E-commerce Security and Regulatory Frameworks, Trading within and across Borders.

(Text of a paper delivered at the Stakeholders Engagement organized by the Standards Organization of Nigeria, on May 15, 2018, at Sheraton Hotel, Lagos)

Good afternoon Ladies & Gentlemen, I kindly stand on existing protocols. Before this paper is over, 2 out of every 10 people in the world who have decided to purchase a particular item, would likely have gone ahead to buy that item online. They would have moved on to other things compared to their peers who are about to start navigating the transportation bottleneck of where they reside in. However, what they get in convenience, they repay in anticipation of risk of something going wrong. Of the feeling of having just been scammed. Of the vendor not receiving payment. Of receiving an item different from what they ordered. Of receiving a bad or poor quality item. Of receiving the item late. Of never receiving the item at all. Of never getting a refund. And of regretting if they should have ever bought the item online at all.

The Standards Organisation of Nigeria has an interesting and audacious vision: to improve life through standardisation and quality assurance. Interesting because it establishes a relationship between a nation’s quality of standards and the possible quality of life of her people. Audacious, because the agency clearly defines her role through the lens of a life- giver, and not a “life-sniffer”, as agencies of government are sometimes perceived. It is on this premise and through this lens that this stakeholder engagement, organised by the organisation, begins to make clear sense. The rapid advancement of technology poses new challenges for the legal and regulatory framework of all countries, and by extension, the quality of life for those countries. Regulations that have traditionally developed at a leisurely pace must now catch up with technology’s incessantly rapid progress. One of such areas of rapid progress is e-commerce.

So, what is e-commerce? A good definition is from Techtarget, which defines e-commerce as the buying and selling of goods and services, or the transmitting of funds or data, over an electronic network, primarily the internet and mobile telephony. These business transactions occur either business-to-business (B2B); business-to-consumer (B2C); consumer-to-consumer (C2C), or consumer-to-business (C2B). E-commerce covers a wide range of transactions effected via mobile telephones and other devices such as personal computers and tablets, and purchases are often made by using applications and platforms. E-commerce is normally thought of in consumer protection terms in relation to business-to- consumer transactions, yet is not limited to such transactions. A business-to-consumer transaction requires the online presence of a trader to sell online and accept online orders. On the consumer side, the process requires Internet access to review products and acquire them online. A payment method needs to be specified, such as a credit card, electronic money, bank transfer or cash on delivery. Finally, the product must be delivered, either online for digital content products or to the consumer’s home or at a pick-up point for goods. This is a well-educated audience, so we wouldn’t dwell on the details of the different models of e-commerce, believing that almost everyone here is either a practitioner or stakeholder of at least one of the above listed e-commerce models. Purchases over the Internet usually involve businesses and consumers from different jurisdictions, which may have different regulations with respect to the key features of e- commerce, may lack specific frameworks applicable to the sale and acquisition of goods and services online and/or may not be equipped to act against unreliable traders in the context of e-commerce, whether at national or international levels

In 2017, retail e-commerce sales worldwide amounted to 2.3 trillion US dollars and e-retail revenues are projected to grow to 4.88 trillion US dollars in 2021.. While the massive opportunities in B2C commerce are becoming too big to ignore, B2B e-commerce worldwide is growing at monstrous rates, hitting $7.7 trillion in 2017. China accounts for about 30% of global B2C e-commerce and 78% of global B2B e-commerce. Despite this amazing stories of growth in other parts of the world, especially Asia, Nigeria’s e- commerce sector, with internet penetration of about 40% is arguably estimated at just $13bn.

Why such meagre penetration? There is an abundance of literature on the restraining factors for the proliferation of e-commerce in developing countries like Nigeria. This paper classifies these various factors into three broad categories. In establishing these factors, some inference is made by extrapolating some growth factors of successful markets.

• Infrastructure
• Trust
• Regulation

In July 2017, Jack Ma, one of Asia’s richest men and founder of Alibaba Group, the global e-commerce giant, came on a two-day trip to Africa, visiting Kenya and Rwanda. As an outcome of his visit, Jack Ma who is also the United Nations Committee on Trade & Development (UNCTAD) special adviser for young entrepreneurs and small business, made a commitment to help empower 1,000 entrepreneurs in developing countries over the next five years. In November 2017, I alongside 23 other African entrepreneurs, from 7 different African countries, were selected to participate in the inaugural 2-year e-founders fellowship, commencing with intensive courses at the Alibaba global campus in Hangzhou China. We also had the opportunity to experience the world’s biggest shopping festival in which Alibaba clocked $25.3 billon revenue in 24hours.

This paper will highlight some of my learnings on the program, as I further elaborate on the broad categories earlier mentioned.

Infrastructure

There are obvious infrastructural deficits that need to be overcome for the success and growth of e-commerce in the country. Of these lot, there are five infrastructure deficits that are arguably critical, namely, payments, logistics, local manufacturing, digital identity, and credit.

The importance of seamless digital and highly-penetrative payments is unassailable in e- commerce. However, Nigeria’s unbanked population remains quite high. A report, in March 2016, by Ericsson showed that 47 percent of Nigeria’s population is not in the banking system at all. For e-commerce to really take off, there has to be massive innovations in the areas of mobile payments and wallets, digital currencies as well as the adoption of scalable technologies like blockchain, that not only captures the bulk of transactions still happening in the informal company, but also guarantees the ease of exchange of value online. Alibaba’s success today has close correlations with the success of Alipay, her mobile and online payment platform.

Another severe constraint on the development of e-commerce in Nigeria is the inefficient logistics systems. E-commerce thrives on a robust infrastructure network of solid rail system, roads network and safe waterways. Just over a decade ago, the local logistics system in China was poorly developed, primitive and unreliable, presenting difficulties to the development of e-commerce in China for large-scale B2B and small-scale B2C transactions. The Chinese Post Office was also inefficient and in lack of staff skilled in e- commerce. Today, the turnaround of the logistics industry in China has been nothing short of a miracle. The past decade saw the birth and rapid development of the logistics industry. Without doubt, government’s aggressive investment in rails, roads and waterways paved the way. Coupled with this was the rapid growth of the manufacturing sector, which led to a boom in 3rd party logistics services, which in turn led to healthy competition in the industry.

Today, Alibaba’s Cainiao, which delivers some 55m parcels a day via teams of ships, trucks and bikes that operate on the Cainiao network, offers a model to consider. Cainiao understands that the logistics sector is the backbone infrastructure for China’s booming e- commerce market and that cheap delivery prices have also helped spur online shopping in China. By aggregating hundreds of courier companies and warehouses, Cainiao is a platform matching drivers with deliveries and streamlining labelling and other services.

This brings me to the next issue. The success and growth of local manufacturing is an important recipe for a vibrant e-commerce economy. E-commerce is a disruption of the traditional distribution channel of conglomerates and large organisations. These channels are huge, and serve as very high barrier to entry for new entrants. E-commerce eliminates this barrier. However, for e-commerce to thrive, it must deliver value at scale by aggregating a large set of sellers and drive price advantage because of seller competition. This combination can only happen in a manufacturer-seller market, as against a wholesaler-seller market. E-commerce players must therefore see their existence as a symbiotic relationship with the growth of the local manufacturing sector, and think of ways to encourage it. A careful examination of Alibaba’s rural Taobao model may help e- commerce players in Nigeria design a more effective model that factors in local manufacturing, and by extension boost the e-commerce space.

As customers increasingly turn online for choice and convenience, e-commerce players are under pressure to implement secure digital identification services in order to deliver optimised shopping experiences. There are also concerns regarding privacy, data breaches, fraud, and identity fraud. Identity, or rather the lack of identity, is at the root of these problems. The International Organisation for Standardisation (ISO) defines a digital identity as any “item inside or outside an information and communication technology system, such as a person, an organisation, a device, a subsystem, or a group of such items that has recognisably distinct existence.” In short, digital identity is a set of attributes associated with a person. Digital Identity provides the necessary proof-of-identity services to enable the shift towards e-commerce and reduce fraud. Without a digital identity, it’s difficult to match a customer with specific transactions — at least on the level they need to receive personalised ‘just in time’ experiences as customers move across different channels. Digital Identity gives e-commerce players and Government agencies the insight to make these connections and drive increased revenues across channels. It allows service providers to strengthen their relationship with customers and introduce new experiences that encourage further engagement and uptake. In the same sense, Digital Identity gives a higher level or protection against fraud and data breaches. By having a higher level of verification needed; the consumer, the agency and the retailer all have better assurance that the transactions are authentic and handled in a safe and secure manner. It is worthy of note to state that there have been accelerated efforts by the National Identity Management Commission (NIMC) for the widespread adoption of the National Identity Number.

A unified digital identity system unlocks credit, which is yet another big driver of growth for the e-commerce industry. While there have been a few innovations around credit, from key e-commerce players in the country, the limitations of mass adoption remain imposed by the absence of a unified digital identity system. Credit must flow both ways, providing liquidity that matches the lifestyle of buyers, and the opportunity of growth for sellers. When buyers buy more, sellers grow, and when sellers have more liquidity, the Gross Merchandise Volume(GMV) of the ecosystem also grows. E-commerce players must therefore continuously think of innovative ways to inject liquidity into the ecosystem through credit.

Trust

Ask everyone why e-commerce hasn’t taken flight on the continent, and trust is bound to be mentioned as frequently as infrastructure. One of the most severe restraining factors for the proliferation of e-commerce, is the lack of trust between buyers and sellers. The bigger challenge with trust is that, just like justice, trust must not only be established, it must also be seen to be established. I would focus on three key recommendations that e-commerce players can use to engender trust.

Alibaba Learnings:

Alibaba Group still largely operates as a marketplace across its multiple platforms, facilitating transactions, which are still primarily between sellers and buyers. Like all e- commerce transactions, the negotiation, payment and delivery does not necessarily happen at the same time. The transaction could therefore be broken at any point, if the basic trust between buyer and seller suffers similar fate. For example, if the buyer suspects the seller may send a low-quality item or nothing at all after paying, or the seller worries the buyer may refuse to pay after the item is delivered, then trust suffers. Even beyond these extremes, are subtler instances, for instance, when an item’s price is low enough because it is under sale — a usual tool for sellers to attract buyers — potential buyers may instead suspect the low price signals a low quality of the item. Such concerns hinders trust and thus the growth of the ecosystem. A few key learnings from what the group has done in building trust.

First, trust must be built both ex ante and ex post. Buyers need to be provided a list of sellers to decide from whom to buy before purchasing occurs. To help the filtering process, the platforms provide a small business credit rating system to document sales information, number of fraud occurrence, rating score summing feedbacks from previous buyers, etc. In addition, buyers can view all written feedbacks from previous buyers and the sellers’ reply, as to judge the item’s quality or the seller’s service altitude. The rating and feedbacks are from previous buyers, which increase its credibility. To prevent sellers from manipulating it’s rating score by hiring shell buyers or trading small digital items, the system also provides scores for only main business where manipulating is more difficult or too costly. As claimed by Alibaba, the small business credit rating system was the very the first one in mainland China.

Ex post, after the purchasing occurs, the buyers are reassured a way to return or change items should a low quality/damage debate occurs. On Taobao.com, a consumer warranty is provided and sellers have the option to join or not; also, sellers can choose to deposit a certain amount of funds which is used exclusively for warranty. By joining the warranty programme and depositing, the sellers both signal themselves out from other sellers and also reassure the potential buyers of responsive return/change if needed. Both ex ante screening and ex post warranty increase buyers’ confidence and thus facilitate transaction, and these two activities do not substitute each other.

Second, the programs differ for different platforms due to the different nature of potential fraud. An intuitive example is from the difference of Alibaba.com and Taobao.com. On the former platform, where trades are of large volume per transaction and repeated trades more likely to occur, knowing the identity of trade partner is more important. Accordingly, Alibaba.com provides much more detailed information on sellers’ identity, including the location, business, name and contact of legal representatives, as well as legal documents like production license, etc. Buyers on Alibaba.com, usually also small business, have a higher ability to track sellers if a fraud occurs than buyers on Taobao.com, so warranty is more emphasised on Taobao.com than on Alibaba.com. Also, Alibaba.com does not adopt the same credit scoring system as on Taobao.com which requires a large number of purchasing occurrences. Instead, it provides a number of years membership icon to indicate the supplier has been listed on the platform for x years.

Trust-building programs must therefore be understood from the applicable operations of different platforms, and must always be evident to all stakeholders.

Blockchain

While the NIMC pushes for the adoption of NIN, I believe that e-commerce players should lead the way, through collaborative effort, for the adoption of blockchain-enabled identity ecosystem. I am not a blockchain expert, and would therefore not focus on the technical details, but with my layman understanding of blockchain, and it’s revolutionary power for democratising trust, I appreciate it’s role in how trust would be built and cultivated going forward. The blockchain name provides a good visual reference for how the technology works. Blockchains are digital ledgers that uses cryptography (in this case a way to protect digital information through encryption) to store blocks of data that are chronologically chained together through virtual networks distributed throughout the world. Copies are stored around the internet, making it difficult to falsify information.

While blockchains have been around since at least 2008, they have gained traction mostly in the past several years with the rise of cryptocurrency. Larger organisations and startups are now exploring this technology as a solution for improving transactions of all sorts, from bank transfers and legal contracts to prominent use cases in identity management.

An example is Civic, which allows users to authenticate and verify the use of their information in real-time. The app also helps organisations expedite the process of, and cut costs for, identity verification. An individual can download the app to their smartphone and use it like a virtual ID card. Civic Identity Partners, such as a government agency, can push authenticated identity information to the app while also acting as a trusted authentication authority. Since this is all done via blockchain, Civic does not store the data on a single, hackable server. Users also access their accounts through biometric verification (fingerprint or 3D facial recognition) which provides an extra level of security should the user lose their smartphone.

When a user needs to submit proof of identity for a new bank account, for example, the bank can verify the person’s identity and risk much faster because the app would stand in place of the current KYC process. The user would scan a QR code from the bank, submitting a request for information. Once the account holder approves the request, the bank receives a verification and the transaction is recorded on the blockchain.

Social Reputation

In a world of Big Data, from facial recognition to surveillance, we are entering a world of total transparency where online activities and purchases can be ranked and profiled. No bigger place where your social reputation can be more relevant than in e-commerce.

Social lender, a company from Nigeria, is a lending solution based on social reputation on mobile, online and social media platforms. Social Lender uses proprietary algorithm to perform a social audit of the user on social media, online and other related platforms and gives a Social Reputation Score to each user. Loans are guaranteed by the user’s social profile and network allowing users to then borrow from banks and other financial institutions based on their social reputation.

Social reputation models like social lender’s, may need to be considered by the e- commerce players as not only a predictor of behaviour by seller and buyers, but also to encourage good behaviours and discourage bad behaviours. A world where bad-behaviour on a ride-hailing platform affects the level of discount I get on a product on an e-commerce platform isn’t science fiction anymore.

Regulation

I have intentionally chosen to highlight the role of regulation last. E-commerce growth opens up a lot of opportunities. Despite these opportunities, e-commerce buyers (e- consumers) often seem to be at a disadvantaged position compared to sellers or platform operators. The impersonality of e-commerce weakens the relationship between providers and consumers, thereby increasing consumer vulnerability. The web-based environment is highly susceptible to unfair commercial practices. Therefore, consumer trust in digital markets is one of the main challenges in the development of e-commerce, and thus the need to come up with regulatory framework and standards that protects the e-consumer is of utmost importance. The underlying principle is to ensure a level of protection for consumers using e-commerce that is not less than that afforded in other forms of commerce.

The United Nations in 1996 adopted the United Nations’ Commission on International Trade Law (UNCITRAL) Model Law on e-commerce. The UN adopted the Model Law to serve as pioneer e-commerce legislation for countries to copy and enact in their respective domains. The aim of the Model Law is to eliminate barriers as well as obstacles coming in the way of electronic documents, especially regarding their enforceability before courts of law. It is also the aim of the Model Law to ensure that the practices of member states in the area of e-commerce, as an emerging practice in commercial transactions, is uniform and of an acceptable standard. Thus, Member States were enjoined to enact laws and establish institutions that conform substantially to the provisions of the Model Law.

In 2017, Nigeria passed the Electronic Transaction Bill which provides a legal and regulatory framework for conducting electronic transactions , protects the rights of the consumers and other parties in electronic transactions and services, and ultimately facilitates e-commerce. I will highlight some important parts of the passed bill, especially as it concerns the role of a standards agency.

Rights of data owner and the liability of data holder

With major data security breaches that have been recently recorded globally, including Twitter, e-commerce players must therefore pay further attention to the technical and organisational measures taken to protect personal data against accidental loss and against unauthorised alteration, processing, disclosure or access, especially where it involves transmission over a network. Within this context, the role of decentralised data storage, like I earlier advocated for, again becomes relevant. It is therefore recommended that the standards organisation consult with the National Information Technology Development Agency (NITDA), charged with the oversight for this provision, to develop appropriate standards for data classification, submission, processing, protection and storage.

Consumer Protection

The bill dictates that “A service provider or vendor shall provide a consumer with sufficient and relevant information to enable informed decisions on the part of that consumer. Such information shall be (i) clearly presented in a language the consumer understands (ii) accurate (iii) conspicuously displayed at appropriate stages of the consumer’s decision making particularly before the consumer confirms transactions or provides any personal information; and {iv) capable of being saved or printed by the consumer.” Information asymmetry is more prominent in e-commerce due to the nature of the Internet and complexity of terms and conditions to which consumers may not always have timely access. Therefore, consumers are more vulnerable online to misleading and deceptive conduct. To make informed purchasing decisions in e-commerce transactions, consumers need relevant and accurate information about goods and services and the traders supplying them.The standards organisation through stakeholder consultations such as this must therefore help articulate and standardise what constitutes “sufficient”, “relevant”, “accurate” and “conspicuous” information. An international instrument in this area, the Organisation for Economic Cooperation and Development (OECD) Recommendation of the Council on Consumer Protection in E-Commerce, revised in 2016 offers a good recommendations.

To minimise fraudulent practices, the ETB 2017 also states that a service provider or vendor shall identify itself and provide information about its business policies, and practices stating enquiry, complaint and claim procedures, warranty or other support services related to its goods or services before commencement of transaction. This would include the name of the service provider or vendor, description of goods or services, full price, shipping and other charges, payment methods, delivery time and a record of the transaction after completion. One of the common challenges consumers face in developing countries is the difficulty of establishing the identity and location of a provider of products online. The OECD recommendation also details the types of information that businesses should make available to consumers. Beyond this, the standards organisation, working with the Consumer Protection Council (CPC) could thus focus on appropriate consumer education campaigns to enable people to make informed choices of goods and services and to raise awareness of their rights and responsibilities. Special attention should be given to the needs of vulnerable and disadvantaged consumers, in both rural and urban areas, including low-income consumers and those with low or non-existent literacy levels. This would not only endear trust on the part of the consumers, but also drive adoption on the part of the e-commerce players.

Consumers face a number of challenges during the purchase phase after they have decided to buy a certain product online. The most common challenges at this stage include unfair contract terms, online payment security and data protection and privacy, including in non-monetary transactions. Contract terms define the rights and duties of the parties bound by them. Contract terms stipulated by e-commerce players must be clear, concise and easy to understand to be considered fair. Accurate, and not misleading, information in relation to contract terms and conditions for good business practices, must always be disclosed. Regulation should ensure that service providers provide easy access to such information, especially to the key terms and conditions, regardless of the means of technology used.

Mobile devices are increasingly being used to make consumer-to-consumer and business- to-consumer payments in Nigeria, to solve the challenge of access to financial services, by a large number of the population. However, online and mobile payment systems increasingly present challenges for consumers. Challenges include accessibility of data by unauthorised third parties, delays in receipts of payments by traders, irreversible payments, late confirmations; and payments blocked between the bank, payment gateway or company to which payment was made without the consumer being aware of where the payment has been detained. Regulation must therefore be at the vanguard of a transparent process for the confirmation, cancellation, return and refund of transactions. Escrow system of payment are increasingly providing fair, accessible, rapid and low-cost online mediation, and one which regulators need to pay attention to, beyond pay on delivery. The goal is for regulators to develop minimum levels of consumer protection for e- commerce payments, regardless of the payment mechanism used, and considering consumers who are more vulnerable due to their age, experience or digital literacy.

The bill further gives NITDA the authority regarding other critical issues which relate to consumer protection including procedures for dealing with complaints as well as procedures for dispute resolution, payable compensation in the case of a default in service delivery. The pragmatic approach of the standards organisation must thus be applauded and proactively extended to collaborating with NITDA, CPC and Service Providers in drafting these standards and procedures. Learnings can be taken from places like Malaysia where e-consumers are afforded a speedy and cheap means of settling disputes. Consumers who are dissatisfied with online dealings can file their claims in the Tribunal for Consumer Claims (TCC). Lodging a complaint before the TCC is free and parties are free to settle their differences on their own. The TCC can hear, and determine complaint ex parte provided there is proof of service on the respondent. In Brazil, the National Consumer Secretariat created an online conciliation mechanism in 2014, a public service which allows direct exchanges between consumers and providers to resolve disputes online. Currently, 80 per cent of complaints are conciliated, satisfying consumer complaints in an average 7 days. Participation is only open to companies that voluntarily and formally register in the system. Mexico launched an online dispute resolution mechanism in 2008, hosted by the Office of the Federal Prosecutor for the Consumer. The mechanism provides consumers who have purchased goods or services, either online or offline, access to a paperless and bureaucracy-free conciliation system, through which they can initiate and resolve complaints on an Internet- based virtual platform. Remedies available to the consumer can take the form of damages, order against the respondent to supply or resupply the purchased goods and such other orders as the Tribunal might deem fit to make in the circumstances of each case.

Cross-border e-commerce

According to UNCTAD, cross-border e-commerce brings together consumers and businesses from different jurisdictions and therefore presents the following particular challenges for consumers:

(a) Dealing with unfamiliar brands in an unfamiliar language

(b) Lack of certainty in receiving a product as described or ordered

(c) Hidden costs, including those related to customs duties and currency conversion, as well as shipping or delivery

(d) Conformity of products to local standards

(e) Lack of clarity on protections afforded by a seller’s jurisdiction, redress available in the event of a dispute and enforcement of awards due to consumers.

To effectively protect consumers within Nigeria, the CPC and SON must be empowered with authority to investigate, pursue, obtain and, where appropriate, share relevant information and evidence, particularly on matters relating to cross-border fraudulent and deceptive commercial practices. This authority must also encompass a working collaboration with foreign consumer protection enforcement agencies and other appropriate foreign counterparts.

In conclusion, this paper was titled “E-commerce Security and Regulatory Framework, Trading within and across border”. The realities and opportunities of e-commerce have been well established. However, these opportunities cannot be fully taken advantage of, without a critical look at the challenges to proliferation of e-commerce in the country. By taking a look at these challenges, the paper fashioned out a framework for assessing security and regulation within a global landscape. It also referenced models from Asia as case-studies for e-commerce providers to collaboratively build out a thriving ecosystem. The paper further argues that protecting the e-consumer must be at the heart of statutory standards, and examines the status of relevant legislation in the country. In the end, the Standards Organisation of Nigeria must take on the role of an enabler, facilitating interagency collaborations and wide stakeholder engagements.

Beyond that, the organisation must recognise her role as eliminating the fears of those who have performed an electronic commercial transaction, while this paper was being presented. Failure to do so would lead to a breeding ground for dissatisfied, distrustful and regretful consumers, who are ultimately toxic to the growth of a vibrant e-commerce ecosystem. By taking the recommendations in this paper, the organisation would truly be living up to her vision of “Improving life through standardisation and quality assurance.” This is the right approach for an organisation seeking to stay on top in a world that is already fast evolving beyond e-commerce to new retail, the integration of offline and online commerce in one.