1 E-COMMERCE LAW AND ELECTRONIC TRANSACTIONS IN PHILIPPINE SETTING Naomi Therese F.

Corpuz

INTRODUCTION...3 I. E-COMMERCE ACT: THE NEED FOR THE LEGISLATION AND HISTORY...........................3 II. SENDING AND ACCEPTING PAYMENTS ONLINE5 A. BUYING AND TRADING ONLINE...5 B. ACCEPTING PAYMENTS ONLINE.7 1. Remittance Centers.....7 2. Mobile payments..8 3. Payment Gateway ...8 a) Paypal and others9 b) Credit Card Payments..9 C. RISKS IN ONLINE PAYMENTS10 1. Company Policies..10 2. Issues on Jurisdiction 11 3. Privacy as a cost....12 4. B2C (Business to Consumer) Transactions.......15 III. CONCLUSION17

2 E-COMMERCE LAW AND ELECTRONIC TRANSACTIONS IN PHILIPPINE SETTING* Naomi Therese F. Corpuz**

When the passage of the E-Commerce Act, RA 8792 was effected on June 14, 2000 the electronic data and contracts enjoyed the same legal status of contracts that are manually rendered. From then on, the Philippines which is the fourth country after Malaysia, Singapore and Korea to implement a law on e-commerce13 is slowly able to attract foreign investors on electronic commerce ventures. Being an English-speaking country it has also been a region for outsourcing even before the laws enactment. America Online alone has 700 Filipino employees in the Clark Development Zone, and the same with Andersen Consulting, Caltex and Proctor and Gamble multinational companies which outsource operations in the country14. After the law was passed to provide secure legal framework and environment for e-commerce, investments on electronic commerce such as call centers have been steadily rising15. These developments and the passage of the E-Commerce law promote the Philippines as an Information Technology (IT) region. Prior to these, our third-world country has earned negative reputation after the I Love You virus that crashed computer networks worldwide was traced to have originated from the Philippines16 and the country was crossed out from the list of PayPal (a company providing credit card service online) years ago due to a massive credit card fraud that had happened17. Electronic mail and search engines were the reasons why people apply for internet connection for their homes at the start of the Internet age. Today, even large businesses
This article is in compliance with the requirements for Sales under Professor Bong Dizon. This is the fruit of the authors interest in the internet particularly surfing the web, blogging and reading other peoples blogs especially while on sick leave, earning money online, and being active in social networking sites such as Friendster, Multiply and Facebook. This is also a product of the workshops and teachings of Janette Toral, the mother of e-commerce of the Philippines and founder-owner of the Digital Filipino of which the author is a member. ** Second Year lL.B, University of the Philippines (2011 expected). A.B. Psychology, Cum Laude, University of the Philippines (2003). The author hopes that this piece can be informative and helpful to many others who are engaged in e-commerce and online-transactions. 13 Jaime Soriano, A Synopsis on E-Commerce Law , The Philippine IT Law Journal 1 at http://www.arellanolaw.net/publish/itlj-issue1_07.html (last visited February 17, 2008). 14 Jose Jesus Disini, International Internet Law Review, 2 at http://www.disini.ph/interlegis.html (last visited February 17, 2008). 15 JOSE JESUS DISINI & JANETTE TORAL, ANNOTATIONS AND LEGISLATIVE HISTORY: ELECTRONIC COMMERCE ACT AND ITS IMPLEMENTING RULES AND REGULATIONS, 8 (2000). 16 Soriano, supra note 1. 17 Jayvee Fernandez, Paypal Service is Now in the Philippine, 1 at http://www.biztoolbelt.com/2006/10/paypal_service_is_now_in_the_... (last visited February 17, 2008).
*

3 engage in transactions online. The internet has evolved from its early days to how it is used at present18. Even people at the comfort of their own homes have started trading online. Thus, the passage of E-Commerce Law has played a significant role with such developments. However despite the enactment of RA 8792, there are still many who are not aware of its effects on online transactions especially for small-medium businesses who usually dont have the technical know-how on information technology. Merchants for instance, who have been emerging lately in social networking sites such as Facebook and Multiply are not aware of this governing law, how it could actually protect them and work to their advantage. Many of them engage in online trading, yet as can be gleaned from their sites they lack policies and rules on contracting online where beneficial effects of the ECommerce Law can be applied. Ignorance of the law excuses no one hence, it is important that those who are involved in e-commerce should know the existence of RA 8792 to prepare them to the issues that they may encounter. On the other hand, it also important to emphasize that though the E-commerce-law has allowed the country to adapt to advances in technology there are still issues involving electronic transactions that we will encounter and not resolved by RA 8792 alone. I. E-COMMERCE ACT: THE NEED FOR THE LEGISLATION AND HISTORY The Supreme Court first refused the admissibility of an electronic data in the case of an employee of IBM who contested the acceptability of computer print-outs from e-mail as proof by the company of her absenteeism and tardiness. The court said that the print-outs afford no assurance of their authenticity because they were unsigned and no company official, who could properly attest that these were genuine and could not have been tampered with, certified or authenticated it 10. Since this decision, jurisprudence has not categorically validated electronic evidence. However even if the evidence presented in the case was paper-based, it would still be inadmissible for lack of proper authentication191. This decision of the Supreme Court was decided in 1999 and without the ECommerce Law of 2000 enacted thereafter and leaving the fate of electronic contracting and evidence to the Philippine Judiciary we would not have RA 8792 today. This law is the convergence of a House Bill (HB 9971) and a Senate Bill (SB 1902) with Sen. Ramon Magsaysay, Jr., Reps. Leandro Verceles Jr. and Marcial Punzalan as primary authors and sponsors.12 It took years before this actual law was passed. The first electronic commerce law was filed in 1992 called the Electronic Data Interchange (EDI) but was sideswiped when the Model Law on Electronic Commerce (Model Law) of the United Nations
Oscar Franklin Tan & Kristina Castaneda, Resisting Electronic Discovery, 79 PHIL. L.J. 732, 737 (2004). 10 IBM v. NLRC, G.R. No. 117221, April 13, 1999. 191 DISINI, supra note 3, at 5. 12 DISINI, supra note 3, at 4.
18

4 Commission on International Trade Law (UNCITRAL) emerged for the former was criticized to be technology-specific and might even be a hindrance to our adaptability with new technology and its developments.13 While the Model Law was incorporated to the Committee Report and Senate Bill, some members of the technical working group suggested to favor Electronic Transactions Act (ETA) of Singapore for this covers innovations such as provisions on digital signatures, regulation of certification authorities, and service provider liability. However, Senator Joker Arroyo objected the latters adoption and argued that a huge part of Philippine Law adopts US case laws, therefore a law originating from Singapore may conflict with our judicial system.14 Ultimately the E-Commerce law of 2000 (RA 8792) adopted both the Model Law of United Nations Commission on International Trade Law (UNCITRAL) and Electronic Transactions Act (ETA) of Singapore.15 The efforts of coming up with an e-commerce law in the country has raised some questions by some who say there is no need for such law when under Philippine Law, contracts are valid by mere consent of both parties.16 If e-commerce law merely makes electronic contracts and transactions valid as their paper-based counterparts, this can be redundant for it can already be considered valid by the existing Civil Code. Article 1305, Civil Code provides:
A contract is the meeting of the minds between two persons whereby one binds himself, with respect to the other, to give something or to render some service. 17

Though Article 1358 and Article 1403 (2) require some contracts to be in writing such as sale of land through an agent, donations of real estate, and stipulations to pay interest on loans, these Civil Code provisions do not decide the validity of the contract but only its enforceability.18 Thus, these contracts made orally, in writing or in any form such as electronic are considered valid. Nevertheless, there is one issue that is not settled, which is whether or not electronic documents and electronic signatures enjoy the same legal status as paper-based documents and manually signed signatures, respectively. The enactment of the ECommerce Law of 2000 (RA 8792) has now resolved this issue.19 II. SENDING AND ACCEPTING PAYMENTS ONLINE

DISINI, supra note 3, at 4. Interview with Janet Toral (February 2, 2008) in E-Commerce Hands-on Workshop series. 15 DISINI, supra note 3, at 5. 16 Jose Jesus Disini, Philippines on Brink of New Internet Legislation, 3 at http://disini.ph/interlegis.html (last visited February 17, 2008). 17 CIVIL CODE, art. 1305. 18 Disini, supra note 16. 19 DISINI, supra note 3, at 5.
14

13

5 E-Commerce as defined in a site of a webhost is the buying and selling of products and services by businesses and consumers over the internet.20 This definition however is too limited on how e-commerce is actually applied at present. The E-commerce law actually covers both commercial and non-commercial activities. Implementing Rules and Regulations of the Electronic Commerce Act defines Commercial and Non-Commercial activities as:
Commercial Activities shall be given a wide interpretation so as to cover matters arising from all relationships of a commercial nature, whether contractual or not. The term shall likewise refer to acts, events, transactions, or dealings occurring between or among parties including, but not limited to, factoring, investments, leasing, consulting, insurance, and all other services, as well as the manufacture, processing, purchase, sale, supply, distribution or transacting in any manner, of tangible and intangible property of all kinds such as commodities, goods, merchandise, financial and banking products, patents, participations, shares of stock, software, books, works of art and other intellectual property. xxx Non-commercial Activities are those not falling under commercial activities.21

E-commerce then, as Janette Toral aptly puts it in her E-Commerce Workshop Ebook, is the exchange of information or transactions using any form of communication 22. Thus, electronic transactions of e-commerce is not limited to the internet but also includes the simple mobile messaging thru SMS (short messaging system) confirming acceptance of a sale, ATM (Automated Teller Machines) transactions, purchasing using credit card or ATM card, transacting business over the telephone, sending a fax document and other forms of wireless communications. With this wide coverage of the law, some of us may not even know that we are already engaging in e-commerce even before the advent of the Internet. A. BUYING AND TRADING ONLINE

E-Commerce can take place in various forms. Electronic Data Interchange (EDI) which big corporations use to communicate with each other and send documents in a private network, sending commercial documents through fax, bulletin boards in auction sites, contracts and certifications via e-mail or cellular phone are some of the few enumerated in Torals E-Commerce book.23 E-Commerce taking place in the internet is commonly referred as internet commerce. A quite number of Filipino households have internet connection. If they cant afford one, internet shops and internet-enabled cafes are readily available. The Philippines being the texting capital of the world, cellphone
20 Web Focus Solutions Inc., E Commerce Solutions, 1 at http://www.webfocus.ph/ecommerce.htm (last visited Feb. 17, 2008). 21 Rep. Act. No. 8792, 6 (b), (k) (2000). This is the E-Commerce Act of 2000. 22 JANETTE TORAL, DIGITALFILIPINO.COM E-COMMERCE WORKSHOP E-BOOK 1 (2004). 23 TORAL, supra note 9, at 2-3.

6 companies are coming up with new features every year such as the 3G (Third Generation phone with video) with the application of Internet. Mobile commerce which refers to transactions in mobile devices such as cellular phones and personal digital assistant (PDA)24 is slowly becoming the most widespread type of e-commerce. Regardless of social stratification, rarely do we see a Filipino without a mobile device today. Aside from that, some sellers on the internet even prefer to get in touch with their customers through the cellphone for it is easier to communicate while e-mail is more time consuming and difficult to check.25 With E-commerce becoming prevalent in various forms, online trading is also becoming more and more pervasive. The advantages of e-commerce have encouraged merchants to trade online. The advances in technology and the advent of digital age allow them to sell their goods on the internet and reach to a wider audience whether based in the provinces or abroad whom they would not be able to contact if they only had a store. Doing business online is even cost-effective without having to pay for rent, manpower and utilities. All they need is a nice computer, a cellphone to monitor their orders and an eyecatching webpage.26 While there are merchants who have their own websites for their own businesses, others who are not ready to create their own may join existing websites such as MyAyala.com, RegaloService.com, PinoyDelikasi.com and YOSSN.com to name a few.27 Social networking sites are even more cost-saving, without need for an entrepreneur to spend for a website since they are free. One of which is multiply.com initially designed for social networking where the user adds friends as his contacts, similar to Friendster and Facebook. Multiply allows the user to become a merchant by becoming a business contact to others, allowing him to update his contacts on his products by posting photos, blogs and maintaining his calendar. The contacts may leave comments or inquiries by clicking on the photo of a particular item and the user-merchant will get back to them after he receives it. Ebay on the other hand, described as the worlds marketplace and since it was launched in the Philippines in November 2004, has over 3,000 local traders selling full-time according to a June 2006 survey conducted by ACNielsen International Research, while another 6,671 sell online on eBay.ph to supplement their income.28 Filipinos of all ages have availed themselves of the services of Ebay for it is a venue both convenient to the buyer and seller. The seller initially signs-up to start an account, posts a list of items for sale with photo and description and then holds an auction, or may choose the Buy It Now option. The buyer then pays for the item and shipping costs before the seller sends it or meet-up with the client, and allowing both of them to keep track of their transactions.29

TORAL, supra note 9, at 3. Ruel De Vera, Auction Heroes, SUNDAY INQUIRER MAGAZINE, Sep. 2007, at 12. 26 Tina Arceo-Dumlao, Hooked on online trading, PHIL. DAILY INQUIRER, November 16, 2007, at B2-2. 27 Toral, supra note 14. 28 De Vera, supra note 14, at 5; Eden Estopace, eBay bullish on RP, PHIL. STAR, March 3, 2008, at C4.
25 14 29

24

De Vera, supra note 14, at 5

7 B. ACCEPTING PAYMENTS ONLINE

The Philippines having 21 million Internet users, e-commerce is expected to grow 21 percent per year between 2008 and 2009 according to market researcher International Data Corporation (IDC).30 With this finding, this will naturally result to the rapid expansion of the online market which would necessitate every merchant and buyer to be equipped with the computer language on online transactions and all its ins and outs. 1. Remittance Centers One important know-how that an entrepreneur must learn are the various ways to accept payments online for a business will not prosper despite reaching clients through the World Wide Web if there are no means of receiving their payments. Aside from paying in cash given in person, banks deposits or debit is one option where payment is deducted from the buyers bank account which in turn is deposited to the merchants bank account. Remittance services such as Western Union and Xoom are also convenient especially to those overseas buyers who dont have credit cards or those who have a hard time meeting a credit limit.31 Remittance services also allow sending money online which is fast and efficient compared to falling in line in a participating bank. Nevertheless, overseas worker Allan Fernando still opts to send money in a remittance center such as PNB because exchange rate is much lower through the Web; PNB even has a higher exchange rate by P120.00 for $200 than that with Xoom.32 Filipinos therefore must be prudent in choosing how to send payment through remittance centers that would be more cost-saving. 2. Mobile payments If a promissory note is allowed through text under the E-Commerce law, another latest on text messaging and a first in the Philippines is accepting payments through the mobile phone. Globe G-Cash and Smart Padala are the pioneers of this payment system that turns the cellphone to an electronic wallet. Subscribers of G-Cash, Globe, Touch Mobile and Smart Padala are allowed to send and receive payment all thru texting. In GCash, subscribers can easily send G-Cash both locally and abroad, receive G-Cash and exchange it for cash at any Globe Business Center or you may go to any G-Cash outlet authorized to do cash-out, and make payments.33 Though Filipinos are now making use of this feature as popular as bank deposit, they must also be aware of the challenges and implications of this payment system. This would require a non-subscriber-buyer to fall in line at a Globe Business Center to pay for a product. Though this is also convenient to those based abroad for G-Cash supports not only domestic but also international remittances backed by international settlement banks,34
Estopace, supra note 17, at C4. Janet Toral, Accepting Payments Online, 1-7 at http://www.digitalfilipino.com/ecommerce_article.cfm?id=44 (last visited February 17, 2008). 32 Letter from Allan Fernando to Naomi Corpuz, in response to Naomi Corpuzs query through email on remittance centers in San Francisco, California (January 16, 2008). 33 Mozcom PayEasy, 4 at https//www.payeasy.ph/faq-gcash.asp (last visited February 17, 2008).
31
30

Globe G-Cash, How GCash Started, 3 at http://www.g-cash.com.ph/sectionpagearticle.aspx? secid=27&id=52 (last visited April 18, 2008).

34

8 it must be noted that any error or fraudulent transaction made outside the country is not covered by our laws. Central Bank Resolution 116 which regulates mobile payments in the Philippines is not given in other countries as observed by techno-blogger Hans van Rensburg of Fundamo Corporation. He says that most likely, Central Banks of other countries wont apply a similar regulation for situations are different from one country to another as to market realities, potential risks and impact in other players.35 3. Payment Gateways:

a) Paypal and others Payments through bank deposits, remittance centers and mobile payments are some of the ways to accept payments by a merchant, but entrepreneurs who want to be serious with their business online must look at the option of having online payment systems where a buyer may pay through the Web by just the click of the mouse. Entrepreneurs will benefit much from this kind of system especially if they are receiving money abroad. Some of the payment gateways available locally are Authoriz.Net (now PayPromt.com), Equitable Card Network, Union bank The Port, 1Time Payment, BPI Express Online, NetBanks.Net, Yehey!Money PayPlus+, Cyberlink.36 Nevertheless, applying for a merchant account in these companies is not easy as it may seem to be. There are payments gateways which require sign-up fees, their rates vary, and features also differ. Apart from that, local payment gateways also have disadvantages to some entrepreneurs since before they can obtain merchant accounts, some banking institutions still require tedious processes or have limited functions. To acquire an account with Equitable PCI, a business model is still required which is not very SME (small medium enterprise) friendly while UCPB also provides online merchants accounts but it can only accept payments from UCPB holders.37 This is when international payment gateways can be suitable to Filipino entrepreneurs in e-commerce which are noticeably more flexible and have value added services. Paypal which has been a global leader in online payment solutions has at present 153 million accounts worldwide, available in 190 markets and 17 currencies making payments possible at different locations, currencies and languages.38 By using their services, anyone may pay online in any way they prefer. PayPal had a restricted launch when it was first introduced in the country for it only had the sending money feature that is not the intended purpose for many Filipino Internet Users (FIU). Nevertheless, due to the persistent clamor of the Filipino internet community for a full activation, Paypal started its fully activated feature at the latter part of 2007 which included receiving money online. This was lauded by many FIUs who profit mainly by accepting payments online such as bloggers and entreprenuers. This will also open doors to those who plan to enter business in e-commerce.
Hans vans Rensburg, GCash in other Markets?, 4 at http://mbanking.blogspot.com/2007/03/gcash-in-other-markets.html (last visited April 18, 2008). 36 TORAL, supra note 9, at 55. 37 Toral, supra note 16. 38 www.paypal.com, About Us, 2 at https://www.paypal-media.com/aboutus.cfm (last visited April. 19, 2008).
35

9 b) Credit Card Payments Credit card payment online is a lot more beneficial for a merchant in taking advantage in accepting payments from impulse buyers or international customers, for it takes care of problems in currency differences than waiting for checks to arrive in the mailbox which is time-consuming and can also bring annoyances such as clearing issues.39 In order to obtain a credit card, the public as customers must apply to an issuing bank. The merchant on the other hand must have the equipment and an account with his acquirer bank, to process the credit card payments. The acquirer bank offers three types of merchant accounts: Card Present, Mail Order Telephone Order (MOTO) and Ecommerce (ECOM). Among the three, ECOM has the highest transaction charges for having the highest risk because the card and customer are not physically present while Card Present has the lowest risk for the customers card is swiped, with the receipt signed by the customer or the PIN entered into the card reader, and therefore has lowest transaction charges. For the acquirer bank to accept a transaction, it must be able to communicate with the issuing bank to ensure that the card holder has sufficient funds. After the transaction, the merchant must have received the payment which must show in his account.40 The entity that acts as middleman inorder for the acquirer bank and issuing bank to communicate are credit card associations, such as Visa and MasterCard. Banks that wish to make use of their credit card products must apply to these card associations for membership.41 Yespayments is one of the leading local payment gateways making use of internet credit card payments. It has been operating in the country since December 2000 and has been receiving good feedbacks from its clientele with its efficient risk management and user-friendly site. The full activation of Paypal, an international payment service provider, in the Philippines that accepts any form of payment led to some doubts whether local payment gateways success such as Yespayments that only accepts credit card payments would continue or perish, considering that not all Filipino merchants can avail themselves of a credit card. Paypal allows debit cards such as UnionBank Eoncard and ATM cards such as BPI International Mastercard, which are more advantageous and revenue generating for easy sign-up and faster payment processing.42 Simon Paice, the present CEO of YesPayments is not unfazed though and infact optimistic in their companys expected growth in the coming years for unlike Paypal that has a big market, their company can provide services to clients with specific needs giving them quality service, competitive discount rates and keeping fraud at a minimum.43 This is what Yespayments has to say,
Christopher Heng, Accepting Credit Cards on Your Website, 2-3 at http://www.thesitewizard.com/archive/creditcards.shtml (last visited April. 19, 2008); Janet Toral, Paypal activates receive money feature in the Philippines, 2 at http://www.influentialblogger.net/2007/09/paypal-activates-receive-money-feature.html (last visited April 19, 2008). 40 Toral, supra note 16. 41 www.yespayments.com, Ecommerce Guide- Card Associations, 1 at https://www.yespayments.com/asp/general.asp?contentid=14 (last visited April. 19, 2008).
39

Toral, supra note 16. Philippine Internet Review Blog, Local payment gateway providers still strong despite Paypal availability in the Philippines, 1 at http://philippineinternetreview.blogspot.com/2008/04/local-payment43

42

10 being the leading local payment gateway but the question now is whether other local payment gateways have a similar stance especially when it comes to managing risks in online payments. C. RISKS IN ONLINE PAYMENTS

1. Company Policies Existence of a policy is a must in companies and service providers in the internet. An internet policy sets the rules and boundaries of the user and the limits of the liability of the company. There are risks involved if policies are not explicit or clearly stated. There was a case of an employee who provided a fake credit card number while using the office computer of the company for her to download a trial software system. The credit card number was not recognized and naturally she wasnt able to purchase it. Nevertheless, the website owner who offered the trial software system was able to trace the employees institution and considered her act as an offense to commit fraud. Sadly, the institution was found to be located in the Philippines and to save the company from public embarrassment, they paid the website owner despite their initial defense that the employee was not able to download it.44 Janet Toral during her E-Commerce workshop mentioned that if only the company had an explicit policy prohibiting personnel from using the companys computer for personal use, they could deny liability and even take an action against the employee. However, even if the company had such policy it is still difficult for a company or any employer to deny liability of an employee if the alleged offended party would use the defense of agency relationship, where the acts of the employee is the act of the company. Even if the agency relationship is contested, the law on quasi-delict can always be applied. The Civil Code provides:
Art. 2176. Whoever by act or omission causes damage to another, there being fault or negligence, is obliged to pay for the damage done. Such fault or negligence, if there is no pre-existing contractual relation between the parties, is called a quasi-delict and is governed by the provisions of this Chapter. (1902a) xxx Art. 2180. The obligation imposed by Article 2176 is demandable not only for one's own acts or omissions, but also for those of persons for whom one is responsible. xxx The owners and managers of an establishment or enterprise are likewise responsible for damages caused by their employees in the service of the branches in which the latter are employed or on the occasion of their functions. Employers shall be liable for the damages caused by their employees and household helpers acting within the scope of their assigned tasks, even though the former are not engaged in any business or industry. xxx45 (Emphasis supplied) gateway-providers-still.html (last visited April. 19, 2008). 44 Toral, supra note 16.
45

CIVIL CODE ,

art. 2176, 2180.

11

This gives rise to the issue that some company policies may still be contested by the alleged offended party in court. Jurisprudence tells us that there are existing company policies that are later on considered void by the court. Similarly, objectives of policies of companies and service providers such as its rule on indemnification to protect its people can be futile. Paypal in its policy on indemnification provides:
14.10 Indemnification. You agree to defend, indemnify and hold PayPal, its parent, officers, directors and employees harmless from any claim or demand (including attorneys fees) made or incurred by any third party due to or arising out of your breach of this Agreement and/or your use of the Services. 46 (Emphasis supplied)

This rule on indemnification is likewise adapted by other companies whether a payment service provider or not. Purpose of which is to establish proper guidelines for proper use of resources which according to Toral is not to exemplify lack of trust but to protect both the employees and the company owners.47 Nonetheless, no matter how wellplanned and clearly stated a policy is, its validity in Philippine jurisdiction can still be questionable. 2. Issues on Jurisdiction A main legal issue which is an offshoot of many legal issues involving the internet is jurisdiction. Fraud, hacking, piracy, violation of intellectual property and libel are crimes that can be committed online by an offender who is located here, but who can also be based outside the country. If the seller is the fraudster of another country and the buyer is located in the Philippines, whose laws would apply? This has been one of the main issues discussed in the United Nations Conference on Trade and Development (UNCTAD). The prevailing view of UNCTAD is not the place of the establishment of the company or seller but the place where it pursues its economic activity or where the offense is felt, as long as the interactivity can be seen as a clear link with the State whose courts assert jurisdiction.48 It is interesting to cite the case of an Aussie, Brian Gorrell whose blog has maligned reputations of high-society figures in the Philippines has been the subject of discussion of bulletin boards, chat rooms and legal forums. Some legal critics have considered it libelous and he can be persecuted under the Revised Penal Code. Brian Gorrell though has no intention of coming back to the Philippines which gives rise to issues on jurisdiction. Some lawyers say the victims maligned are helpless because though extraditing Gorrell is an option, Australian government is expected to protect its citizen; to file a case in Australia is also very expensive and Filipino victims lose home court advantage not to mention unfamiliarity with Australian laws.49 If issues on libel involving parties located in
www.paypal.com, User Agreement for PayPal Service, 31 at http://www.paypal.com/cgibin/webscr?cmd=p/gen/ua/policy_payments-outside#relationship-policy (last visited April. 20, 2008). 47 Toral, supra note 16. 48 United Nations Conference on Trade and Development, Overview of Selected Legal and Regulatory Issues in Electronic Commerce, 4 at http://www.arellanolaw.net/publish/itlj-issue1_08.html (last visited February 17, 2008). 49 Carmela Fonbuena, Online Libel: Aussie bloggers victims are helpless, 21-24 at http://newsbreak.com.ph/index.php?option=com_content&task=view&id=4324&Itemid=88889051(last
46

12 different countries can give rise to such issues, this is not impossible with other offenses that can be committed covered by the E-commerce law - involving issues on intellectual property, privacy and fraudulent transactions. 3. Privacy as a cost A main issue with the developments of E-Commerce today is whether privacy of individuals is a cost of the convenience it gives. It must be admitted that despite that internet can tremendously change our lives for the better, making it easier and more efficient for us by performing transactions online there is a still a cost for all such convenience. Privacy can be abused, and consequently human rights can also be impaired. The national ID system as an example was proposed during the Ramos administration which however received criticisms especially by human rights groups. Critics say it will encroach peoples privacy and violate human rights despite the objective of the AFP for the system to counter terrorism and prevent belligerents to hide under the cloak of anonymity. This proposal was again resurrected in Arroyos administration but received similar backlash. This goes to show that collection of a personal data is not a welcome move despite the objective of providing better service to the citizenry. Internet on the other hand involves collection of personal identification whether it is a social networking site, e-banking institution, email provider, payment service provider and many other services that can be offered online. It can be noted that Internet users dont hesitate signing up in such service providers but though the pros are a given, we cannot ignore the disadvantages. In 2003, Yespinoy which was launched by Total Solutions Software Incorporated, an HK based IT company founded in 1988 provides a service to send money to a SMART Moneycard holder using a credit card and an internet connection:
In the middle of October 2003, TSSI noticed irregular activity within their computer system. A number of YESPinoy members were sending money to the same individual, some successfully, but other transactions had not been honored by the credit card issuer. The registration details of members who had allegedly sent money to the same individual had details of persons in the US. Oddly enough, their access point was, according to TSSI's audit trail, a Philippine Internet Service Provider (ISP). TSSI then called some of the US residents who were supposed to have been sending money, and found that the latter had never heard of YESPinoy and had no connections with anyone here. With the cooperation of SMART Telecommunications, TSSI found that the SMART Money Card that had been sent money was drawing cash from Automated Teller Machines (ATMs) in Quezon City. TSSI, after further investigation, worked with the National Bureau of Investigation (NBI) to conduct a sting operation that effected the arrest of three individuals who were detained at the NBI jail and charged with violations of RA 8484 (Credit Card Fraud), RA 8792 (E-Commerce

visited February 17, 2008).

13
Act), and falsification of public documents and estafa under the Revised Penal Code.50

The culprits were able to get hold of the victims credit card numbers and details of their US Bank accounts in some way or another. Charles Yeomans, Managing Director of the YES Group who was interviewed in ANC in 2003 believes the there is a higher risk in getting the credit card details when paying in a bricks-and-mortar store or a restaurant. In such case, the credit card holder hands over the credit card to the employee and lets the latter swipe the card. How the fraudsters were able to gather the details is not known, for they had pleaded not guilty. But even with such given opinion of Yeomans who is an expert, credit card details may still be hacked using the internet as we make online transactions. Today, there has been a significant improvement in how to combat frauds such as collecting personal data of a customer like a credit card detail. The use of SSL, short for Security Socket Layer is being used in the World Wide Web for an authenticated and encrypted communication between clients and the servers. An SSL exchange is initiated with an exchange of information between the client and the server regarding the encryption information indicated by the SSL certificate. Once completed, both the client and the server would know how to encrypt the information in a way the other end would be able to understand and decrypt, while a fraudster would only be able to see the encrypted information and would have to spend a long time decrypting it. 51 Those who avail of SSL in their services know that the higher the number of bits used when generating a certificate the stronger the encryption. Businesses which make use of credit card transactions online have SSL protocol such as SM appliance center with SSL 128-bit and our local payment service gateway YesPinoy which is also SSL 128-bit secured.52 Payment Card Industry Data Security Standard (PCI DSS) is also a standard that credit card companies came up with to ensure that the credit card is protected. This requires the organization processing a credit card transaction to have systems development, maintain a secure network such as implementing firewalls and other intrusion detectors, personnel security, physical security and staying compliant by being annually audited by risk management consultants.53 Internet users therefore must be wary that before they provide details of their credit card to a company online, that the latter is complying with the PCI DSS. Other than credit card details, any personal data of an individual once transmitted to a computer system must be protected and entitled to a right to privacy. Though this is not explicitly stated in the E-Commerce Act, it is subsumed in sec. 32 which provides:
50

DANNY ESCASA,

PHILIPPINE INTERNET REVIEW: TEN YEARS OF INTERNET HISTORY (1994 - 2004) , 78

(2004). www.gordano.com, What is Secure Socket Layer, 4-6 at http://www.gordano.com/kb.htm? q=148 (last visited February 17, 2008). 52 www.smappliance.com, Online Shopping, 8 at http://www.smappliance.com/cms/specialpagedetail.php?id=1 (last visited February 17, 2008); www.yespinoy.com, Protecting Data Sent to Yespinoy, 1 at http://www.yespinoy.com/asp/general.asp? contentid=65 (last visited February 17, 2008). www.yespayments.com, Ecommerce Guide Security Requirements, 1 at http://www.yespayments.com/asp/general.asp?contentid=18 (last visited February 17, 2008).
53 51

14

SEC. 32. Obligation of Confidentiality. - Except for the purposes authorized under this Act, any person who obtained access to any electronic key, electronic data message, or electronic document, book, register, correspondence, information, or other material pursuant to any powers conferred under this Act, shall not convey to or share the same with any other person.54 (Emphasis supplied)

This rule is further supported by the Department of Trade and Industry when it prescribed guidelines for the protection of personal data in information and communication system in the private sector:
Section 4. General principles for the protection of personal data 4.1 Personal data must be: 4.1.1 Collected for specified and legitimate purposes determined before collecting personal data and are later processed in a way compatible with those purposes; 4.1.2 Processed accurately, fairly and lawfully; 4.1.3 Accurate, and, where necessary for the processing of personal data, kept up to date; inaccurate or incomplete data must be rectified, supplemented, destroyed or their further processing must be restricted. 4.1.4 Identical, adequate and not excessive in relation to the purposes for which they are collected and processed; 4.1.5 Kept in a form, which permits identification of data subjects for, no longer than is necessary for the purposes for which the data were collected and processed. 4.2 Criteria for lawful processing of personal data. - Personal data processing is permitted only if not prescribed otherwise by law, and at least one of the following conditions exists: 4.2.1 The data subject has given his or her unambiguous consent; 4.2.2 The personal data processing results from contractual obligations of the data subject; 4.2.3 The data processing is necessary to a data controller for the performance of his or her lawful obligations but in such cases, the processing shall be permitted only to fulfill the intention of the parties; or 4.2.4 The data processing is necessary to protect vitally important interests of the data subject, including life and health. 4.3 Disclosure of Personal Data to Data processor 4.3.1 A data controller may entrust personal data processing to a personal data processor provided a written contract is entered into between them; 4.3.2 A personal data processor may process personal data entrusted to him or her only within the scope determined in the contract and in accordance with the purposes provided for therein;
54

Rep. Act. No. 8792, 32 (2000). This is the E-Commerce Act of 2000.

15
4.3.3 Prior to commencing personal data processing, a personal data processor shall perform safety measures determined by the data controller for the protection of the system in accordance with the requirements in this Guidelines and the E-Commerce Law. 55

This administrative order of DTI is to encourage private entities to adopt privacy policies to protect personal information whether such data refers to a natural or legal person, and whether or not that personal data is of local origin or from foreign countries. 56 Private sectors must then take the necessary precautions in order to secure the data they collect that enter to their computer systems. Adequate training of their staff and prescribing rules, setting limits and obligations for their personnel in handling personal information, and if necessary with corresponding penalties for any violation would be of help in protecting internet users personal information. Physical security is also the responsibility of an organization to implement for not all movements of personnel are within the control of the company. Though LAN is practical to connect all computers to share files and resources, there are still private information that you do not wish employees to get hold of, thus proper operating system must be applied in the computer system where access to files can be controlled and monitored. 4. B2C (Business to Consumer) Transactions Making money online is the goal of any entrepreneur in e-commerce, and corollarily beneficial for buyers who can immediately purchase an item through a computer and receive it at the foot of their doorstep. Being cost-saving, and saves a lot of time and effort for both the buyer and seller, doing business in the internet is both lucrative and advantageous. Nevertheless, there is always a risk when money is involved which every person in e-commerce must know. With every business opportunity, there are risks. This could either make or break a business, or even destroy ones reputation if actions are not properly taken. Buying and selling in the internet without seeing the person face to face, can encourage fake claims or bogus buyers and sellers. In either way, the seller and buyer can be victimized. The buyer may receive an item that does not meet the expectation, or totally a different item. He could also receive a damaged product. In such cases, does it have a warranty? Who shoulders the shipping incase he intends to return the item? Does the merchant have a return and exchange policy? Answers for such must be clearly mapped out by the merchant before he engages in online business. Payment service gateways have responded to such kind of risks by setting rules and security measures. Refund is an option initiated by the seller after he learns of the buyers complaint and decides to refund the entire or part of the transaction. Chargeback on the other hand is a fee deducted from the merchants account with the acquirer bank, initiated by an issuing bank of the buyer who disputes a transaction. The issuing bank informs the merchants acquirer bank then the latter in turn communicates with the merchant who can
55 56

Dept. of Trade and Industry Adm. Order. No. 8, 4 (2006), 2

16 approve or disapprove the dispute.57 Yespayments and Paypal are payment service facilities available in the Philippines which provide both refunds and chargebacks. One thing in common though by both payment gateways that can be disadvantageous for sellers based in the country, is how they settle disputes with chargebacks. It is not always the merchants loss, when there are chargeback complaints because they are allowed to contest it. To refute the complaint, they must provide supporting documentation, with additional information from the payment facility that is passed on to the acquirer bank of the merchant. The acquirer bank then submits this information to the issuing bank of the buyer and let the latter decide in favor of the merchant or the cardholder. However, isnt this unfair to the merchant if the decisionmaking is left entirely to the hands of the cardholders issuing bank? It is not impossible for an issuing bank to favor a buyer for it is expected that they lean towards protecting their own clients. Like any dispute in court, there should always be an uninterested third party who must be designated in settling such disputes. Though Paypal provides a team who helps merchants fight a chargeback58, it is always better to have not only the issuing bank but also the acquirer bank to have a say on the decision-making for equity and fairness. Chargeback is usually the sellers loss not only when the claim of the buyer is proven true, but also when the claim is false. It is always possible that a buyer receives the goods but claims otherwise.59 eBay as a leading online community for e-commerce has a way to combat fraudsters such as bogus sellers and unserious buyers. If buyers dont pay, the merchant can file a non-paying bidder warning, and most buyers take immediate action on it, and those who dont pay can be kicked out from the community.60 In online marketplaces, relationship is highly based on trust which is why eBay has instituted the feedback mechanism where buyers and sellers are rated according to their performance. Both parties strive to get a high rating which is beneficial for their business and reputation. 61 This is the reason why online fraud is negligible, which comprises 1/100th of one percent of all transaction according to Neary, eBays Vice president. Managing security against fraud can be an easy task for big online companies such as eBay who have their designated personnel in dealing with such cases. In small businesses though, who either have their own sites or exists in a host site such as multiply or myAyala, this could post as a challenge. There was a case of a buyer who complained that GCash, Globes mobile payment scheme handed over his money to a person but he didnt get the merchandise he paid for. The buyer now blames GCash for not verifying the
www.yespayments.com, Ecommerce Guide Chargeback, Refunds and Void, 1-2 at http://www.yespayments.com/asp/general.asp?contentid=21&prt=Y (last visited February 17, 2008). 58 www.paypal.com, Resolving Chargebacks, 3 at http://www.paypal.com/row/cgi-bin/webscr? cmd=xpt/cps/securitycenter (last visited February 17, 2008). 59 J. Angelo Racoma, Electronic Payments in the Philippines It May Not Be as Easy As We Think, 4 at http://racoma.com.ph/archives/electronic-payments-in-the-phlippines (last visited February 17, 2008).
60 61 57

De Vera, supra note 14, at 12. Estopace, supra note 17, at C4.

17 legitimacy of the claimant.62 The issue now is whether GCash is at fault. It is also possible that GCash is a victim itself of fraud. Delivery problems can also be encountered which can be a liability for both the seller and the buyer. The buyer may complain against the seller, and the seller may file a claim against the shipping company however this takes a long legal process that can be more expensive for either parties. These risks are possible online, and the merchant and the buyer must always be ready in how to respond to these accordingly. There is lack of jurisprudence on such matters, and the E-Commerce Law still has to be put to test. II. Conclusion It must be emphasized that RA 8792 does not cover issues on jurisdiction, digital signatures intellectual property, privacy and consumer issues. To cover these issues will unduly delay the passage of the Act.63 This calls for regulations from other entities such as DTI to be implemented to curb offenses and resolve issues that are not covered by the ECommerce Law. This is also a challenge for countries to consolidate worldviews in how to properly act on such matters and be able to come up with universal laws. Though laws and regulations on e-commerce are in effect, there is a need to promote public awareness. Every Filipino who makes use of the internet in everyday life must know these laws to protect rights and create a peaceful at harmonious atmosphere in the online community. Effective law enforcement is also necessary, for laws are useless without proper strict implementation.

62

Linda Bolido, How Safe is Online Shopping?, PHIL. DAILY INQUIRER, March 13, 2008, at DISINI, supra note 3, at 3.

C4.
63