Have you bought a product or service over the Web? Would you? Only about a quarter of the people who go online buy over the Internet. A recent study, commissioned by the American Institute of CPAs and performed by the marketing research firm Yankelovich Partners, found the following: 1) The primary consumer concern (60 percent of those surveyed) is security and privacy. 2) A large majority of users do not want to provide household income information (91 percent) or give out credit card numbers (85 percent). 3) Even disclosing less financially risky information such as phone numbers, addresses and Social Security numbers made a majority uncomfortable. 4) When transactions are made online, the average value is $212. Top products sold online are computer hardware and software, travel services and books. Despite the obvious potential of Web commerce (as demonstrated by No. 4 above), many Web sites do not provide for sales because their creators anticipate few benefits (a reaction to items 1 through 3 above). Must this be so? In today’s Internet environment, the answer is evolving into a “no” which does involve some taming of the Wild Web. Who should tame the Web for electronic transactions? There have been several initiatives to do this. They include: ? Major credit card companies and banks are organizing a standard for using credit cards on the Internet without forcing users to transmit credit card numbers. This standard allows for a PIN-like number to be used instead of a credit card number. ? eTrust is a start-up company focused on creating standard rules for e-commerce Web sites. Participating sites must declare what happens to consumer information once it reaches the site; eTrust reserves the right to audit compliance after the fact. ? Verisign is a start-up company focused on verifying that a site is legitimate and not a forgery. It makes no representations beyond that about the quality of an electronic transaction. ? The Better Business Bureau has an online certification system for member sites called BBBOnline. It handles complaints about participating sites and verifies other information such as street address, phone number, and number of years in business. On the anonymous Web, is all of this enough for consumers? Especially for the non-business consumer, buying on the Web challenges the buyer to trust more than the security of the seller’s database or server. The buyer must rely on the honesty of the seller to deliver items that have been purchased and to do it in a timely fashion. Also, the relationship is not necessarily ongoing. For example, when you buy online from sites by established retailers like Lands End or Sears, you have some inkling of what delivery and the process (beyond security of payment) may be like it probably won’t be too dissimilar to their catalog or store experiences. However, when buying widgets from Widgets.com, you have no Widgets shopping experience and therefore no assurances of anything about the widgets or the transaction. It’s important to verify system-wide security before a transaction takes place. In fact, the Yankelovich Partners study found that having “credible assurances about security would greatly increase online purchasing of products and services.” The American Institute of CPAs, in partnership with the Canadian Institute of Chartered Accountants, believes that CPAs should be the Wyatt Earp of business-to-consumer electronic commerce through a CPA WebTrust seal. This seal, using authentication technologies from Verisign, will standardize and put the business and security practices of all participating Web sites through a rigorous test. Because of the high level of trust in CPAs, nearly 46 percent of online users say that they would more likely buy products and services online from a site with this seal. What does it mean to you? In defining the principles of the WebTrust, we are defining the critical components of infrastructure, policy and controls for a business with online transactions. The principles are: 1) Business practices. “The entity discloses its business practices for electronic commerce transactions and executes transactions in accordance with its disclosed business practices.” 2) Transaction integrity. “The entity maintains effective controls to provide reasonable assurance that customers’ orders placed using electronic commerce are completed and billed as agreed.” 3) Information protection. “The entity maintains effective controls to provide reasonable assurance that private customer information obtained as a result of electronic commerce is protected from users not related to the entity’s business.” Consider whether e-commerce Web sites that you have visited would meet these principles. Few do at this point so user apprehension should not be a big surprise! Chaim Yudkowsky, CPA is the director of management consulting services at Grabush, Newman & Co., P.A., a Baltimore-based regional certified public accounting and management consulting firm.