For the fifth year in a row, ZEDO and its subsidiary ZINC have made the Online Trust Alliance Honor Roll. The Online Trust Alliance (OTA), is an Internet Society initiative with the mission to promote best practices for online trust. The 2017 Online Trust Audit & Honor Roll – is the de facto standard for recognizing excellence in online consumer protection, data security and responsible privacy practices.
“Data is the ‘oil’ of the Internet economy. It is fueling innovation, growth and revenue. At the same time, if abused there is a risk of data spills, negatively impacting user expectations and ultimately the Internet at-large,” said OTA Founder and Chairman Emeritus, Craig Spiezle. “The OTA Trust Audit & Honor Roll underscores the urgency to embrace responsible security and privacy practices. Failure risks a long-term impact to the Internet.”
OTA observed the emergence of an alarming three-year trend: sites either qualify for the Honor Roll or fail the Audit. In other words, sites increasingly either take privacy and security seriously and do well in the Audit, or lag the industry significantly in one or more critical areas.
Although ZEDO is not a consumer-facing site, we participate in the Audit to be sure we’re doing the best we can do for our customers and partners. If you read the press release notes, you will find that if ZEDO were an actual consumer-facing site, it would be among the top 50 in security and privacy protection. Ironically, the banking community scores lowest in best security practices.
“Despite ratcheting up the criteria needed to qualify for the 2017 Honor Roll, it was encouraging to see the highest percentage of recipients since OTA began the Trust Audit nine years ago,” said Spiezle. “While OTA congratulates all Honor Roll recipients, many others have a long way to go to ensuring and embracing acceptable security and privacy practices.”
From best to worst performing industries:
- Consumer Services: This industry was again the best performing with 76 percent making the Honor Roll this year. This segment accounted for 26 of the top 50 consumer-facing sites (52 percent).
- Internet Retailers: Fifty-one percent of the top 500 Internet retailers made the Honor Roll, a significant improvement over last year’s score of 44 percent. This segment accounted for 10 of the top 50 consumer-facing sites (20 percent).
- News & Media: Forty-eight percent of news and media sites made the Honor Roll this year, the most significant improvement over the previous year across all industries. In 2016, media and news sites were the worst performing sector with only 23 percent making the Honor Roll. This segment accounted for three of the top consumer-facing 50 sites (6 percent).
- ISPs, Carriers, Hosters & Email Providers: Forty-six percent of companies in this new 2017 category made the Honor Roll. This segment accounted for seven of the top 50 consumer-facing sites (14 percent).
- Government: Thirty-nine percent of audited U.S. federal government sites made the Honor Roll. This was a significant decrease from 46 percent in 2016. 60 percent received failing grades
- FDIC 100 Banks: The percent of FDIC 100 banks making the Honor Roll saw the biggest drop in 2017, going from 55 percent in 2016 to 27 percent. This sector had shown consistent, significant improvement in their Honor Roll score up to 2016 before plummeting this year predominantly due to increased breaches, low privacy scores and low levels of email authentication. 65 percent received failing grades.
“OTA’s Audit continues to drive awareness and recognition about the importance of responsible data security and ethical privacy practices,” said Internet Society Chief Internet Technology Officer, Olaf Kolkman. “The increase in sites embracing end-to-end encryption shows it is becoming the norm for site traffic.”
To qualify for Honor Roll status, a website must receive a composite score of 80 percent or better and a score of at least 60 percent in three categories: 1) domain, brand and consumer protection, 2) site security and resiliency and 3) data protection, privacy and transparency. Failing any one category automatically caused a site to fail overall. OTA expanded the 2017 methodology with additional criteria, telemetry and data fidelity addressing today’s security threat and privacy landscape. OTA analyzed websites between mid-April and the end of May 2017. It estimates that it analyzed more than 500 million email headers and approximately 100,000 web pages.
The 2017 report was funded in part by grants from Symantec and Verisign. Data providers included Agari, DigiCert, Disconnect, Distil Networks, Ensighten, High-Tech Bridge, Infoblox, Malwarebytes, Microsoft, Risk Based Security, SecurityScorecard, SiteLock, Qualys SSL Labs, Symantec, ValiMail and Verisign.
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users’ security, privacy and identity. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship. Its members and supporters include leaders spanning the public policy, technology, ecommerce, social networking, mobile, email and interactive marketing, financial, service provider, government agency and industry organization sectors.