April 23, 2009 08:00 ET

Online Trust Alliance Issues Poor Grades to Fortune 500 for Failing to Protect Consumers From Online Fraud

Despite Report, OTA Sees Silver Lining With Leading Fortune 500 Companies' Actions

SEATTLE, WA and SAN FRANCISCO, CA--(Marketwire - April 23, 2009) - Today the Online Trust Alliance (OTA) expanded its research findings by issuing a poor grade to Fortune 500 companies for failing to appropriately protect consumers from online fraud. OTA found only 37 percent of these companies authenticate their email and/or implement Extended Validation Security Socket Layer (EV SSL) certificates -- techniques which offer increased protection from online fraud and deceptive email. This most recent research follows an OTA study with similar results on the 300 leading Internet retailers and government agencies.

"Although there is no silver bullet to stop online fraud, adoption of open standards like email authentication and EV SSL certificates are industry best practices, and essential to restoring the consumer's sense of security and privacy," said OTA Chairman and Founder, Craig Spiezle. "OTA and its members are committed to providing the resources businesses need to enhance online trust."

OTA found Fortune 100 companies have a somewhat higher adoption rate for email authentication and/or EV SSL certificates (45 percent) compared with the Fortune 500 as a whole, showing top companies recognize and proactively capture opportunities to safeguard their brands and customers. While these results show year-to-year growth, they are still disappointing considering that over 50 percent have yet to adopt these security measures.

This data is somewhat mitigated by OTA research revealing an estimated 85 percent of all commercial and transactional email is now being authenticated. This has been achieved with the support of the Anti-Phishing Working Group (APWG), the Interactive Advertising Bureau (IAB), Direct Marketing Association (DMA), and the Email Sender and Provider Coalition (ESPC). OTA is encouraged by this progress, but notes that marketers must leverage their expertise and aid in the protection of the domains most recognizable by the consumer, not just the ones that send email. Furthermore, marketers need to commit to ongoing maintenance to assure the highest level of accuracy in the email they authenticate.

"The data for the largest companies and email marketers is encouraging, yet represents a disconnect between IT professionals, marketers and the stewards of the corporate brand," said Spiezle. "It is imperative these groups join forces and adopt authentication principles before their brands and stockholders are harmed."

Email authentication helps Internet Service Providers (ISPs), hosters and business networks validate that the sender of a message is authorized by the domain holder to send email. By taking this step, consumers and brands realize added protection in detecting forged email.

OTA is also reporting a more than 100 percent increase in the adoption of EV SSL certificates over the past year. EV SSL certificates clearly identify a legitimate website, usually with a green identifier in a browser's address bar, and were created to address the rise in Internet fraud that was eroding consumer confidence in online transactions.

In January of 2008, OTA called on the world's top financial institutions and eCommerce sites to adopt EV SSL. As of today, four of the five largest organizations worldwide have done so -- Bank of America, General Electric, HSBC and JP Morgan Chase -- and 25 percent of the top 1000 eCommerce sites that had used SSL certificates have now migrated to EV SSL. Furthermore, through the efforts of OTA, the Merchant Risk Council and CA/Browser Forum, today all of the mainstream web browsers, including Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox and Opera, support EV SSL -- up from only Microsoft Internet Explorer 7 just a year ago.

OTA is calling on all eCommerce, banking and leading governmental sites to adopt both email authentication and EV SSL certificates within the next six months. Those brands that adopt will be taking a step forward in protecting their consumers and enhancing online trust. In addition, OTA is calling on all ISPs to integrate inbound email authentication verification as a best practice. Despite progress by leading ISPs, others have not embraced this opportunity to better protect consumers with email authentication.

OTA and its members are providing resources to aid businesses in their adoption of both email authentication and EV SSL certificates for ecommerce sites. A working group of OTA members and industry leaders are meeting today in San Francisco, and will be publishing guidelines and recommendations within the next month. Information will be posted at

For an overview of the methodology, a complete list of results and OTA email authentication resources, visit

About The Online Trust Alliance (OTA)

The mission of OTA is to create a trusted global online ecosystem and foster the elimination of email and Internet fraud, abuse and cybercrime; thereby enhancing trust, confidence, and the protection of businesses and consumers. Through its member companies and organization affiliates, OTA represents over one million businesses and 500 million users worldwide with regional chapters in Asia Pacific, Canada and Europe. OTA is a 501c6 IRS-approved non-profit, governed by a Board and Steering Committee including Bank of America, BoxSentry, Datran Media, Epsilon, Goodmail Systems, Iconix, Internet Identity, IronPort (a division of Cisco Systems), MarkMonitor, Message Systems, Microsoft Corporation, MX Logic, Return Path, Symantec Corporation and VeriSign.

Contact Information

  • For media-related inquiries, contact:
    Andrew Goss
    VOXUS, Inc.
    253.853.5151 x224
    Email Contact