Offshore Payment
Processing and Certification
by Jason Gorringe, Offshore-e-com.com,
London
Introduction
| Of the
33 offshore jurisdictions fully described
in lowtax.net, which includes virtually
all those with pretensions to be e-commerce
hubs, no fewer than 15 have announced
plans to 'become the world leader in offshore
e-commerce' or words to that effect.
How can this
be? Well, it can't, of course. One could
lead the way in offshore e-commerce through
regional leadership (in the Caribbean,
say, or in Europe), or one could lead
by dominating a sector (offshore gaming,
say), or one could become the preferred
gateway into a particular market-place
(Hong Kong in relation to China, for instance). |
 |
But
the problem is more complex yet, because on
the Internet everything can be outsourced. Thus,
a location might hoover up ISP and hosting business
by having superb connectivity and IT facilities,
but it has not gained much unless it can provide
the functionality needed by the sites it hosts.
For many types
of application, that functionality includes
payment processing and digital certification,
and this survey will examine whether such facilities
are in reality part of the 'usp' of particular
jurisdictions, or whether they are going to
be universal services which are automatically
available to any provider or user of e-commerce
in a way comparable to, for instance, the international
cheque clearing system.
There isn't a definite
answer to this question yet, but there are some
clear trends, and they're not necessarily very
helpful to the cause of offshore e-commerce.
BACK
TO CONTENTS
A
Potted History Of E-Commerce Payment Processing
The most curious
aspect of the development of payment processing
on the Internet has been the failure of non-bank
payment systems to mount any serious challenge
to the banks. This is odd, because the banks
are relatively inefficient, very costly, and
have been extremely slow to exploit the possibilities
of the Internet.
Many people thought
that Internet payment networks would quickly
evolve which would wholly by-pass existing payments
systems, possibly involving the creation of
new, electronic currencies. Attempts have been
made: Beanz, Q-Pass and some features of WorldPay
are examples of systems which in different ways
exist independently of the banking system, although
liquidity always comes in the first place from
use of a credit card or other transfer to take
money from an existing bank account. But to
date there has been no large-scale creation
of liquidity on the Internet to rival the existing
banking system. It may yet happen, but the evidence
is that it won't.
Almost all payment
processing on the Internet has been driven by
the structure of the credit card industry, and
the concept of a 'merchant', copied over from
the pre-existing payments sector. Thus, an e-commerce
trader has to set up a 'merchant account' with
a bank or other credit-card issuer, or has to
deal with an intermediary such as WorldPay,
which in turn has 'merchant' relationships with
credit card issuers.
The direct merchant
account relationship is quite comparable to
its off-line equivalent, although the banks
have often charged a considerably higher commission,
for some valid and some invalid reasons. Evidently,
software is needed to intermediate between the
typical 'shopping-cart' e-commerce site and
the banks' systems, and this can be obtained
in a number of ways, either by purchasing an
integrated e-commerce package which includes
it (now being offered by majors such as Microsoft
and Sun), by going to an independent supplier
of payment-processing systems such as CyberCash,
or by choosing a bank which has itself developed
or bought in the 'middle-ware' needed for it
to offer a comprehensive payment processing
solution. Some banks have launched joint ventures
with suppliers of payment processing software.
Apart from being
expensive, the banks (credit card issuers) sometimes
require a merchant to run a deposit balance
equal to a percentage (up to 100%) of outstanding
credit transactions, pending settlement of approved
transactions through their networks. For many
merchants, it's therefore preferable to deal
through an intermediary, although they charge
even higher commissions than the banks for offering
simplicity and liquidity. It's not unusual to
pay in excess of 10% on transaction charges
to the intermediary (the credit card issuer
may get only 2.5% of this); or there can be
substantial monthly fixed or minimum charges.
Clearly, from the
merchant's perspective, neither direct merchant
accounts nor merchanting intermediaries offer
a very satisfactory payment processing solution.
Recently a new generation of intermediaries
has evolved which in effect offer merchant accounts
to traders as if they were credit card issuers,
but in fact have close relationships with the
underlying card issuers. Thus the trader needs
only one merchant account to be able to offer
a range of credit cards. The charges tend to
be more than for a direct merchant account,
but less than for an intermediary relationship.
The key to understanding
the evolution of trader-friendly payment-processing
services is the regional nature of credit card
issuance. In the most basic model, a given trader,
in a particular geographical location, will
necessarily have his merchant account with a
local branch of the bank or other credit card
issuer. A transaction with a customer on the
other side of the world (and whose credit card
was issued on the other wide of the world) requires
that settlement of the approved transaction
will take place through the bank's or issuer's
network, which is often slow, inefficient and
costly. The provider of payment processing services
on the net, who wants to offer a seamless, global
service with adequate liquidity and at reasonable
cost must necessarily form relationships with
card-issuing banks or other institutions in
different geographical regions before being
able to substitute rapid, cost-effective electronic
settlement for the existing horse-and-buggy
card-issuer systems.
This is why it
has taken so long for adequate payment-processing
services to evolve on the Internet - and the
process is continuing.
BACK
TO CONTENTS
Security
Considerations
| For every
type of payment transaction taking place
on the Internet there is of course a matching
security requirement, especially because
responsibility for the slow take-up of
e-commerce by customers and the high charges
levied by banks on e-commerce transactions
is frequently laid at the door of security
concerns. Statistics don't bear out these
concerns; but the perception is there.
User-generated
encryption, using PKI (Public Key Infrastructure)
or otherwise, is secure, but not completely
helpful for payment processing systems
in which the risk of data-loss or interception
is overshadowed by the risk of fraud via
impersonation or misrepresentation. The
solution has turned out to be through
the development of third party accreditation
using digital signatures, which have been
given legal status in most jurisdictions
which have passed e-commerce laws. |
 |
In some cases,
Governments have themselves developed accreditation
services on their own or in association with
private firms and have given them statutory
force; in other cases development has taken
place privately, using applicable legislation.
Recently, VeriSign,
a digital signature provider, acquired CyberCash,
a payment processing provider; together, of
course, they can offer a unified package to
traders and to banks. This type of consolidation
is likely to continue; in fact, if it doesn't
then the smaller providers will easily be squashed
by the likes of IBM, Microsoft and Sun, who
can roll out services with the global element
that is so crucial for Internet traders.
BACK
TO CONTENTS
Developments In The Offshore Jurisdictions
Jurisdictions are
listed in alphabetical order; in each case,
a star rating between one and five indicates
the level of development of local payment processing
and certification services. Of course, traders
in lowly-rated jurisdictions will still be able
to obtain payment processing solutions through
intermediary providers, but may find it difficult
or expensive or both to have merchant accounts
directly with local banks.
Barbados
 |
|
In August, 2000,
the Barbadian Government won approval from the
Cabinet to pass a final draft of the Electronics
Transactions Bill. The main aim of the new policy
is to prepare a legal framework for the recognition
of digital transactions and to put them on a
legal footing equivalent to that of paper-based
transactions. Key areas to be addressed by the
Act will be record-keeping, security, and contracts.
The final Bill,
once passed, will make Barbados the third Caribbean
country (after Bermuda and the Cayman Islands)
to possess digital signature legislation. It
will enable customers to securely enter into
digital signature agreements and to accept electronic
records and documents.
No information is
available regarding payment processing or certification
services available from Barbados.
First
Atlantic Commerce (FAC), a Bermuda-based
payment solutions provider, was established
in 1998 to create secure card-based payment
solutions for e-businesses.
The
company provides powerful technology designed
to work with most merchant platforms, including
Microsoft®, UNIX, and LINUX. FAC’s
processing platform -- a feature-rich payment
system called cGate® -- offers service,
flexibility and security to adapt to many business
and bank acquirer requirements.
Designed
for merchants with medium to high capacity transaction
processing, cGate® is a high-speed and secure,
platform-independent Internet payment gateway.
FAC provides a variety of processing methods
including real-time, batch and MOTO. All methods
can process sales, authorizations only, captures
and refund or reversal transaction types.
Business solutions such as 3-D Secure™
Payer Authentication (Verified by VISA and MasterCard
SecureCode™) for chargeback liability
shift, Virtual Corporations and multi-currency,
multi-jurisdictional, payment solutions are
also available.
FAC
offers international payment solutions in many
jurisdictions across the Latin American Caribbean
Region, Europe and Pan Asian Region.
Uniquely
positioned to provide MasterCard® and Visa
credit card processing across a wide-range of
industries ranging from legal online pharmacies
to VoIP companies, leading retailers, stored
value card providers and travel-related businesses,
all FAC solutions are for direct merchant accounts
only with various partner banks around the world.
QuoVadis
is focusing its operation on digital certification
which will support the use of e-signatures,
for offshore-based companies. QuoVadis' digital
certification will act in much the same way
as a passport does to verify identification.
QuoVadis' technology - called Public Key Infrastructure
(PKI) -- is the leading solution to address
the security, authentication, and non-repudiation
issues associated with e-commerce. PKI operates
through the provision of digital certificates
that act as 'digital passports' and uniquely
identify the parties to any on-line transaction.
Bermuda's Minister
for Telecommunications and E-Commerce, The Hon.
Renee Webb, stated "In 1999, Bermuda was
one of the first jurisdictions worldwide to
enact legislation dealing with the formation
of electronic contracts and the validity of
digital signatures. The Bermuda Government is
pleased to work with QuoVadis to continue to
establish Bermuda as the premiere international
platform for electronic transactions."
QuoVadis is developing
a secure network facility in Bermuda to host
its Bermuda operations, and the company already
has initiatives underway to enter other offshore
jurisdictions. QuoVadis is backed by investment
from eVentureCentre, an e-commerce incubator
formed by a Bermuda-based member of the Centre
Group (part of the Zurich Financial Services
Group) and Paragon Bermuda Limited (an IT consultancy).
QuoVadis has contracted
with Baltimore Technologies - a Dublin-based
computer security firm and member of the FTSE
100 - to develop its certificate authority.
Baltimore Technologies has over 700 employees
in more than 20 cities worldwide and supplies
the technology behind more than 400 CAs globally.
Steve Bradshaw,
Global Strategic Development Director at Baltimore
Technologies comments "Baltimore Technologies
believes that offshore financial centres such
as Bermuda will be important focal points for
international electronic business. Bermuda,
with its solid public/private partnership between
government and business, had great foresight
in its early adoption of enabling legislation
for e-commerce. QuoVadis will be a strong force
for e-commerce companies looking to build trust
into their international transactions."
In February 2000,
The Bank of Butterfield and local e-commerce
payment provider Coral Capital announced that
they would team up to offer e-commerce payment
solutions for local and international merchants
through a new company called Promisant. The
new venture will allow companies wishing to
establish an offshore presence to process electronic
transactions via the Internet, with Bank of
Butterfield providing merchant accounts for
businesses to receive on-line payments processed
through Promisant’s integrated payment
solution.
Coral Capital was
formed in 1999 and has established the first
internationally certified payment gateway to
First Data Corporation, the world’s largest
third party payment processor. The Coral Capital
Ltd. Electronic Commerce Act of 1999 was passed
by the Bermuda Parliament in August last year.
In October, 2000
Cable and Wireless announced plans to
invest $50 million in E-business solutions in
the Caribbean and Atlantic region. Bermuda will
play a leading role with the establishment of
the company’s first E-business Solutions
Centre in the region. The 3,000 square foot
facility will provide “world class Web
hosting and online payment processing solution,”
said Cable and Wireless in a press release.
“But if the market for offshore E-business
grows as quickly as we believe it will, we expect
to expand our operations elsewhere in the region.”
The investment will be spread over the next
five years and builds on plans to develop a
network of web hosting centres in America, Europe
and Asia.
However, also
in 2000, EBS Ltd, which traded under the name
EOCnet.com, pulled the plug after failing
to live up to the hype generated over its launch.
EBS Ltd began in March, 1999 as an electronic
brokering service, and appeared to have carved
out a unique market niche after its EBS Limited
Act (private bill) was passed by the Bermuda
Parliament allowing it to set up an internet
payment processing service in Bermuda for non-resident
businesses.
This comprehensive
Act formed a model for much of the e-commerce
legislation that was later passed in Bermuda.
The hype over EBS Ltd began in October, 1999 when
as EOCnet.com it began offering virtual 'e-suites'
- a 'turnkey' offshore e-commerce solution that
allowed web merchants to set-up a virtual holding
company based in Bermuda over the internet.
| Dubai
|
|
In 2001 homegrown
B2B portal Businessdubai.com became the
first in the Middle East and Africa to become
fully integrated with the world's online vendor
rating service offered by Societe Generale de
Surveillance SA (SGS). The portal was the first
B2B e-marketplace to set up shop in the region
when it began operations a year ago. "Our
integration with SGS is aimed at providing more
confidence and trust to both buyer and seller
alike, using our portal to conduct e-commerce,"
General Manager Animesh Basu said.
SGS, involved in
verification, testing and certification, offers
SGSonSite vendor rating, to raise the level
of trust in the international online trade environment
in the Middle East. Basu said the portal has
to date attracted a positive response, and expected
to achieve break-even by year-end. "We
have a membership of 5,583 companies from 113
countries, and daily record 12-15 transactions.
Hitherto, 53 deals have been concluded, representing
turnover of $3.3 million."
He added that a
survey with existing users found that of over
300 respondents, 46 per cent said they would
be willing to pay for the service.
He expected advertising
to constitute 20-30 per cent of its revenues,
but added that the company is focussed on tackling
the marketing of the portal and building transactional
volumes up to critical mass. Businessdubai.com
is located in Dubai Internet City and has been
trading online in a variety of different product
lines and commodities.
Richard Jeffrey,
managing director, SGS Gulf Ltd., explained
that its online facilities would provide such
services as a vendor rating programme, product
specifications verification, sample and inspection,
and other tradition services.
"SGSonSite
was launched at the end of third-quarter 2000
as a worldwide project," he said. "Trading
platforms in the U.S., Europe and the Far East
have already been integrated with this service."
He pointed out that
the coming aboard of the Mideast region so quickly
demonstrates the advanced level of e-business
development here, as also the recognition of the
need for the "trust factor" in online
trade.
| Gibraltar
|
|
Gibraltar's labour/liberal
opposition say that Gibraltar needs "action,
not words" on e-commerce, and has accused
the government of "gimmicks and empty media
sound-bites." It describes the latest (May,
2001) government announcement on e-commerce
as having consisted "almost entirely of
meaningless jargon and a repetition of things
that have been said before."
The opposition
says it is "totally committed" to
the development of e-commerce and notes it voted
in favour of the e-commerce bill when it went
through the House of Assembly in March. "However,
we did so with a number of reservations. The
ordinance was the transposition into Gibraltar
law of the EU electronic commerce directive
and electronic signatures directive," said
a statement.
The government
has told the House that no applications have
been received for certification service providers.
Access to high speed bandwidth at a competitive
cost is also a basic problem that needs to be
addressed. The opposition says that not long
ago there were complaints that someone quoted
£17,000 a month for a 1 meg connection
in Gibraltar found that the same link from Spain
cost £450.
As regards a cable
link to Morocco, the opposition say it is worth
noting that the advert calling for the expression
of interest in this project appeared last August,
when six parties came forward. "The government
took eight months until April 2001 to meet with
four of them, and at the time of being questioned
in the last House, still had two more to meet,"
says the statement, adding that it is possible
to do things quickly and efficiently and to
do them well.
It is clear to the
opposition that an e-commerce law alone does not
necessarily mean that there will be more e-business.
"We fully support the development of e-commerce
in Gibraltar but believe that the government's
approach needs to centre more on moving with the
times than in making exaggerated claims,"
says the opposition.
Hong Kong and Bermuda-based
First Ecom.com, a global provider of
electronic payment processing systems, announced
in 2000 the addition of Wireless Transport Layer
Security (WTLS) protocol to its range of payment
processing solutions.
The addition of
this new protocol means that First Ecom-enabled
merchants can support credit card transactions
from Wireless Application Protocol (WAP) enabled
devices such as mobile phones.
WTLS is the wireless
equivalent to the widely used Secure Sockets
Layer (SSL) protocol found between browsers
and servers. WTLS provides the key security
elements of confidentiality, integrity and authentication.
This technology creates new business opportunities
for merchants by providing consumers a means
to transact e-commerce securely using WAP enabled
devices.
The use of WAP
technology empowers users of wireless devices
to easily and directly access live interactive
information services and applications such as
email, weather and traffic alerts, news, sports
and information services and electronic commerce.
This new technology is now extended to merchants,
who can create web pages that detect requests
coming from a WAP browser handset and respond
by converting standard Hyper-Text Markup Language
(HTML) pages to Wireless Markup Language (WML)
pages, which can be read by the consumer. Numerous
WAP applications are currently available, including
solutions from various First Ecom.com partners
such as Sybase, Intershop Communications and
Jade Pacific Corporation.
As a global provider
of electronic payment processing, First Ecom.com
provides secure, easy-to-implement and low-cost
online payment processing services to merchants
and banks worldwide. Through strategic partnerships
with banks, ISPs, e-commerce product suppliers,
system integrators and storefront solution providers,
First Ecom.com will process credit card transactions
made over the Internet in multiple currencies,
either domestically or offshore in a tax-neutral
jurisdiction.
First Ecom.com
is a member of Digital Island's Global Partner
Program, and promotes Digital Island's interactive
network and content delivery services, which
allow companies competing in global markets
to quickly implement e-Business initiatives.
Digital Island customers can also have access
to First Ecom.com's multi-currency Internet
Payment Gateway, which has been designed to
enable banks to offer payment processing services
to businesses worldwide.
In 2000, First
Ecom.com formed many partnerships in the Asian
region to help implement its low cost, real-time
multi-currency payment processing solution.
Partnering with leading web developers and systems
integrators allows First Ecom.com to quickly
deploy its electronic payment processing solution
to banks and their merchants at very low cost.
First Ecom.com Inc., which is listed on NASDAQ
reported a net loss of $17.81 million for the
year to the end of December 2000. During the
year, First Ecom had both bought and closed
down the same Internet firm. The company reported
cash reserves of $31 million as of December
31, 2000.
First Ecom's main
products consist of payment processing services
for Asian Web merchants and a payment gateway
sold to Asian banks.
The Hong Kong Government
has established a recognised public certification
authority (CA) through the Hongkong Post
to enable an early implementation of a public
key infrastructure (PKI) in Hong Kong. In 2000
Hong Kong enacted the Electronic Transactions
Ordinance which paved the way for its drive
to implement the new infrastructure including
the creation of the public certification authority
and a local public key infrastructure (PKI).
In 2001, Hong Kong's
certification authority, the Hongkong Post,
signed a Memorandum of Understanding (MOU) with
the Korea Information Certificate Authority
to establish a framework of cross-border cooperation
for issuing digital certificates. The MOU enables
both organisations to create policies concerning
digital certificates, promote an open and seamless
infrastructure, and develop open PKI based applications
to facilitate secure cross-border transactions
over the Internet.
Since January of
2000 the Hongkong Post has operated as the first
territory's first publicly recognised Certificate
Authority as a 'digital certificate repository
to allow the public to verify the validity of
the digital certificates.' The digital certificate
issued by Hongkong Post, officially known as
the e-Cert, provides a secure and trusted e-commerce
environment in which Internet users can authenticate
the identity of the digital certificate holders
online.
Hongkong Post and
Irish-based company Baltimore Technologies
have joined forces to supply businesses and
individuals in Hong Kong with the first wireless
transport layer security mobile certification
authority service in Asia. Both companies announced
earlier this year that they have signed a Memorandum
of Understanding (MOU) which will secure mobile
commerce, enabling customers in Hong Kong to
conduct online transactions such as bill payments
securely via mobile devices.
Hongkong Post's
Certificate Authority will be the only officially
recogised organisation in Hong Kong providing
services for all areas of the public and private
areas. In addition to the company's recently
launched e-Cert services, Hongkong Post says
it is seeking to provide additional certificate
types to address the unique commercial and organisational
needs of institutions such as banks and mobile
operators. Baltimore Technologies will assist
the Hongkong Post in developing a Public Key
Infrastructure (PKI) framework for trusted mobile
commerce.
The Hong Kong
Society of Accountants (HKSA) has launched
a new audit service helping companies to test
the security of their online systems. HKSA introduced
the new service, called WebTrust, to act as
a certification service for e-commerce firms
and to meet the increasing demand of Hong Kong-based
companies that are conducting business over
the Internet and who wish to satisfy existing
and potential clients of a high standard of
online security safety measures.
WebTrust works
by reviewing areas such as system security,
steps taken to protect confidential customer
details and their privacy, and the integrity
of business practices. To show that the e-companies
have met the WebTrust seal of quality, an icon
will be displayed on their web site.
The WebTrust service
is an international e-commerce trust programme
jointly developed by the American Institute
of Certified Public Accountants and the Canadian
Institute of Chartered Accountants, who state:
'The WebTrust seal of assurance combines high
standards for e-commerce activities with the
requirement for independent verification.
Early in 2001 the
Hong Kong government launched the Internet version
of the Electronic Service Delivery (ESD) scheme,
which will provide a wide range of public services
online. Hong Kong citizens are able to access
various public services, such as payment of
government fees, submission of tax returns,
voter registration, renewal of driving and vehicle
licences, change of personal address and so
forth via the Internet. The service is available
24 hours a day, seven days a week.
ESD services are
also be available through public information
kiosks installed at various locations, including
railway stations, supermarkets and shopping
centres. An official said: 'Some ESD applications
require digital signatures using digital certificates
issued by a recognised certification authority
to authenticate the identity of users. The public
may apply for digital certificates from the
post offices.'
The ESD scheme is
a key initiative under the Hong Kong government's
Digital 21 Information Technology Strategy and
provides an open and common platform for carrying
out electronic transactions with the government
in a safe and secure environment.
In December, 2000,
First Data Corporation (FDC), a US giant in
the field of electronic commerce and payment
services, announced this week that it was to
acquire a 25 per cent stake in Fexco,
one of Ireland's largest financial services
companies which employs over 800 people at its
corporate headquarters in Ireland and in offices
in London, Edinburgh, Madrid, Malta and Dubai.
Terms of the deal were not disclosed, although
the Irish Times reported that estimates put
the purchase price at around I£50m.
Fexco provides a range of business-to-business
and consumer financial services, including multi-currency
credit card processing, tax reclaim, international
payments, tourism services, prize bond management
and stockbroking. In addition to its Bureau
de Change business, the company also operates
the Western Union franchises in Ireland, the
UK, Spain, Malta and Gibraltar and has been
a partner of FDC since 1994. Fexco’s investments
in the financial services sector internationally
include Global Refund, the world leader in VAT
refunding services.
A statement from
Fexco said: 'The alliance with First Data will
enable Fexco to access new merchant and bank
customers through First Data’s global distribution
system, which includes 1,400 financial institution
clients and 2 million merchant locations globally.
In addition Fexco will provide a range of processing
services to First Data and its customers in
foreign exchange and e-commerce payments.'
Brian McCarthy,
chairman of Fexco, commented on the deal: 'We
very much welcome this milestone investment
by First Data in Fexco, which will provide us
with tremendous new opportunities to accelerate
the growth of our payment processing services
globally. We have been working with First Data
in Europe for several years and we have developed
an excellent relationship with the company and
identified many areas of synergy in our operations
internationally. Through the commitment of its
employees in Ireland and around the world, Fexco
has built a very successful transaction processing
business in a highly competitive marketplace.
This investment by First Data means a huge leap
forward to the further globalization of Fexco’s
business. We look forward to the exciting opportunities
that lie ahead.'
Charlie Fote, FDC
president and chief operating officer, said:
'This investment is yet another step in our
journey to build a truly international franchise
for First Data. We have given ourselves a considerable
edge by investing in companies that have complementary
competencies, strong operating track records
and a depth of local knowledge and relationships.
Clearly, Fexco's strong experience in providing
multi-currency payment services will complement
First Data’s delivery of payment processing
services in Europe, but also in the US and beyond.'
Clikpay
is Ireland's first indigenous system for processing
credit card transactions over the internet.
Clikpay consists of software that can be housed
on the merchant's own site or by their Internet
Service Provider (ISP). The exiting order form
on the merchant's web site is then linked through
the Clikpay payment software to the Bank's server.
Once an online purchase is initiated, the payment
information is encrypted and secured through
a link to the Bank's server. Confirmation of
the approved transaction is then sent from the
Bank to the merchant, enabling the merchant
to proceed with shipping the purchase. All transaction
processing is centered at the Bank so that the
merchant can rely on a highly managed IT infrastructure.
Clikpay has been
designed so that minimal software is maintained
at the merchant's site. This facilitates ease
of integration with the merchant's shopping
mall software. The Clikpay software resides
on the merchant's web-server and will service
requests to provide order information to the
Bank's system. It is the function of the shopping
mall software to generate order files for every
purchase made and also to update the status
of each order to reflect when the actual goods
have been shipped.
Providing a secure
mechanism for the transmission of sensitive
data has been a prime consideration in the design
of Clikpay. It uses the Secure Sockets Layer
(SSL) protocol to ensure that all credit card
details are subject to 128-bit encryption during
transmission from the customer to the Bank's
server. Information which is transmitted between
the merchant and customer is encrypted using
40-bit SSL. In addition, a customer's credit
card details are only transmitted to the Bank
and are never sent to the merchant. Bank of
Ireland will always provide site verification
information (signed certificate) to the customer
to ensure that he/she can validate that they
are using secure communications directly to
the Bank.
Clikpay provides complete
functionality for merchant payment processing,
including authorization, capture and clearance.
Clearing is done on a batch basis. The initial
release provides support for VISA and Mastercard
credit cards and support for Dollar, Irish Pound,
Sterling and Euro currencies.
| Isle
of Man |
|
Last November WISekey,
a worldwide leader in certification authority
and public key infrastructure, announced that
it had created WISeOffshore, an internet initiative
to provide specialized services and applications
for offshore jurisdictions and their financial
institutions. But the Manx-based service has
now been put on hold much to the disappointment
of the Island's e-commerce sector.
WISeOffshore was
viewed as a major opportunity for the island
and described by Treasury Minister, Richard
Corkhill, as 'excellent news for the future
of the Isle of Man as a centre of excellence
for e-commerce.' Director of E-Commerce, Tim
Craine, also enthused at the prospect of the
WISeOffshore initiative, saying: 'I was delighted
to hear of the decision by WISeKey to locate
their new venture on the Isle of Man, especially
as they had carried out such a detailed evaluation
of other jurisdictions before arriving at their
final decision.'
The aim of the
website was to enable offshore financial institutions
to improve their transaction efficiency and
comply with "Know Your Client" requirements.
WISekey said it had received 'unprecedented
immediate support' in achieving its objectives
through take up by financial institutions such
as the Royal Bank of Scotland International,
FsharpBank (Bank of Ireland), Abbey National
Offshore, Isle of Man Assurance, Bank of Bermuda,
Isle of Man Business School, Skanco and Cains
Advocates. All the institutions, via WISeOffshore's
services, would be given the opportunity to
issue digital certificates and use Mail Secure
to secure transactions.
Cains advocate
and director of WISeoffshore, David Sherlock
explained that the Financial Action Task Force
(FATF) has not yet given the go-ahead for electronic
know your customer services (e-KYC). But he
estimated the website could be operational within
the next three months. A philosophical Tim Craine
said: 'I can understand the reasons for the
delay. There have been changes in the market
environment since the launch that no-one could
have predicted, particularly dot com failures.'
But there is some speculation in the Isle of
Man media that it could take up to a year before
the site is fully operational.
However, WISekey's
president, Carlos Moreira, told the Isle of
Man Business News that the project will be 'operational
in different stages' and plans for the project
are still underway, adding services such as
the TrustEportal application (which involves
the WISeOffshore certification and know your
customer services) are currently undergoing
tests.
He stated: 'The
e-KYC component of WISeOffshore is only one
aspect of the company and is not a requirement
for full operations. It will only apply once
digital certificates are used for financial
transactions, but before that WISeOffshore will
certify individuals and companies and will be
used on technologies such as third-generation
mobile phones.'
He added: 'The
company is now fully registered in the Isle
of Man with 100 per cent ownership from WISekey.
We are now inviting other groups in the Isle
of Man to join the project.'
The Isle of Man's
Financial Supervision Commission (FSC)
has released its 1999/2000 annual report, in
which it highlights the government's strategy
for promoting the island as a centre of excellence
for e-commerce, but it also urges caution with
regards to the security of electronic transactions
at such a crucial stage of the island's e-commerce
development.
The FSC supported
the government's commitment to cement the Isle
of Man's reputation as an e-commerce hub with
particular regard to electronic security in
the form of the new Electronic Transactions
legislation, which it believes is vital in attracting
e-businesses to the island.
In the report,
the FSC recognises that the 'principles of its
regulations and much of its supervisory guidance
are set at a relatively high level' but the
FSC continues on a cautious note: 'Nevertheless
the ability to transact business electronically
and in a paperless manner presents many new
risks, some of which management may not have
recognised or even fully understood. At this
evolutionary stage of e-business there is scope
for errors or losses to occur well before they
become apparent, and licence holders must be
watchful for this.'
FSC chief executive
John Aspden says the infrastructure required to
develop the island as an innovative centre for
offshore e-financial services is now in place.
In the introduction to the report he states: 'The
Commission has worked closely with licence holders
as their plans in this area have developed, and
responds positively to soundly based proposals.'
| Luxembourg
|
|
There are three
options for payment processing in Luxembourg.
Some ISPs can accept an e-commerce company's
payments through their own accounts, or those
partnered with WorldPay, for example, can set
up acounts for an e-commerce company. Finally,
there is a DIY option for e-commerce businesses:
Luxembourg-registered companies can use the
online processing system launched in June 2000
by the Centre de Transferts Electroniques (Cetres).
BACK
TO CONTENTS
The
Future For Offshore E-Commerce Payment Processing
The big problem
for any offshore jurisdiction wanting to set
up in payment processing, and to a lesser extent
in certification, is that these services don't
need to be provided from offshore. During an
e-commerce transaction, there comes a moment
at which payment needs to be effected, and that
usually means that a credit card transaction
has to take place. As much as there are tax
advantages in making sure that the server on
which the contract is made is in a low- or no-tax
area, it's not likely that the location in which
payment happens will have a tax implication.
This is not a totally
confident statement, because the OECD TAG (Technical
Action Group) which is considering the taxability
of e-commerce transactions has yet to issue
its final report. But interim reports have gone
in the direction of saying that substantial
activity has to take place on a server before
it can constitute a 'permanent establishment',
ie before it would become liable for corporate
taxation in that jurisdiction. Some countries,
including the UK, say that the location of a
server is completely irrelevant. For the UK,
it is the location of management and control
that determines taxability; but most European
countries will probably remain true to their
bureaucratic 'civil code' mentalities and will
want precise rules to define when a server is
taxable.
Neither 'management
and control' nor 'substantial activity' is likely
to trap the mere effectuation of payment, when
the contract has been entered into elsewhere
- so few people think that it matters where
payment processing takes place.
That being the
case, it will probably be allowed to take place
vaguely 'in cyberspace' according to whatever
widely available set of programmes is used on
the Internet, and the location of the company
providing it will be of interest only to its
own shareholders. They may choose to locate
it offshore, for the same reasons that any company
providing virtual services would want to be
offshore - but that's only one dimension of
the location decision, and access to pools of
skilled labour is probably more important. A
small software company may be able to locate
in Bermuda, or at a stretch in Mauritius (where
there are some techies at any rate) but Microsoft
won't.
So it's not surprising
that offshore payment processing and certification
has developed only in those countries which
have substantial existing business infrastructure,
as well as appropriate legislation and good
connectivity, being Ireland, Hong Kong and Bermuda.
The Isle of Man is unexpectedly missing from
the list - but that is perhaps more because
Bermuda is unexpectedly on it, and that is due
to its proximity to America. And it can be predicted,
if this analysis is right, that Bermuda's e-commerce
providers will first make alliances with global
firms, and then be bought by them. It is inherently
improbable that a substantial e-commerce support
sector (other than the physical business of
hosting servers) will develop in any offshore
jurisdiction, unless it is completely open to
immigration, has a low cost profile, and is
very well connected. Few, if any, fit that specification.
BACK
TO CONTENTS
|
OFFSHORE-E-COM.COM
13/07 
