Untitled Document

Frequently asked questions

General

What is WebTrust?

WebTrust is a service jointly developed by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) for the benefit of their membership, and adopted by the Hong Kong Institute of Certified Public Accountants (HKICPA) together with several foreign accounting associations. It enables consumers and businesses to purchase goods and services over the Internet with confidence that vendors' Web sites meet high standards of business practices disclosure, transaction integrity, and information protection.

Why is WebTrust needed?

A major impediment to the growth of commerce over the Internet has been a broad concern over the security and privacy of credit card and other confidential information transmitted when purchasing goods, services and information electronically. There is also concern over the frequent inability of consumers and businesses to confirm the legitimacy of companies offering goods and services over the Web.

Why are CPAs offering WebTrust?

CPAs are recognized as independent assurers of the accuracy and fairness of many types of financial and non-financial information. CPAs must meet strict ethical, educational, and other requirements. CPAs are now bringing their independence, objectivity, and broad knowledge of business and technical expertise to the Web under WebTrust Principles.

How do I know that a Web site has received the WebTrust service?

A Web site that has met the WebTrust principles is eligible to display the prestigious WebTrust Seal on its order page or on its home page.

Who issues the WebTrust Seal?

CPAs who have been licensed by their respective national professional standards-setting bodies, issue the Seal. This license is not a license to practice public accounting; rather it is a license to authorize a practitioner to issue the WebTrust Seal.

Where can I obtain copies of the WebTrust standards?

The standards are available from the Web sites of the HKCPA ( www.hkicpa.org.hk ), the CICA ( www.cica.ca/WebTrust ) or the AICPA ( www.aicpa.org ).

What does the WebTrust Seal mean?

Web sites that qualify for the Seal have been examined by a qualified CPA who has issued a report providing assurance that the site complies with the WebTrust principles and criteria relating to disclosure of business practices, transaction integrity and information protection. The WebTrust Principles do not provide for any fitness or suitability pertaining to the specific products and services nor their intended use offered by a Web site vendor.

Where do I find the report of the CPA that a Web site complies with WebTrust?

The WebTrust report can be found by clicking on the WebTrust Seal and following the hyperlinks to the accountant's report.

What period does the WebTrust Seal cover?

A Web site may generally retain the Seal for as long as it remains compliant to the WebTrust Principles. These principles require that the CPA confirm continued compliance at least every six months.

Does the WebTrust Seal cover security and privacy of the Internet Service Provider (ISP) that hosts a Web site?

Under WebTrust principles, an assuring CPA is required to reasonably ascertain that the hosting ISP meets WebTrust Principles for security and privacy.

Can the WebTrust Seal be revoked?

Yes, the Seal would be revoked if the Web site no longer complies with the WebTrust Principles.

What is the CPA's responsibility if a consumer has problems with a transaction at a WebTrust site?

The WebTrust Seal is designed to provide broad general assurance on the Web site as a whole, pertaining to a vendor's business practices and systems for providing transactional accuracy, security and privacy over the Web. The Seal is not designed to assure specific transactions between a business and its customers. If the CPA becomes aware of complaints that conflict with management's assertions or conflict with the manner in which a site meets the WebTrust Principles and Criteria, the CPA may need to re-examine the site or revoke the seal.

Revocation is the sole remedy for non-compliance. The WebTrust Seal is not a guaranty pertaining to specific transactions between a Web site and its customers. Assuring CPAs and the HKICPA cannot be held responsible for specific losses, delays, or other damage incurred by a Web site's customers.