Some 129 of 150 Australian and New Zealand websites audited by not-for-profit organisation Online Trust Alliance (OTA) failed to meet consumer protection, data privacy or cyber security criteria, according to a report released this week.
OTA performed the audit during August and September 2014. The selection of sites was based on a combination of factors including A/NZ consumer site traffic and past evidence of phishing exploits. This is the first time OTA has performed an A/NZ website audit.
According to the audit, 51 per cent of the 150 A/NZ websites did not meet domain, brand or consumer protection standards. For example, websites were penalised for incomplete email authentication, which could leave users vulnerable to spear phishing attacks. Other sites did not lock their Web domains to prevent unauthorised transfer requests.
Turning to data protection, privacy and transparency, the OTA audit found that one third of the websites did not inform users about the use of their personal data. Other websites were found to have outdated privacy policies or used website trackers that shared information with unaffiliated third parties.
In addition, 17 per cent of the 150 websites failed the site, server and infrastructure security category. This meant the sites were not using Secure Sockets Layer (SSL) technologies that address threats such as HeartBleed and Poodle.
According to OTA's executive director and president, Craig Spiezle, the websites that failed its audit have demonstrated a penchant for “operational oversights, mistakes and a lack of attention to consumer protection".
However, some Australian websites made the OTA’s honour roll for being “responsible stewards of customer data” in domain/brand protection, privacy and security, said Spiezle. These sites included the Australian Taxation Office (ATO), Commonwealth Bank of Australia (CBA), Coles, David Jones, New South Wales Government, Gumtree, JP Morgan Chase, Kogan, Rio Tinto and Virgin Australia.
HealthPost, New Zealand Post, Trade Me and Xero were the only New Zealand sites that made the honour roll.
In total, 14 per cent of the A/NZ websites audited made the OTA’s honour roll.
A June 2014 OTA audit, which assessed the trustworthiness of 800 international websites, resulted in 30.2 per cent of companies qualifying for the global honour roll. These sites included Netflix, Sony Electronics, Ancestry.com, Walmart and American Greetings.
Follow Hamish Barwick on Twitter: @HamishBarwick