SOURCE: Online Trust Alliance

Online Trust Alliance

November 24, 2014 17:00 ET

Online Trust Alliance Names Most Trustworthy Websites in Australia & New Zealand

JP Morgan Chase, Coles, New Zealand Post, Kogan and Virgin Australia Among Those to Make ANZ Honour Roll for Security & Privacy Best Practices

SEATTLE, WA--(Marketwired - Nov 24, 2014) - The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust and innovation, announced the results of its 2014 Australia and New Zealand (ANZ) Online Trust Audit.

Out of 150 regional consumer and government websites evaluated, 14 percent made OTA's ANZ Honour Roll, distinguishing themselves as responsible stewards of customer data at all levels of their organisation. The 21 companies to land on the ANZ Honour Roll excelled in all three of the audit's scoring categories:

  • Domain, Brand and Consumer Protection
  • Data Protection, Privacy and Transparency
  • Site, Server and Infrastructure Security

AUSTRALIA 2014 HONOUR ROLL RECIPIENTS
Australian Taxation Office - AVG Technologies - Catch of the Day - Commonwealth Bank - Coles - David Jones - Gumtree - JB HI-FI - JP Morgan Chase - Kogan.com - New South Wales Government - Rio Tinto - The Age - The Sydney Morning Herald - True Local - Virgin Australia - Xero

NEW ZEALAND 2014 HONOUR ROLL RECIPIENTS
HealthPost - New Zealand Post - Trade Me - Xero

"At Commonwealth Bank, we understand that privacy and security are central to the trust our customers have in us, and we take that responsibility very seriously," said Ben Heyes, General Manager Cyber Security and Privacy, Commonwealth Bank of Australia. "CBA's inclusion in the Online Trust Alliance's Honour Roll is indicative of our continued focus on ensuring our customers' data is safe and secure and that their privacy is protected."

HealthPost Ltd. CEO Abel Butler added, "Having our customers trust us is as crucial to HealthPost as great products, customer service and ethics. To be named to the first-ever ANZ Online Trust Audit and Honour Roll for online privacy and data protection practices is an honour. The OTA's recognition of our work has encouraged us to implement yet more of the online privacy and data protection best practices. We believe that people have a right to expect that the organisations who they share their personal information with online will take that responsibility seriously."

Unfortunately, not only did 86 percent of websites score too low to merit ANZ Honour Roll inclusion, but 75 percent failed at least one of the three above categories. A failing score indicates that the website is especially vulnerable to potential site vulnerabilities, email/domain spoofing and spear phishing, or has a privacy policy failing to conspicuously disclose data collection, retention and sharing practices. The outdated privacy policies are concerning despite the recent Privacy Act changes that went into effect in March 2014 in Australia and the revision of privacy legislation currently under consideration in New Zealand.

Chair of the New Zealand Internet Task Force (NZITF) Barry Brailey remarked, "I applaud the New Zealand companies that achieved Honour Roll status, including NZITF members TradeMe and Xero. This is no small achievement. Working with NZITF, OTA is leading the way to help organisations see the value in consumer and brand protection initiatives."

"OTA commends the companies that have demonstrated a commitment toward respecting consumer privacy and safeguarding sensitive data," said OTA Executive Director and President Craig Spiezle. "On the other hand, those that failed demonstrated a penchant for operational oversights, mistakes and an apparent lack of attention to consumer protection. This report serves as a wake-up call for consumers to think twice about where they shop, bank and click. It also stresses how important it is for businesses to be more vigilant in their security and privacy practices."

By comparison, a June 2014 OTA audit assessing the trustworthiness of approximately 800 websites resulted in 26 percent of companies qualifying for the Global Honour Roll.

OTA's comprehensive audit underscores the importance of continued monitoring of security and privacy practices and the risks of becoming complacent. As cybercrime escalates, yesterday's practices and technologies may no longer be applicable or meet today's regulatory or threat landscape.

REPORT FINDINGS
Domain, Brand and Consumer Protection: Inadequacies in this category were the primary cause of audit failures, with 51 percent of ANZ websites missing the mark. Websites were penalized for incomplete email authentication measures leaving users vulnerable to spear phishing and email forgery, as well as for not locking their domains to prevent unauthorised transfer requests.

Data Protection, Privacy and Transparency: One-third of the evaluated websites failed this category, largely due to insufficient disclosures addressing data use, retention and sharing. Other companies were marked down for outdated privacy policies and use of website trackers that share information with unaffiliated third parties.

Site, Server and Infrastructure Security: Only 17 percent of websites failed this category, indicating most companies are following at least minimum best practice recommendations, including enhanced Secure Sockets Layer technologies that address threats such as HeartBleed and Poodle, and disabling support for SSL 3.0. Adoption of session encryption through the implementation of "always on SSL" was on par with the global report.

WHO WAS EVALUATED
The selection of sites to the ANZ 150 was based on a combination of factors including consumer site traffic within Australia and New Zealand, prevalence of past brand jacking or phishing exploits and industry sector leadership. The complete 2014 ANZ 150 Audit & Honour Roll report and methodology can be accessed at https://otalliance.org/HonourRoll.

About OTA:
The Online Trust Alliance (OTA) is a non-profit with the mission to enhance online trust and user empowerment while promoting innovation and the vitality of the Internet. Its goal is to help educate businesses, policy makers and stakeholders while developing and advancing best practices and tools to enhance the protection of users' security, privacy and identity. With OTA membership comes opportunities to help shape future legislation, bolster brand credibility with consumers and develop new best practices. OTA supports collaborative public-private partnerships, benchmark reporting, and meaningful self-regulation and data stewardship.

Contact Information

  • Contact:
    Andrew Goss
    Voxus PR (for OTA)
    253.444.5446
    Email Contact