Donate
Deep Dive: A Look at Top Retailers’ Security Practices Thumbnail
‹ Back
Building Trust 27 November 2019

Deep Dive: A Look at Top Retailers’ Security Practices

Kenneth Olmstead
By Kenneth OlmsteadInternet Privacy & Security Analyst

In April 2019 the Internet Society’s Online Trust Audit released its 10th Online Trust Audit and Honor Roll. One of the longest-running sectors covered in the Audit is online retailers. In this blog post we will look at the top 500 online retailers in the US based on online sales and how they fare in security best practices advocated by OTA.

Overall 65% of online retailers in the top 500 made the honor roll this year, a marked improvement over 2017 when just over half (51%) did. With the upcoming holidays many consumers will be doing much of their shopping online, therefore it is more important than ever that any online retailer practices good email and site security. After all, consumers are sending highly-sensitive data like credit cards and addresses at a much higher rate during the holidays.

In site security retailers fared well, as did most sites. Fully 92% of the top 500 online retailers has AOSSL/HSTS on their sites (virtually the same as 91% of sites overall). The good news this year is that this is a significant increase over the the 38% that had AOSSL/HSTS in 2017. The bad news is that the fact that this is not 100% of these top online retailers is still concerning given the information consumers enter into these sites when they shop.

In email-security most retailers also did well. Two technologies, SPF and DKIM, help ensure that users’ are not receiving forged or spoofed emails from a retailer. Fully 86% of retailers implemented SPF (compared to 89% of organizations overall). Here again the trend is positive, in 2018 75% of online retailers had SPF. In another positive trend, DKIM adoption also rose in 2018. In 2018 83% had DKIM, up significantly from 53% in 2017. Where retailers did not do well in email security, however, was DMARC.

DMARC adds on to SPF and DKIM telling email servers what to do when an email fails to be authenticated. Just 34% of online retailers implemented DMARC, well below the 50% of sites overall. In addition there was little improvement over 2017 when 33% had implemented this technology. This lack of improvement in DMARC is disappointing for online retailers given they have improved in other areas.

It is no longer the case that only tech companies need to be concerned about data security. All companies run on data, retailers more so than ever. Not securing your consumer facing site with SSL is unacceptable in 2019, as is not using proper email authentication technology. No business is immune from breaches and users need know their information is safe when making online purchases.

How would your organization do in the Audit? Read the report to see how you’d stack up, and use it to improve your site’s security and privacy. Then view the infographic or watch the recap video to learn more!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Announcing the Online Trust Audit & Honor Roll Results
Building Trust16 April 2019

Announcing the Online Trust Audit & Honor Roll Results

Do you know how – or even if – your favorite retailer, or your bank, or your ISP is working...

10 Years of Auditing Online Trust – What’s Changed?
10 Years of Auditing Online Trust – What’s Changed?
Building Trust22 April 2019

10 Years of Auditing Online Trust – What’s Changed?

Last week we released the 10th Online Trust Audit & Honor Roll, which is a comprehensive evaluation of an organization’s...

2017 Online Trust Audit Released - What Did We Learn?
2017 Online Trust Audit Released - What Did We Learn?
Building Trust20 June 2017

2017 Online Trust Audit Released – What Did We Learn?

Today the OTA released the 9th annual Online Trust Audit and Honor Roll. This year’s Audit is our most comprehensive ever, assessing...

Join the conversation with Internet Society members around the world