P17. Account Security (internet and mobile ecosystem companies)
The company should help users keep their accounts secure.
Elements
- Does the company clearly disclose that it deploys advanced authentication methods to prevent fraudulent access?
- Does the company clearly disclose that users can view their recent account activity?
- Does the company clearly disclose that it notifies users about unusual account activity and possible unauthorized access to their account?
Research guidance
This indicator is applicable to internet and mobile ecosystem companies. Companies hold significant amounts of user information, making them targets for malicious actors. We expect companies to help users protect themselves against such threats. Companies should clearly disclose that they use advanced authentication techniques to prevent unauthorized access to user accounts and information. We also expect companies to provide users with tools that enable them to secure their accounts and to know when their accounts may be compromised.
Potential Sources:
- Company security center
- Company help pages or community support page
- Company account settings page
- Company blog