Security Directory

V

Venionaire DealMatrix

dealmatrix.com

0

DealMatrix is a specialized platform focused on facilitating startup valuations and connecting startups with investors through a fact-based approach and advanced matching technology. The platform offers multiple valuation methods and deal monitoring services, targeting startups and investors primarily in the finance and technology sectors. The website is built on WordPress with Elementor and integrates privacy compliance tools such as Borlabs Cookie. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS, which undermines user trust and data security. The domain is mature and registered since 2011, consistent with the business's claimed history. Privacy policies and cookie consent mechanisms are well implemented, supporting GDPR compliance. Social media presence and testimonials add to the platform's credibility.

V

Venionaire Capital AG

worldventureforum.info

0

World Venture Forum 2025 is a well-established international event focused on fostering global relations in the venture capital, crypto, family office, corporate innovation, and impact investing sectors. The event is held in Kitzbühel, Austria, and features a comprehensive program with multiple unique mountain chalet venues, keynote speakers, workshops, and networking opportunities. The business model revolves around event organization, ticket sales, and sponsorship packages, targeting investors, entrepreneurs, and industry leaders. The website is professionally designed with rich content, clear navigation, and strong branding consistency. Technically, the website is built on WordPress using Elementor and several event-related plugins. It integrates Google Analytics for tracking and uses Borlabs Cookie for cookie consent management. However, the site lacks HTTPS, which is a critical security flaw, and does not implement important security headers or modern TLS protocols. Performance is moderate to slow, and while mobile optimization and accessibility are good, the absence of SSL significantly impacts the security posture. Security-wise, the site has no SSL/TLS encryption, no HSTS, no OCSP stapling, and no secure cipher suites, exposing users to potential risks. There is no visible security policy or incident response information. Privacy compliance is good with a comprehensive privacy policy and cookie consent mechanism. Business credibility is supported by detailed company information, multiple contact methods, and trust indicators such as testimonials and partner listings. Overall, the site presents a strong business and content profile but requires urgent security improvements to protect users and enhance trust. Strategic recommendations include immediate SSL implementation, adding security headers, and enhancing incident response transparency.

R

Raiffeisen Bank International

cashpresso.com

0

Cashpresso is a financial service platform provided by Raiffeisen Bank International AG, offering flexible credit and payment solutions such as installment payments and purchase on account. The website targets private and business customers primarily in Austria, providing a digital-first experience with quick online registration and management via mobile apps. The platform is well integrated with multiple partner shops and maintains a strong brand presence supported by awards and customer ratings. Technically, the site uses modern frameworks and Adobe Experience Manager CMS but suffers from slow load times and lacks a valid SSL certificate, which is a critical security concern. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the business appears legitimate and trustworthy, but the security posture requires urgent improvement to protect user data and maintain trust.

E

Erste Digital GmbH

s-itsolutions.com

0

Erste Digital GmbH is the digital and IT services arm of Erste Group, the largest banking group in Central and Eastern Europe. The company focuses on delivering best-in-class IT solutions and digital transformation services to banking entities across the region, supporting both operational and innovation activities. The website reflects a professional and modern digital presence with rich content describing the business and its mission to enhance financial health for millions of customers. Technically, the site uses modern web technologies including JavaScript modules, service workers, and ElasticSearch for search functionality, hosted behind Amazon CloudFront CDN for performance and reliability. However, a critical security gap exists as the site lacks a valid SSL/TLS certificate and does not serve content over HTTPS, which significantly impacts the security posture and trustworthiness. Privacy and cookie policies are present and appear comprehensive, indicating good compliance with GDPR requirements. Contact information such as emails and phone numbers are not explicitly provided on the homepage, which may affect user engagement. Overall, the site demonstrates strong business credibility and technical maturity but requires urgent security improvements to enable HTTPS and strengthen its security framework.

A

APG

apg.nl

0

APG is a large Dutch pension fund service provider specializing in pension administration, asset management, and advisory services. The website is content-rich, professionally designed, and targets pension participants and institutional investors. The technical infrastructure includes Cloudflare hosting, Umbraco CMS, and multiple marketing and analytics tools such as Google Tag Manager and Cookiebot. However, a critical security issue is the absence of a valid SSL certificate and enabled TLS protocols, which severely impacts the security posture. Security headers are well implemented, but the lack of HTTPS reduces trust and security. Privacy compliance is strong with clear privacy and cookie policies and consent mechanisms. Contact information is primarily via web forms, with no explicit emails or phone numbers found. Social media presence is active on LinkedIn, Facebook, and Instagram. Overall, the website is professional and trustworthy but requires urgent SSL/TLS configuration improvements to enhance security and user trust.

I

ION Group

reval.com

0

ION Group operates the Reval treasury software platform, a SaaS solution designed to automate and optimize treasury operations for global corporations, financial institutions, and government entities. The platform offers advanced features including real-time cash visibility, machine learning for forecasting and fraud detection, and seamless integration with banking and ERP systems. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistency. Technically, the site is built on WordPress and leverages modern analytics and marketing tools, hosted behind Cloudflare for performance and security. However, a critical security gap exists due to the absence of a valid SSL/TLS certificate and disabled TLS protocols, which significantly impacts the security posture. Privacy compliance is well addressed with GDPR-aligned cookie consent mechanisms. Overall, the site demonstrates high business credibility but requires urgent remediation of SSL issues to ensure secure user interactions.

M

Merkur Versicherung AG

merkur.at

0

Merkur Versicherung AG is Austria's oldest insurance company, specializing in private health, accident, life, property, and legal protection insurance. Positioned as the second largest private health insurer in Austria, it serves a broad audience including private customers, employees, and businesses. The website demonstrates a mature digital presence with a professional design, clear navigation, and comprehensive content tailored to its target audience. Technically, the site is built on Liferay DXP with React and Clay UI components, but suffers from critical SSL misconfiguration that undermines its security posture. Security headers are well implemented, but the lack of a valid SSL certificate and disabled TLS protocols present significant risks. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the site is trustworthy and professional but requires urgent remediation of SSL issues to ensure secure user interactions.

M

Moody’s Analytics Austria GmbH

kompany.com

0

kompany is a specialized provider of real-time official company information and compliance solutions, operating as a Moody’s Analytics Austria GmbH subsidiary. The company offers services such as KYC, KYB, AML, and UBO compliance tools, credit and register reports, and entity verification across over 115 million companies globally. Their market position is strong due to Moody’s backing, targeting businesses requiring robust compliance and risk management data. Technically, the website uses modern JavaScript frameworks, Google Analytics 4, and Cloudflare for hosting and CDN services, but lacks a valid SSL certificate, which is a critical security gap. Security headers are partially implemented, but the absence of HTTPS and TLS protocols significantly reduces the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, with consent mechanisms in place. Overall, kompany presents a professional and trustworthy business front with room for critical security improvements.

I

Incentage AG

incentage.com

0

Incentage AG is a Swiss-based software company specializing in innovative financial technology solutions for banking and financial institutions. Their offerings include modular platforms for payment processing, securities transactions, innovation acceleration, and risk management with cyber protection. The company positions itself as a pioneer in accelerating financial innovation with a focus on flexibility and end-to-end security. The website reflects a professional and consistent brand image targeting financial sector clients. Technically, the site uses modern web technologies including Webflow CMS, jQuery, Weglot for translations, and Google Tag Manager for analytics. Hosting is via Cloudflare, but a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. Privacy compliance is well addressed with cookie consent mechanisms and a privacy policy, though no explicit security policy or incident response contacts are found. Overall, the domain registration data aligns well with the business claims, supporting legitimacy. Strategic improvements in SSL/TLS deployment and enhanced security practices are recommended to strengthen trust and compliance.

D

DaoPay GmbH

daopay.com

0

DaoPay GmbH is a licensed Austrian payment service provider offering a broad range of secure and simple payment solutions for online merchants globally. The company supports over 80 payment methods including major credit cards, PayPal, SEPA, and direct carrier billing, positioning itself as a comprehensive payment gateway and merchant account provider. Their target audience includes online businesses seeking to expand payment options and increase customer convenience. The website is professionally designed with clear navigation and relevant content, supporting a medium-sized enterprise profile in the finance and technology sectors. Technically, the website is built on WordPress with modern plugins and frameworks such as Bootstrap and Visual Composer, indicating a mature digital infrastructure. However, performance is slow and accessibility is basic. The site is mobile optimized and SEO is well implemented. Security posture is weak due to the absence of a valid SSL certificate and outdated TLS protocols, which poses significant risks for a payment service provider. Privacy and cookie policies are comprehensive and GDPR compliant, with explicit consent mechanisms in place. The WHOIS data confirms the legitimacy and consistency of the domain registration with the business claims. Social media presence and contact information are comprehensive, enhancing business credibility. Strategic recommendations include immediate remediation of SSL/TLS issues, enabling modern security protocols, and enhancing DNS security configurations to improve trust and compliance.

S

SmartStream Technologies ltd.

smartstream-stp.com

0

SmartStream Technologies ltd. is a well-established leader in financial data solutions, serving banks, capital markets, buy-side firms, and corporations. Their offerings focus on operational control, cost reduction, risk mitigation, regulatory compliance, and new revenue streams. The company maintains a strong market position with a comprehensive portfolio of services including data transformation, regulatory alignment, managed services, and innovation labs. The website reflects a professional and consistent brand image targeting financial institutions and related sectors. Technically, the website is built on WordPress using Elementor and Slider Revolution, hosted behind Cloudflare for security and performance. It integrates multiple marketing and analytics tools such as Google Analytics 4, Google Tag Manager, Pardot, LinkedIn Insight Tag, and various media embedding services. Mobile optimization and SEO practices are good, though accessibility is basic. Security posture is weakened by the absence of a valid SSL certificate and lack of HTTPS enforcement, despite Cloudflare protection and Wordfence plugin usage. Security headers are present but could be enhanced with HSTS and OCSP stapling. Privacy compliance is strong with clear GDPR-aligned policies, cookie consent mechanisms, and a data protection officer contact. Overall, the website presents a credible and professional front for SmartStream Technologies but requires urgent SSL/TLS remediation to improve security and trustworthiness. Strategic recommendations include SSL installation, enhanced security headers, and continuous monitoring of third-party integrations.

F

FTC Capital

ftc.at

0

FTC Capital is an Austrian asset management company targeting both retail and institutional investors. The website provides segmented information for private clients and qualified institutional investors, reflecting a clear business focus on investment services within Austria. The digital infrastructure is based on WordPress with multilingual support and GDPR cookie compliance mechanisms, indicating a moderate level of digital maturity. However, the website suffers from critical security shortcomings, notably the absence of a valid SSL certificate and HTTPS support, which significantly undermines user trust and data security. Performance is suboptimal with slow load times, and contact information is not readily available, limiting direct communication channels. Overall, while the business positioning and content quality are good, the technical and security posture require urgent improvements to meet modern standards and regulatory compliance.

A

Alpen Privatbank AG

walserprivatbank.com

0

Alpen Privatbank AG is a well-established private banking and wealth management institution operating primarily in the German-speaking regions of Europe, with a strong presence in Austria and Germany. The company offers personalized asset management and investment advisory services, targeting private clients seeking tailored financial solutions. The website reflects a professional and consistent brand image, supported by multiple physical office locations and clear contact information. Technically, the site is built on TYPO3 CMS and hosted by maxcluster.net, but suffers from slow load times and lacks a valid SSL certificate, which significantly impacts security and user trust. The security posture is weak due to the absence of HTTPS and security headers, although privacy compliance is supported by a cookie consent mechanism and GDPR-aligned privacy policy. Overall, the site demonstrates moderate business credibility but requires urgent security improvements to protect user data and enhance trust.

P

PricewaterhouseCoopers

pwc.at

0

PricewaterhouseCoopers Austria (PwC.at) is a leading professional services firm offering audit, tax, consulting, and advisory services. The website presents a comprehensive and professional digital presence targeting businesses and professionals in Austria, emphasizing expertise in finance, sustainability, cybersecurity, and technology consulting. The site uses modern web technologies including Adobe Experience Manager, AngularJS, and Akamai CDN, ensuring a good user experience and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture. The site includes comprehensive privacy and cookie policies with GDPR-compliant consent mechanisms, but lacks explicit security policies or incident response information. Overall, the domain registration is consistent with the business claims, indicating legitimacy and trustworthiness.

Raiffeisen Bank International AG operates as a leading business bank in Austria and Central and Eastern Europe, offering a broad range of financial services including corporate banking, investor relations, and sustainability-focused products. The website targets investors, corporate and institutional clients, job seekers, and private customers, reflecting a mature and comprehensive business model with a strong market position. Technically, the site is built on Adobe Experience Manager with Vue.js components, leveraging modern analytics and marketing tools such as Mouseflow, Google Tag Manager, and hCaptcha. However, a critical security weakness is present due to an invalid SSL certificate and lack of TLS protocol support, which undermines the otherwise strong security headers and policies implemented. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site is professional, content-rich, and trustworthy but requires urgent remediation of SSL and TLS issues to ensure secure user interactions.

U

UNIQA Group

uniqagroup.com

0

UNIQA Group is a large Austrian insurance and financial services provider with a strong market presence and a public listing since 1990. The website targets investors, customers, suppliers, and job seekers, offering comprehensive information on insurance products, investor relations, sustainability initiatives, and career opportunities. The content is professionally presented with consistent branding and good quality. Technically, the website uses Apache server technology and integrates modern marketing and analytics tools such as Adobe DTM, Google Tag Manager, and Dynatrace. However, it lacks SSL/TLS encryption, which is a critical security gap. Security headers are well implemented, but the absence of HTTPS significantly reduces the security posture. Privacy and cookie policies are comprehensive and GDPR compliant, supporting good privacy practices. Overall, the website is trustworthy and professional but requires urgent security improvements to enable HTTPS and strengthen SSL/TLS configurations.

E

easybank

easybank.at

0

easybank is a leading direct bank in Austria, offering a comprehensive range of financial services including personal and business accounts, loans, credit cards, savings, and investment products. The website reflects a mature digital presence with a focus on user experience, mobile optimization, and clear navigation. The business is well-positioned in the Austrian banking sector, supported by its parent company BAWAG Group and subsidiaries such as easyleasing.at. Technically, the site uses CoreMedia CMS and integrates modern marketing and analytics tools like Adobe and Google Tag Manager, alongside a consent management platform for privacy compliance. However, the website suffers from a critical security deficiency: it lacks a valid SSL certificate and does not support HTTPS, exposing users to significant risks. Security headers and modern TLS protocols are also absent, which undermines the overall security posture. Privacy policies and cookie consent mechanisms are well implemented, indicating good compliance with GDPR. Overall, while the business and content quality are excellent, the security shortcomings significantly impact the risk profile and trustworthiness of the site.

V

Vienna Insurance Group

vig.com

0

Vienna Insurance Group (VIG) is a leading insurance group in Central and Eastern Europe, operating through over 50 insurance companies and pension funds across 30 countries with approximately 30,000 employees. The website reflects a mature, enterprise-level business with a strong market position and comprehensive service offerings in insurance and reinsurance. The digital infrastructure is modern, leveraging JavaScript frameworks and a CMS (Umbraco), with good content quality and user experience. However, the security posture is weakened by the absence of a valid SSL certificate and lack of TLS protocol support, which is a critical vulnerability for a financial services website. Privacy and cookie policies are well implemented and GDPR compliant, supporting regulatory adherence. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of SSL/TLS issues to ensure secure communications.

T

TD Canada Trust

td.com

0

TD Canada Trust is a leading North American financial institution offering a broad range of banking and investment services to personal, small business, and commercial clients. The website reflects a mature digital presence with comprehensive content on corporate values, sustainability, innovation, and customer care. The technical infrastructure is built on Adobe Experience Manager and supported by major third-party services for analytics and marketing. However, the security posture is currently weak due to the absence of a valid SSL certificate and lack of HTTPS support, which poses significant risks to user data confidentiality and trust. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is professional and trustworthy but requires urgent security improvements.

W

Wüstenrot

wuestenrot.at

0

Wüstenrot is a well-established Austrian financial services provider with a 100-year history, offering integrated banking, insurance, and savings products. The website reflects a mature digital presence with professional design, comprehensive content, and clear navigation tailored to private customers in Austria. Technically, the site is built on Adobe Experience Manager and uses modern web technologies and analytics tools. However, a critical security gap exists due to the absence of a valid SSL certificate and enabled TLS protocols, exposing users to potential risks. Privacy compliance is strong with GDPR-aligned cookie consent and detailed privacy policies. Overall, the business is credible and trustworthy, but urgent security improvements are needed to protect user data and maintain trust.

W

wikifolio Financial Technologies AG

wikifolio.com

0

wikifolio Financial Technologies AG operates a sophisticated online investment platform focused on European stocks and social trading. The platform enables investors worldwide to access trading ideas, create virtual portfolios, and invest in wikifolio certificates listed on stock exchanges in Germany, Austria, and Switzerland. The company is well-positioned in the European finance sector with a medium-sized operation and a strong brand presence supported by partnerships and positive testimonials. Technically, the website leverages modern web technologies including React, Next.js, and Chakra UI, hosted on Azure infrastructure with CDN support for performance. The site is well-optimized for SEO, accessibility, and mobile responsiveness, providing a professional user experience. From a security perspective, the site currently lacks a valid SSL certificate and does not support modern TLS protocols, which is a critical vulnerability. Security headers are partially implemented but key features like HSTS and OCSP stapling are missing. Privacy compliance is strong with comprehensive policies and clear contact information, but incident response and security policy disclosures are absent. Overall, the website presents a trustworthy and professional business front but requires urgent improvements in SSL/TLS security to protect user data and maintain trust. Strategic recommendations include immediate SSL certificate installation, enabling TLS 1.2+, and enhancing security headers and incident response readiness.

G

Global Blue

globalblue.com

0

Global Blue operates as a provider of tax-free shopping solutions and related financial services targeting international shoppers and retailers. The website serves as an informational and service platform, primarily implemented as a modern Angular single-page application. However, the site currently lacks visible content beyond the SPA shell, with no accessible privacy, cookie, or terms of service policies, and no contact information available in the HTML content. Technically, the site uses Varnish caching and modern JavaScript frameworks but suffers from poor SSL/TLS configuration, lacking a valid certificate and HTTPS support, which severely impacts security and trustworthiness. Security headers are minimal, and no vulnerability disclosure or incident response information is published. Overall, the website's security posture is weak, and privacy compliance is poor, which could expose the business to risks and reduce user trust.

H

Hypo Tirol Bank AG

hypotirol.com

0

Hypo Tirol Bank AG operates as a digital regional bank in Austria, primarily serving private and corporate clients in Tirol and Vienna. The website presents a comprehensive portfolio of banking products including accounts, cards, savings, investments, loans, and insurance services. The bank emphasizes personal service combined with digital convenience, targeting a broad customer base from individuals to public institutions. The site is professionally designed with clear navigation and localized German content, reflecting a mature digital presence. Technically, the site is built on WordPress with modern plugins and integrates marketing and tracking tools such as Google Tag Manager and Adrom.net. However, the website currently lacks a valid SSL/TLS certificate, resulting in no HTTPS support, which is a critical security vulnerability. Other security best practices such as security headers and HSTS are also missing. Privacy compliance is well addressed with a comprehensive privacy and cookie policy and an active consent mechanism. Overall, while the business and content aspects are strong, the security posture requires urgent improvement to protect user data and maintain trust.

UniCredit Bank Austria AG operates as a major financial institution in Austria, providing a wide range of banking services including retail, corporate, and private banking. The website targets private customers, corporate clients, and private banking customers with comprehensive offerings such as accounts, credit cards, loans, insurance, and investment products. The bank is part of the UniCredit Group, indicating a strong market position and enterprise scale. The website is professionally designed with consistent branding and rich content, supporting a high level of user engagement and trust. Technically, the website employs modern JavaScript libraries and third-party services such as Tag Commander for tag management and Genesys for customer service. Hosting is supported by Akamai CDN infrastructure, enhancing availability and performance. However, the site suffers from slow load times and lacks a valid SSL certificate, which is a critical security flaw for a banking website. Accessibility and SEO optimizations are well implemented, and mobile responsiveness is good. Security posture is weak due to the absence of HTTPS, missing security headers, and no HSTS policy. While no immediate vulnerabilities are detected, these gaps expose the site to risks and reduce user trust. Privacy compliance is strong with clear privacy and cookie policies, GDPR adherence, and consent mechanisms in place. Business credibility is high, supported by certifications and transparent legal information. Overall, the site is a professional and comprehensive banking portal but requires urgent security improvements, especially SSL/TLS implementation, to meet industry standards and protect user data effectively.

P

PXP Financial

kalixa.com

0

PXP Financial operates a sophisticated unified commerce platform that integrates payment processing, acquiring, cross-border payments, and growth tools for a diverse range of industries including retail, hospitality, gaming, and travel. The company leverages a cloud-native, microservices-based architecture enhanced by AI to deliver scalable, reliable, and innovative payment solutions globally. Their platform emphasizes intelligent payment routing, real-time business intelligence, and self-service capabilities, positioning them as a modern leader in the payments technology sector. The website reflects a mature, professional business with strong branding and comprehensive service offerings.

D

DONAU Versicherung AG Vienna Insurance Group

donauversicherung.at

0

DONAU Versicherung AG Vienna Insurance Group is a large Austrian insurance company offering a broad range of insurance products including health, pension, car, home, and legal protection insurance for private and business customers. The website is professionally designed with excellent content quality, clear navigation, and good mobile optimization. It uses TYPO3 CMS and integrates modern tools such as TagCommander for tag management and Empathy Portal for live chat support. Despite these strengths, the website suffers from a critical security issue: the SSL certificate is invalid or missing, which undermines user trust and security. Privacy and cookie policies are well implemented with consent mechanisms, reflecting good GDPR compliance. The company demonstrates strong business credibility with certifications and high customer ratings. Overall, the site is functional and trustworthy but requires urgent SSL certificate remediation to improve security posture.

V

Visma e-conomic A/S

e-conomic.dk

0

Visma e-conomic A/S operates e-conomic.dk, a leading Danish online accounting software platform serving over 240,000 businesses. The company offers flexible subscription packages tailored to various business sizes and integrates with multiple business systems. The website is professionally designed with comprehensive content, clear navigation, and strong branding consistency. Technically, it uses Drupal 11 CMS, Cloudflare CDN, and modern JavaScript libraries, ensuring good performance and mobile optimization. However, a critical security gap exists as the main domain lacks HTTPS/SSL, exposing users to risks. Privacy and cookie policies are well implemented with GDPR compliance, and multiple contact channels including forms, email, and phone are available. The domain is mature and consistent with the business identity, owned by Visma Group. Overall, the site is trustworthy and business credible but urgently needs to enable HTTPS to improve security posture.

BMO Global Asset Management (BMO GAM) is a leading Canadian asset manager offering a broad range of investment products including mutual funds, ETFs, and alternative products. The website clearly targets investors, advisors, and institutional clients, reflecting a mature and well-established financial services business. The company operates under the larger Bank of Montreal (BMO) umbrella, reinforcing its market position and credibility. Technically, the website leverages modern web technologies such as Next.js and integrates with Adobe Launch and OneTrust for marketing and compliance. Hosting is provided via Akamai CDN, ensuring global content delivery. However, the absence of a valid SSL certificate and disabled TLS protocols represent significant technical and security shortcomings that undermine user trust and data protection. From a security perspective, while some security headers like HSTS and X-Frame-Options are present, the lack of HTTPS and modern TLS support is a critical vulnerability. No published security policies, incident response contacts, or vulnerability disclosure mechanisms were found, indicating gaps in security transparency and readiness. Overall, the website is professionally designed and content-rich, but the lack of proper SSL/TLS configuration and security disclosures lowers its security posture and trustworthiness. Strategic improvements in SSL deployment, security policy publication, and DNS security would significantly enhance the site's security and compliance standing.

HypoVereinsbank by UniCredit Bank GmbH operates a professional and comprehensive banking website targeting private and corporate customers in Germany. The site offers a wide range of financial services including online banking, investment products, loans, and wealth management. It is well-positioned in the market, recognized by industry awards such as 'Bank of The Year 2024' and 'Fairste Filialbank 2024'. The website demonstrates strong branding consistency and trust indicators, with clear contact information and GDPR compliance. Technically, the site uses modern JavaScript libraries and is hosted via Akamai with Adobe Experience Manager as the CMS platform. However, performance is currently slow and SSL/TLS configuration is invalid, which poses security risks. Security headers are mostly present but the Content-Security-Policy is overly permissive. No WAF or blocking mechanisms are detected, allowing full content access. Privacy and cookie policies are implemented with consent mechanisms. Overall, the site is professional and trustworthy but requires urgent SSL fixes to improve security posture.

I

INFINA

infina.at

0

INFINA is a leading independent credit brokerage firm in Austria specializing in residential construction financing. The company offers comprehensive credit comparison services from over 120 banks, personal consultation, and a wide range of financial tools to assist customers in securing optimal mortgage financing. Their extensive network of over 100 local partners ensures personalized service throughout Austria. The website reflects a mature and professional business with excellent content quality and user experience, targeting individuals and families seeking home financing solutions. Technically, the site is built on TYPO3 CMS with modern web technologies and includes interactive calculators and consent management tools. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the site's security posture. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, the business demonstrates strong credibility and market position but must urgently address its SSL/TLS configuration to improve security and trust.

A

ACI Worldwide

aciworldwide.com

0

ACI Worldwide is a mature, enterprise-level financial technology company specializing in global payments software and solutions. The company offers a broad portfolio of services including payments orchestration, fraud management, bill pay, and real-time payments, targeting banks, merchants, and billers worldwide. The website reflects a strong market position with extensive customer testimonials, partner logos, and a global reach across 95 countries. Technically, the site is built on WordPress hosted on WP Engine with Cloudflare CDN, leveraging modern marketing and analytics tools such as Google Tag Manager, Hotjar, and HubSpot. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which significantly impacts the security posture score. Security headers and content security policies are well implemented, but the lack of HTTPS is a major vulnerability. Privacy compliance is well addressed with a comprehensive privacy policy and cookie consent mechanism. Overall, the website is professional, content-rich, and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

Raiffeisenverband Salzburg eGen operates as a large regional banking cooperative in Austria, providing a comprehensive range of financial services including retail banking, corporate banking, investment products, insurance, and real estate services. The website targets private and corporate customers primarily in the Salzburg region, emphasizing local presence and digital innovation. The business is well-positioned as the largest banking group in Austria by branch count and employees, with a strong community and regional focus. Technically, the website is built on Adobe Experience Manager CMS with modern web technologies and responsive design, offering good user experience and accessibility. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, which severely impacts the security posture. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Contact information and trust indicators are prominently presented, supporting business credibility. Overall, the site is professional and content-rich but urgently requires SSL implementation to secure user data and maintain trust.

Raiffeisen Zertifikate is a leading Austrian financial services provider specializing in certificate investment products, with a strong market position evidenced by multiple awards. The website is professionally designed, content-rich, and targets investors interested in sustainable and flexible investment options. Technically, the site uses TYPO3 CMS, integrates modern analytics and marketing tools, and is hosted behind Cloudflare. However, the security posture is weakened by the absence of a valid SSL certificate and disabled modern TLS protocols, which poses risks to data confidentiality and user trust. Privacy compliance is well addressed with comprehensive policies and cookie consent mechanisms. Overall, the site is trustworthy but requires urgent SSL/TLS remediation to improve security and user confidence.

Volkswagen Versicherungsdienst GmbH (VVD) is a medium-sized insurance service company operating as a subsidiary of Porsche Bank in Austria. It specializes in providing automotive insurance products and services to customers of Volkswagen Group brands and other vehicle owners. The website presents a professional and consistent brand image with comprehensive service offerings including liability, partial and full coverage insurance, legal protection, and additional guarantees. Technically, the site is built on Craft CMS and leverages Cloudflare for hosting and security, along with modern marketing and analytics tools such as Google Tag Manager and Facebook Pixel. However, a critical security gap exists due to the absence of a valid SSL certificate, resulting in no HTTPS support, which significantly undermines the security posture. Privacy compliance is well addressed with a detailed privacy policy and cookie consent mechanism. Contact information is clearly provided, enhancing business credibility.

FERNBACH Financial Software operates FlexFinance, a specialized software suite designed to optimize lending business processes including loan origination, credit lifecycle management, and risk management. The company targets banks and financial institutions, offering solutions that enhance efficiency, transparency, and compliance. With a user base exceeding 12,000 and over one million credit decisions processed annually, FERNBACH holds a solid position in the finance software niche, supported by multilingual capabilities and a consistent brand presence. Technically, the website employs modern front-end technologies such as jQuery, Bootstrap, and Popper.js, alongside analytics tools like Google Analytics and Microsoft Clarity. However, the site suffers from poor performance with a notably high load time and lacks a valid SSL certificate, which critically undermines its security posture. The absence of HTTPS and security headers exposes the site to potential risks, despite no detected vulnerabilities in SSL protocols themselves. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. Contact information is limited but present, primarily via a company email address. The overall website quality is good in terms of design, content relevance, and user experience, though technical and security improvements are necessary. Strategically, the company should prioritize securing its website with a valid SSL certificate and enabling HTTPS to protect user data and improve trust. Performance optimization and implementation of security headers would further enhance the site's security and user experience. Maintaining transparent privacy practices and expanding contact options could strengthen business credibility and customer confidence.

I

ING

ing.at

0

The website ing.at serves as an informational landing page announcing the transfer of ING Austria's private banking business to bank99 AG as of November 30, 2021. It provides contact information for former customers and legal representatives handling specific cases. The site is primarily targeted at former ING Austria private banking customers and does not offer active banking services. Technically, the site uses modern web technologies including Lit for UI components, service workers for offline capabilities, and integrates third-party services such as Usercentrics for cookie consent and Webtrekk for analytics. However, the SSL configuration is critically flawed with no valid certificate and no TLS protocols enabled, severely impacting security posture. Security headers are well implemented but undermined by the lack of proper SSL. The domain registration and DNS records are consistent with a legitimate banking entity, and the site includes standard privacy and cookie policies compliant with GDPR. Overall, the site is professional and trustworthy in content but requires urgent remediation of SSL issues to ensure secure user access.

A

Addiko Bank AG

addiko.com

0

Addiko Bank AG operates as a regional digital bank serving multiple European countries with a focus on online banking products such as savings accounts and loans. The website reflects a professional and consistent brand presence with clear navigation and relevant content targeting retail and corporate banking customers. Technically, the site is built on WordPress with modern plugins and integrates multiple analytics and marketing tools. However, the security posture is weakened by the absence of a valid SSL certificate and lack of modern TLS protocol support, which is critical for a financial institution. Privacy compliance is well addressed with GDPR-aligned policies and cookie consent mechanisms. Overall, while the business and technical aspects are solid, the security deficiencies pose a significant risk that must be remediated promptly.

G

GrECo

greco.services

0

GrECo is a well-established insurance and risk management specialist with a strong presence in Central and Eastern Europe, operating since 1925. The company offers a broad range of services including risk consulting, cyber insurance, health and benefits, and international insurance programs. The website reflects a mature digital presence with professional design, multilingual support, and structured data for SEO. However, the technical infrastructure shows critical security weaknesses, notably the absence of a valid SSL certificate and lack of HTTPS support, which undermines user trust and data security. Privacy policies are present and GDPR compliant, but cookie consent mechanisms are minimal. Overall, the site is content-rich and credible but requires urgent security improvements to align with best practices.

KPMG Austria GmbH operates a comprehensive and professionally designed website representing its global network of audit, tax, advisory, and legal services. The website targets clients and potential clients primarily in Austria and German-speaking regions, offering detailed insights into their services, industries, and career opportunities. The technical infrastructure leverages Adobe Experience Manager CMS, modern JavaScript frameworks like Vue.js and React, and integrates marketing and analytics tools such as Adobe Analytics, Demandbase, Gigya, and OneTrust for privacy compliance. Despite a strong content and business presence, the website suffers from critical security shortcomings, notably an invalid SSL certificate and lack of TLS protocol support, which significantly impacts its security posture. Privacy and cookie policies are well implemented with consent mechanisms, aligning with GDPR requirements. Overall, the site demonstrates high professionalism and trustworthiness but requires urgent remediation of its SSL/TLS configuration to ensure secure user interactions.

S

Software Daten Service Gesellschaft m.b.H.

sds.at

0

Software Daten Service Gesellschaft m.b.H. (SDS) is a medium-sized Austrian company specializing in software and services for the international financial industry, with additional focus on telecommunications and digital entertainment sectors. The company offers a comprehensive portfolio including securities processing, regulatory reporting, compliance, consulting, managed services, and professional testing. SDS benefits from a strong market position supported by its 50 years of history and affiliation with the Deutsche Telekom Group. The website reflects a professional and consistent brand image targeting financial institutions and related industries globally. Technically, the site is built on WordPress with modern plugins and SEO optimizations, but suffers from critical security shortcomings due to the absence of a valid SSL certificate and lack of HTTPS support. Security headers are present but insufficient to compensate for the missing encryption. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Contact information is clearly provided, enhancing business credibility. Overall, the site is content-rich and professionally maintained but urgently requires SSL/TLS remediation to improve security posture and trust.

G

GE Capital

gecapital.com

0

GE Capital operates as the financial services arm aligned with General Electric's industrial businesses, providing leasing, lending, retail credit, real estate financing, and mortgage services globally. The website reflects a professional and consistent brand presence with clear business descriptions and multiple regional contact points, targeting industrial customers seeking financial solutions. Technically, the site is built on Drupal 10 with Bootstrap and hosted behind Cloudflare, indicating a modern infrastructure. However, the absence of a valid SSL certificate and disabled TLS protocols represent significant security weaknesses that undermine secure communications. Privacy and cookie policies are well linked to official GE domains, showing good compliance posture, but no explicit security or incident response policies are found. Overall, the site is professional and credible but requires urgent security improvements to meet enterprise standards.

R

Raiffeisen Bausparkasse Gesellschaft m.b.H.

bausparen.at

0

Raiffeisen Bausparkasse Gesellschaft m.b.H. is a well-established Austrian financial services company specializing in building savings contracts and financing solutions for housing and related needs. The company has a strong market presence with over 60 years of experience and offers a range of products including classic building savings, financing for construction, renovation, education, and health care. The website reflects a professional and consistent brand image targeting private individuals seeking secure and reliable financial products. Technically, the site is built on Adobe Experience Manager and uses modern web technologies such as AngularJS and Adobe DTM for analytics and marketing. It is hosted behind Cloudflare, ensuring good performance and security at the network level. However, a critical security issue is the invalid or missing SSL certificate and lack of TLS protocol support, which severely impacts the security posture and user trust. Privacy compliance is well addressed with comprehensive privacy and cookie policies and a consent mechanism in place. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional and professional but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

ERGO Versicherung Aktiengesellschaft operates the website das.at, providing legal protection insurance products under the D.A.S. Rechtsschutz brand in Austria. The company is a market leader with a strong reputation, offering services to private individuals, self-employed, and businesses. The website is professionally designed, content-rich, and targets Austrian customers with comprehensive insurance solutions and customer support channels. Technically, the site is built on TYPO3 CMS with modern web technologies and integrates multiple marketing and analytics tools. However, the absence of a valid SSL certificate and HTTPS support significantly weakens the security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. WHOIS data confirms the domain's legitimacy and alignment with the ERGO group. Overall, the website is credible and professional but requires urgent security improvements to protect user data and trust.

Zurich Insurance Group operates as a global insurance provider primarily in the finance sector, offering insurance and risk management services. The domain zurich.com is mature and strongly protected, reflecting the company's established market presence. However, the website content is currently inaccessible due to Incapsula WAF security mechanisms, and no valid SSL certificate is configured, resulting in no HTTPS support. This severely limits the ability to assess the website's content, privacy policies, and user engagement features. The technical infrastructure shows hosting via Incapsula, but lacks modern TLS protocols and security headers, indicating a need for significant security improvements. Overall, the website's security posture is weak due to missing SSL and blocked content, and privacy compliance cannot be verified. Strategic recommendations include implementing a valid SSL certificate, enabling modern TLS protocols, configuring security headers, and ensuring privacy and cookie policies are accessible to users.

O

Oberbank AG

oberbank.at

0

Oberbank AG is a well-established regional bank operating primarily in Austria and neighboring countries, offering a broad range of financial services including retail banking, corporate banking, savings, investments, financing, and online/mobile payment solutions. The website reflects a mature digital presence with comprehensive content tailored to private and corporate customers, supported by a modern technology stack based on Liferay and JavaServer Faces. The site demonstrates strong privacy compliance with detailed cookie consent mechanisms and GDPR-aligned privacy policies. However, the security posture is weakened by an invalid or missing SSL certificate and lack of TLS protocol support, which poses significant risks to secure communications. No explicit security or incident response policies are published, indicating room for improvement in transparency and readiness. Overall, the site is professional and trustworthy but requires urgent remediation of SSL issues to ensure secure user interactions.

C

Coface

coface.com

0

Coface is a global leader in trade credit insurance, debt collection, and business information services, supporting over 100,000 clients across approximately 200 countries. Founded in 1946 and headquartered in France, the company offers comprehensive solutions to help businesses manage credit risks and optimize credit management. The website reflects a mature digital presence with professional design, clear navigation, and extensive content tailored to its target audience of businesses seeking credit risk solutions. Technically, the site uses modern web technologies including a CDN (CloudFront), a CMS (Ibexa), and integrates advanced consent management and analytics tools. However, the security posture is weakened by an invalid SSL certificate and lack of enabled TLS protocols, which is a critical issue that must be addressed to ensure secure communications. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms in place. Overall, Coface's website demonstrates high business credibility and professionalism but requires urgent SSL/TLS remediation to improve security and trust.

C

CRIF S.p.A.

crif.com

0

CRIF S.p.A. is a globally recognized enterprise specializing in credit bureau reporting, business information systems, analytics, and outsourcing services. The company operates in 37 countries with over 85 subsidiaries, serving both businesses and consumers with advanced digital solutions including open banking and ESG analytics. The website reflects a mature business with comprehensive service offerings and a strong market position in the finance sector. Technically, the website uses modern JavaScript libraries and frameworks such as jQuery, Bootstrap, and Swiper.js, and is hosted on a CDN network (Akamai), ensuring good performance and mobile optimization. However, a critical security gap exists due to the absence of a valid SSL certificate and HTTPS support, severely impacting the security posture. Privacy and cookie policies are well implemented with consent mechanisms, supporting GDPR compliance. Overall, the website is professional and trustworthy but requires urgent remediation of its SSL/TLS configuration to protect user data and maintain trust.

R

Raiffeisen Bank International

rbinternational.com

0

Raiffeisen Bank International AG is a leading business bank headquartered in Austria, serving Austria and Central and Eastern Europe. The website presents comprehensive information about the bank's services, sustainability efforts, investor relations, and career opportunities, targeting investors, corporate clients, institutions, and private customers. The technical infrastructure leverages modern web technologies including Vue.js, Adobe Experience Manager CMS, and Cloudflare hosting, with integrations for analytics and marketing such as Mouseflow, Leadfeeder, and Google Tag Manager. Security headers are well implemented; however, the absence of a valid SSL certificate and disabled TLS protocols represent critical vulnerabilities that undermine the site's security posture. Privacy and cookie policies are present with consent mechanisms, indicating good compliance with GDPR. Overall, the website is professional and trustworthy but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.

E

Erste Digital GmbH

erstegroupit.com

0

Erste Digital GmbH operates as the digital and IT service arm of Erste Group, the largest banking group in Central and Eastern Europe. The company focuses on delivering IT solutions and digital transformation services to support banking operations across the region. The website reflects a professional and consistent brand image aligned with Erste Group, targeting banking customers, IT professionals, and potential employees. Technically, the site uses modern frameworks and CDNs but suffers from a critical lack of SSL/TLS configuration, which severely impacts its security posture. Privacy and cookie policies are well implemented, indicating GDPR compliance. Overall, the site is functional and professional but requires urgent security improvements to protect user data and maintain trust.

A

Allianz Elementar Versicherungs AG

allianz.at

0

Allianz Elementar Versicherungs AG operates a comprehensive insurance website targeting private customers in Austria, offering a wide range of insurance and financial products including vehicle, health, accident, and life insurance. The website demonstrates strong market positioning with extensive content, professional design, and consistent branding. Technically, the site is built on Adobe Experience Manager, leveraging Cloudflare for hosting and CDN services, and integrates modern marketing and analytics tools such as Adobe Analytics and OneTrust for GDPR compliance. However, a critical security issue is the absence of a valid SSL certificate and HTTPS support, significantly impacting the security posture. Privacy policies and cookie consent mechanisms are well implemented, reflecting good GDPR compliance. Overall, the site is trustworthy and professional but requires urgent remediation of SSL/TLS issues to ensure secure user interactions.