Survey names 'naughty,' 'nice' online retailers when it comes to security
Whether they checked it twice we are not sure, but researchers at LastPass, a company that makes password management software for consumers, has made its list of naughty and nice online retailers when it comes to how well they keep their customers' data secure.
Criteria for the judgment included "password requirements, the personal information they store, and how much effort they put into helping their customers follow good security practices."
The naughty: Sears, Amazon, Walmart, Kohl's, JCPenney.
The nice:Target, Best Buy, Apple Store, eBay and Macy's.
Coal recipients on the naughty list have too low a bar when it comes to password sophistication, ask for too much information, and store consumer payment information.
LastPass offered this additional information on the methodology used:
Each site was analyzed based on a set of 6 criteria, with a scale of 0 to 10 points based on whether the criteria were met, and how well they were met. We tested password requirements, including minimum and maximum number of characters allowed & variety of character types allowed; whether these requirements were shown up front for the consumer; if the websites employed a password strength meter to encourage longer passwords; use of security questions, and the obscurity of the questions asked; whether HTTPS is used when any information is entered; how much personal information that is collected (name, birthday, address, email, phone); how accessible that data was when you’re logged in; and whether payment information is stored in the online account, and how accessible that is when you’re logged in (ie. were only the last four digits revealed, or was the full card number accessible in plain text).
Based on these criteria, we assigned a score between 0 and 10 for each category for each retailer, for a possible total of 60 points. In our testing, we found that Sears (13/60), Amazon (18/60), Walmart (18/60), Kohl's (18/60), and JCPenney (18/60), all underperformed because they had very low to moderate password requirements and did not employ a strength meter to show the strength of the passwords. While they did employ HTTPS, they did not require any security questions, and stored several data points for personal and payment information that was accessible when logged in. Apple (42/60), eBay (38/60), Macy's (38/60), BestBuy (30/60), and Target (30/60) performed better, with higher password requirements in place (a higher minimum number of characters, and more complex passwords with symbols & numbers). Target and BestBuy also employed a password strength meter to encourage longer passwords.
See the infographic below for full details, as well as tips from LastPass on how to keep your data safe as a shopper.
James Bickers James Bickers is the former senior editor of Retail Customer Experience, and also manages webinars for Networld Media Group. He has more than 20 years experience as a journalist and innovative content strategist, with publication credits in national, international and regional publications. www