129 out of 150 A/NZ websites fail Online Trust Alliance audit

Websites did not meet privacy or cyber security criteria, says OTA

Some 129 of 150 Australian and New Zealand websites audited by not-for-profit organisation Online Trust Alliance (OTA) failed to meet consumer protection, data privacy or cyber security criteria, according to a report released this week.

OTA performed the audit during August and September 2014. The selection of sites was based on a combination of factors including A/NZ consumer site traffic and past evidence of phishing exploits. This is the first time OTA has performed an A/NZ website audit.

A failing score meant the website was vulnerable to potential site vulnerabilities, email/domain spoofing or had a privacy policy that failed to disclose data collection and retention.

According to the audit, 51 per cent of the 150 A/NZ websites did not meet domain, brand or consumer protection standards. For example, websites were penalised for incomplete email authentication, which could leave users vulnerable to spear phishing attacks. Other sites did not lock their Web domains to prevent unauthorised transfer requests.

Turning to data protection, privacy and transparency, the OTA audit found that one third of the websites did not inform users about the use of their personal data. Other websites were found to have outdated privacy policies or used website trackers that shared information with unaffiliated third parties.

In addition, 17 per cent of the 150 websites failed the site, server and infrastructure security category. This meant the sites were not using Secure Sockets Layer (SSL) technologies that address threats such as HeartBleed and Poodle.

According to OTA's executive director and president, Craig Spiezle, the websites that failed its audit have demonstrated a penchant for “operational oversights, mistakes and a lack of attention to consumer protection".

Trusted websites

However, some Australian websites made the OTA’s honour roll for being “responsible stewards of customer data” in domain/brand protection, privacy and security, said Spiezle. These sites included the Australian Taxation Office (ATO), Commonwealth Bank of Australia (CBA), Coles, David Jones, New South Wales Government, Gumtree, JP Morgan Chase, Kogan, Rio Tinto and Virgin Australia.

HealthPost, New Zealand Post, Trade Me and Xero were the only New Zealand sites that made the honour roll.

In total, 14 per cent of the A/NZ websites audited made the OTA’s honour roll.

A June 2014 OTA audit, which assessed the trustworthiness of 800 international websites, resulted in 30.2 per cent of companies qualifying for the global honour roll. These sites included Netflix, Sony Electronics, Ancestry.com, Walmart and American Greetings.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyconsumer protectiontrusted websiteswebsite auditOnline Trust Alliance

More about American GreetingsAustralian Taxation OfficeCommonwealth BankCommonwealth Bank of AustraliaDavid JonesJP MorganKoganMorganNetflixSonyTrade MeVirgin AustraliaXero

Show Comments
[]