About Us Membership Resources OTA Members Login

Ad Integrity & Fraud     l     Data Breach      l     Email Security     I     Site & SSL Security     l     Botnets

Mobile App Privacy & Security Best Practices - March 26, 2014

OTA Glossary - March 4, 2014

New Account Risk Evaluation Framework for Email, Hosters & Cloud Service Providers - October 1, 2013

Risk Evaluation Framework (Recorded webinar members only) - October 3, 2013

Anti-Malvertising & Advertising Fraud Risk Evaluation Framework - October 1, 2013

Anti-Botnet Remediation Best Practices - October 1, 2013

Resources developed by OTA and OTA member companies to enhance business and consumer protection from cybercrimes and deceptive business practices including  identity theft, spam, phishing, privacy exploits and account take-overs.

Anti-Malvertising -  Malvertising is the cybercriminal practice of injecting malware into ads that are served on websites. A malvertisement is a malicious or deceptive advertisement that exhibits behavior including, but not limited to, conducting a drive-by-download, delivering deceptive downloads such as fake anti-virus pop-ups, and/or redirecting the user to sites that a user has not elected to visit.  More >

Anti-Botnet - OTA  is working with key stakeholders in the public and private sectors to address the threats resulting from bots.  The strategy is to focus on a holistic view, including prevention, detection and remediation.  OTA efforts encompass working with law enforcement, ISPs and web site hosting companies in take-down efforts, promoting best practices to reduce the distribution of bots and aiding users to reduce the vulnerability attack surface.  More>

Always On SSL -  Always On SSL (AOSSL) is a proven, practical security measure that should be implemented on all websites where users share or view sensitive information including banking, commerce sites and personal communications.   More>

Data Breach Response -  All businesses should create an incident response plan and be prepared for the likelihood that they will experience a breach or data loss in the future.  A well-designed plan is emerging as a key part of regulatory compliance, demonstrating that a firm or organization is willing to take reasonable steps to protect data (and the consumer) from abuse. More >

Email Security & Integrity - Email Authentication helps to detect spoofed and forged email and controls the rising tide of spam and forged email. These efforts ultimately produced two key email authentication technologies: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), each of which received RFC status from the Internet Engineering Task Force (IETF). In addition this initiative includes the recently announced Domain-based Message Authentication, Reporting & Conformance (DMARC) draft specification.  More >

Extended Validation SSL Certificates - (EVSSL) An added barrier and tool to help combat deceptive and illicit businesses, providing differentiation and recognition for holders of EV Certificates. EV certificates represent a standard now adopted worldwide by all leading browsers. It is recommended that web sites which conduct online transactions and use log-on credentials evaluate EV certificates as part of their security and brand protection strategy.  More >

Messaging Ecosystem Security - As cybercriminals have targeted businesses with increasing malice and precision, interactive marketers, their service providers, and others in the messaging ecosystem need to recognize their valuable data assets are at risk.  To help combat these threats, the OTA has created the "Security by Design Framework" and its recommended practices are intended to provide a basis for immediate action.  More >

©2014.  All rights reserved.  Online Trust Alliance (OTA)