For the second year in a row, social media sites (including gaming and dating sites) are leading the way in consumer security and privacy protections, beating out Internet retailers and banks, according to an annual comprehensive audit by the Online Trust Alliance (OTA).
Even though social sites led the pack in OTA's audit, the general trend for consumer security and privacy protection is good, says Craig Spiezle, president and executive director of OTA. The sites that performed the best in the adoption of 14 industry accepted best practices, open standards and privacy practices, and criteria and best practices advocated by the U.S. Federal Trade Commission (FTC) and the National Institute of Standards and Technology (NIST) were named to OTA's Online Trust Honor Roll.
Thirty-two percent of the companies audited by the OTA qualified for the Honor Roll this year, up from 30 percent last year, even though Spiezle says the criteria were tightened in several areas. Nearly half (121) of the companies that achieved the Honor Roll had also been Honor Roll recipients in last year's audit. However, 47 percent of the companies that made the Honor Roll in 2012 did not qualify for the 2013 Honor Roll.
"The bar has risen significantly," Spiezle says. "We were very pleasantly surprised that the number of audited companies making the honor roll went up from 30 percent to 32 percent. We did not anticipate that."
"Being named to the 2013 Online Trust Honor Roll is a significant achievement," he adds. "The adoption of best practices not only helps to protect customers, it also builds brand integrity, enhances click through and reduces the risk of shopping cart abandonment."
Metrics considered for online trust honor roll
OTA audited more than 750 domains and privacy policies, more than 10,000 web pages and more than 500 million emails associated with the Internet Retailer 500 (IR500), Federal Deposit Insurance Corporation (FDIC 100) and Social 50 and Federal Government 50 sites. OTA identified and evaluated three key areas of competency that Spiezle says are essential to maximizing online trust:
Domain, brand and consumer protection: This area included a review of best practices with regard to email authentication; domain-based message authentication, reporting and conformance (DMARC) and domain locking.
Site, server and infrastructure security: This area included a review of best practices with regard to SSL server configuration, extended validation of SSL certificates (EV SSL), Always-on SSL (AOSSL), 2048-bit key or elliptic curve cryptography (ECC) certificates and domain name system security extension (DNSSEC).
Sign up for CIO Asia eNewsletters.