OTA completed a comprehensive assessment of the 500 largest online retailers, evaluating over three-dozen data attributes and criteria. Based on the composite weighted analysis, 2015’s top 10 most trustworthy online retailers (technically 11 due to a scoring tie) are:
- American Greetings
- Drs. Foster & Smith
- The Honest Company
- Kate Spade New York
- SparkFun Electronics
In total, 212 of the 500 largest online retailers, or 42%, qualified for OTA’s Honor Roll. Despite setting the most difficult standards yet for its annual trust audit, OTA reported a 78% improvement over 2014, when only 24% of evaluated online retailers made the cut. This dramatic improvement is due to nearly 100 retailers, who fell just short of the threshold last year, making straightforward improvements to push them over the top.
“The online threat landscape is constantly evolving and our latest audit reflects that," OTA executive director and president Craig Spiezle said. "Even companies with top scores on the Honor Roll last year would have failed this year had they not adopted the latest best practices.”
Unfortunately, 45% of the 500 evaluated retailers not only didn’t qualify, they outright failed at least one component of the audit. A failure typically means the retailer is especially vulnerable to an existing online security threat, is not adequately protecting consumers from phishing and other social engineering threats, or has insufficient privacy policies and inadequate disclosures.
OTA judged each retailer in three categories: privacy (27% fail rate), consumer protection (22 % fail rate) and security (5% fail rate). The fail rates in all three of these categories dropped significantly from 2014 (34%, 26% and 11%, respectively). Thirteen percent of retailers neither failed the audit nor scored well enough to qualify.
The full report includes the complete list of companies on the Honor Roll, along with additional findings and recommendations such as adding clear and concise privacy policies to websites/e-mails and adopting e-mail authentication at the top-level domain. For a complete description of the audit’s methodology, including the technologies and practices relevant to each scoring category, click here.