About Us Membership Resources OTA Members Login

2011 SCORECARD  & HONOR ROLL

 2011 Scorecard & Honor Roll Report (registration required) 

2011 Summary & Honorees PDF    l     Email Authentication     l     EV SSL Certificates        DNSSEC         Resources

OTA Releases 2011 Online Safety Honor Roll and Scorecard
74% of Organizations Fail to Protect Consumers from Malicious Email and Rogue Web Sites. 
Government Lags Behind Social Media, Ecommerce, and Financial Services Sectors

Seattle, Washington – May 10, 2011 – The Online Trust Alliance’s (OTA) 2011 Online Safety Honor Roll released today recognized 26% of the top public and private websites and government agencies for their adoption of key technologies to help protect users’ privacy and identity from abuse.

OTA Honor Roll criteria include implementation of email authentication, Extended Validation SSL Certificates (EV SSL), and testing for malware and known site vulnerabilities. In addition, federal government sites were evaluated for their support of DNSSEC. While the number honored in 2011 represents a promising 3-fold increase from this time last year, 74% of the top websites analyzed did not qualify and remain vulnerable to the increased levels of cybercrime and online fraud.

The OTA’s third annual survey examined 1,112 domains, their published DNS records, and over 500 million email messages purporting to come from them. The survey, which includes evaluation of best practices to help protect consumers from forged email, phishing sites, and malware, found that of the companies analyzed, only 26% (289) qualified to be named to the 2011 OTA Online Safety Honor Roll. This compares favorably to 8% which qualified in 2010.

The FDIC 100 led all surveyed sectors with nearly 27% making the Honor Roll, followed by 24% of the Fortune 500 and 22% of the Internet Retail 500. Unfortunately, only 12% of the measured federal government sites made the grade.

OTA’s criteria are acknowledged as industry best practices and effectively support President Obama’s National Strategy for Trusted Identities in Cyberspace (NSTIC). Combined, they serve as the foundation for several related cyber-security, interactive marketing, and identity protection initiatives.

A key principle in the report, email authentication, is recognized as a best practice by the Federal Trade Commission, Federal Communications Commission, Department of Homeland Security, U.S. Postal Inspection Service, U.S. Senate, and leading industry trade organizations including the Email Sender &  Provider Coalition (ESPC), Direct Marketing Association, Anti-Phishing Working Group (APWG), BITS (a division of the Financial Services Roundtable), and the Messaging Anti-Abuse Working Group (MAAWG).

“Domain level email authentication is a potent weapon in the fight against spam and phishing attacks.  But, for it to work, legitimate emailers must authenticate the messages they send and receiving domains must refuse delivery of unauthenticated messages,” according to David Vladeck, Director of the FTC’s Bureau of Consumer Protection.

Across all surveyed sectors, more than 56% have adopted either Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM), two proven standards to help identify and block deceptive email. Recognizing the business value of email authentication, adoption has been led by 92% of the top social media sites, followed by 84% of the Internet Retail 100, and nearly 59% of the largest FDIC banks. Comparatively, only 38% of leading government sites have adopted email authentication, reflecting an 18.8% increase over 2010.

“We applaud OTA’s efforts to drive adoption of standards-based security best practices and we are honored to be recognized for our leadership in customer protection,” said Michael Barrett, CISO and VP Information Risk Management at PayPal. “We encourage other industry stakeholders to join us in deploying these solutions for the sake of our mutual customers’ safety, and the vitality of our ecosystem. The time is now.”

“While the level of adoption is failing to adequately protect consumers, the commitment and growth within the public and private sectors is encouraging,” said Craig Spiezle, Executive Director of the Online Trust Alliance. “Government and business leaders need to commit to these guidelines to help prevent a consumer trust meltdown and protect the vitality of the U.S. economy.”

Highlights:

  • Almost 26% (289 companies) earned entry into the OTA 2011 Online Safety Honor Roll, for their adoption of EV SSL Certificates, and one or more forms of email authentication.

  • The Honor Roll achievement was as high as 26.7% of the FDIC 100 and 24.6% of the Fortune 500. Only 12% of top federal government sites qualified.

  • Email authentication adoption has passed the tipping point, with more than 56% adopting either SPF or DKIM on one or more of their domains or subdomains.

  • EV SSL is nearing 45% adoption across top retail and banking sites, reflecting a year-to-year increase of over 78%. Across all segments, adoption increased 68%.

For their demonstrated commitment to best practices, industry collaboration and consumer education, OTA has recognized several “North Stars” – including the Internal Revenue Service, the Social Security Administration, Apple Computer, Citibank, Bank of America, PayPal, Publishers Clearing House, Microsoft, and the White House (whitehouse.gov). The complete report (registration required) and the list of 2011 Honorees are posted at https://otalliance.org/2011scorecard.html

OTA is pleased with increased adoption levels and is urging consumer financial institutions, commerce sites and consumer-facing government agencies as well as Internet Service Providers and Mail Box Providers to implement the following as of October 1, 2011:

  • Implement both SPF and DKIM email authentication across all domains and subdomains.

  • Add or upgrade to EV SSL Certificates on all sites which require consumer login or registrations and either provide access to or collect personal and financial data.

  • Initiate planning and deployment of DNSSEC.

About The Online Trust Alliance (OTA) https://otalliance.org
Formed in 2004, the Online Trust Alliance (OTA) is a global non-profit organization representing the Internet ecosystem, supporting user choice and controls, protection of critical infrastructure, privacy and data governance, promoting marketing best practices and self-regulation. The OTA’s mission is to develop and advocate best practices and public policy which mitigate emerging privacy, identity and security threats to businesses, online services, brands, government agencies, organizations and consumers, thereby enhancing online trust and confidence.

For media inquiries contact:

Elizabeth Shambaugh
Online Trust Alliance (OTA)
Lizs@otalliance.org
425-455-7400

Revised May 10, 2011