CPAs Offer To Certify The Security Of Web Sites

The American Institute of Certified Public Accountants introduced a certification system Tuesday designed to ease the public's concerns about the safety of electronic commerce.

A "seal of assurance" called CPA WebTrust will vouch for a Web site's data security, integrity, and privacy.

The CPA group, working with its Canadian counterpart organization and the digital certification company Verisign Inc., said it hopes to preempt government regulation while helping merchants, financial institutions, transaction processors, and others to achieve their on-line commerce goals.

CPA WebTrust is not the first such proposed seal of approval, but it may be the most ambitious. Numerous high-technology companies have backed the Electronic Frontier Foundation's "trust mark" system or the Open Profiling Standard for consumer privacy.

The MasterCard and Visa associations will also be certifying systems that comply with their Secure Electronic Transactions protocol.

Most of those programs are narrowly focused on security characteristics, said Barry C. Melancon, president of the U.S. accountants group. "We are providing an actual service," including compliance enforcement, he said.

The accountants' seal, in the form of a license, would provide assurance that the information a consumer provides in the course of electronic commerce would not be compromised.

At a press conference, Mr. Melancon said the idea came out of government concern over electronic privacy and is in keeping with a recent White House document, "A Framework for Global Electronic Commerce."

"WebTrust will provide greater consumer disclosure," said Everett C. Johnson, a partner at Deloitte & Touche and chairman of the CPA group's electronic commerce task force. He said businesses can anticipate more revenues and lower costs because of the Internet's low overhead.

Verisign of Mountain View, Calif., will provide technology support. Users would click on the WebTrust seal to get various documents, including one that shows the company has been licensed by an accountant. Other documents describe the seal verification process and the conclusions of audits.

Verisign will also maintain a list of certified companies so that consumers can be sure a seal is authentic.

All the Big Six accounting firms are expected to offer the service, requiring Web site audits every 90 days.

An on-line company will have to say whether a product is covered by a warranty, how it handles customer complaints, whom to call about a complaint, and how it rectifies billing problems.

An official with KPMG Peat Marwick said WebTrust will appeal more to retail merchants and smaller banks than to larger financial institutions that enjoy high brand recognition.

"Large banks are already credible," said John G. van Ruth, a principal with Peat Marwick in Toronto.

But Mr. Melancon said banks are interested in the program, particularly as it might be applied to home banking. The seal "reassures the consumer that there are no hidden fees," he said.

Mr. Johnson said he expects the first CPA WebTrust companies to sign on by November.

A Yankelovich Partners survey commissioned to support the project found some receptivity to electronic shopping, but 85% of on-line service subscribers said they would not give out their credit card numbers. Almost half said the seal would raise their comfort level.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER