top retail and banking sites, reflecting a year-to-year increase of over 78 percent. Across all segments, adoption increased 68 percent.