E-Commerce in Saudi Arabia

SME Applications & Regulations

ISSU Department
Contents
INTRODUCTION ................................................................................................................ 2
Internet Usage in Saudi Arabia ........................................................................................... 3
ICT Infrastructure in Saudi Arabia ............................................................................................................. 7
Internet Economy in Saudi Arabia ..................................................................................... 7
E-Commerce in Saudi Arabia..................................................................................................................... 8
E-Business Integration ........................................................................................................................ 11
Payment Systems in Saudi Arabia ....................................................................................................... 12
Legal Framework in Saudi Arabia ........................................................................................................ 13
The E-commerce Committee in Saudi Arabia ..................................................................................... 18
Electronic Commerce: Selling Internationally ..................................................................................... 19
Smartphones and Mobile Apps .......................................................................................................... 21
Online Gaming ........................................................................................................................................ 25
Challenges and Recommendations ................................................................................... 25
Local entities that can help in enforcement and regulation of e-commerce laws ................................. 28
National Center for Digital Certification ............................................................................................. 28
Saudi Network Information Center..................................................................................................... 29
Faturah ( Secure E-Commerce) ........................................................................................................... 30
References ......................................................................................................................... 31

1
INTRODUCTION

A regulatory problem of mounting concern was how to implement national regulations in a

borderless Internet world. Most regulations of the Internet largely applied existing, physical-
world rules to cyberspace, and didn't address the possibility that essential parts of an electronic
transaction might lie outside national borders. The Internet increasingly made borders
superfluous, and the full potential of the Internet, particularly for commerce, was based on this
characteristic. This fueled the growing calls for international regulatory bodies to oversee
developments in cyberspace.

For instance, according to the U.S. Federal Trade Commission's (FTC) e-commerce regulation
report Consumer Protection in the Global Electronic Marketplace: Looking Ahead, released in
September 2000, online shoppers may be vulnerable to compromised security of their financial
information when shopping at foreign Web sites due to the uneven nature of international
privacy and security measures. The FTC encouraged the U.S. government to be proactive in
working with other countries toward harmonization and stronger enforcement of international
consumer-protection laws.

While the FTC report advocated a degree of uniformity in global e-commerce rules, it stopped
short of advocating any particular organization to set or enforce such regulations. Rather, it
envisioned a future Internet world in which private industry groups and governments
established an alternative dispute resolution procedure and came to internationally accepted
standards of fair marketing practices. It also saw a prominent role for self-regulation born of
"private sector initiatives," in which industry groups agreed to standard business practices that
would address the industry's specific needs.

Countries with more closed economic systems, such as China, were mixed in their reactions to
and regulation of e-commerce. While the Chinese government encouraged e-commerce and was
investing in the infrastructure to make China competitive in the online marketplace, it
continued to maintain tight controls on the development of Chinese e-commerce, strictly
implementing a legal framework for e-commerce to reflect the nation's interest. After linking to
the Internet in 1994, China gradually implemented new laws regulating Internet access and the
registration of domain names. By the late 1990s and early 2000s, however, new legislation was
abundant. China was unusual, for instance, in maintaining strict controls over domestic
encryption technology via state-controlled encryption authorization. Most countries, concerned
with the security of their domestic networks, protected their encryption systems via export
controls, but allowed encryption to circulate more or less freely domestically.

Information and communication technology (ICT) and e-business applications provide many
benefits across a wide range of intra- and inter-firm business processes and transactions. ICT
applications improve information and knowledge management inside the firm and can reduce
transaction costs and increase the speed and reliability of transactions for both business-to-
business (B2B) and business-to-consumer (B2C) transactions. In addition, they are effective
tools for improving external communications and quality of services for established and new
customers.

Despite these advantages, rapid growth in businesses’ purchases and sales over the Internet has
yet to materialise. E-commerce is increasing but still accounts for a relatively small share of total
commerce. Broad definitions of e-commerce (including established EDI as well as Internet

2
transactions) suggest that in 2000 total on-line transactions were generally 10% or less of total
business sector sales and are mainly business-to-business, and business-to-consumer sales are
even lower, generally less than 2% of the total retail transactions. On-line transactions are
mainly B2B and domestic, rather than B2C or cross-border. The situation is similar for small
and medium-sized enterprises (SMEs), although they lag behind larger firms in Internet
transactions.

For small firms to adopt e-business and e-commerce strategies and tools, benefits must
outweigh investment and maintenance costs. Commercial considerations and potential returns
drive adoption. Beyond a certain level of connectivity (PC, Internet access, on-line information
or marketing), not all SMEs will necessarily “catch up” with large firms, simply because e-
commerce may not bring large benefits and SMEs will stay with traditional business processes.
Other barriers have been seen to be the availability of ICT competencies within the firm, and
availability and cost of appropriate interoperable small-firm systems, network infrastructure
and Internet-related support services. Lack of reliable trust and redress systems and cross-
country legal and regulatory differences also impede cross-border transactions.

Policies that will affect the adoption and use of e-business strategies include those designed to
expand and improve the quality of network infrastructure and legal and regulatory environment,
foster technological diffusion and create a favourable business environment. Beyond these
general framework policies, specific policies for SMEs have focused on ICT and e-business
awareness programmes, business consultation services and employee and management training
to enhance ICT and managerial skills.

Policies have shifted over time as firms and economies have moved from concentrating on
ereadiness and connectivity, to diffusion and use, and are moving towards mature e-business
strategies which blend broad policies for the business environment with polices for particular
areas such as IPRs and competition. Policy has moved beyond a narrow concept of e-commerce
(on-line transactions) to a wider view of e-business integration of internal and external
processes, based on technology neutrality. Policy initiatives in some cases aim at facilitating
SME participation in product and sector value chains and providing them with information to
assess the opportunities and costs of e-business. However there is no one-size-fits all approach
to policy and the policy mix and priorities will depend on national circumstances (leading or
lagging countries) and sectoral distribution of economic activity, as well as size factors.

Internet Usage in Saudi Arabia

Internet was first introduced to Kingdom of Saudi Arabia 1994 when state academic, medical,
and research institutions got access to it. Internet was officially made available in Kingdom of
Saudi Arabia in 1997 by a ministerial decision and the public access finally debuted in 1999. In
December 2000 there were 200 000 Internet users in Saudi Arabia. By 2005 the number of
Internet users in KSA had grown to 2.54 million, making the growth 1170 % and KSA one of the
fastest growing Internet markets.

2006 some major changes were made to the structure of Internet in KSA. These changes are
likely to aid the expansion of Internet usage in KSA even more. it is predicted that the number of
users will reach 3.8 million in 2007.

3
Internet Usage Statistics:
9,800,000 Internet users as of June/10, 38.1% of the population, according to ITU.

Facebook Users in Saudi Arabia:

2,575,740 as of August 31, 2010, according to Facebook.

Latest Population Estimate:

25,731,776 population for 2010, according to U.S. Census Bureau.

Gross Domestic Product:

GDP per capita is US$ 16,778 for 2010 according to I.M.F.

Saudi Arabia Country Area (Size):

2,149,690 sq km and the population density is 12 persons per sq km.

Internet Growth and Population Statistics:

YEAR USERS POPULATION % POPULATION

2000 200,000 21,624,42 0.9%

2003 1,500,000 21,771,609 6.9%

2005 2,540,000 23,595,637 10.8%
2007 4,700,000 24,069,943 19.5%
2009 7,761,800 28,686,633 27.1%

2010 9,800,000 25,731,776 38.1%

4
Source: Think With Google: Saudi Arabia report

5
Source: Think With Google: Saudi Arabia report

6
ICT Infrastructure in Saudi Arabia

A mature internet ecosystem cannot exist without an advanced ICT infrastructure, which
includes internet connections, datacenter infrastructure, and internet-related services. A mature
ICT infrastructure enables content suppliers and users to introduce more sophisticated services,
such as streaming and multimedia content or mobile internet applications, as well as tighter
business systems integration in the enterprise and government segments. ICT infrastructure in
the Kingdom has recorded unprecedented growth over the past few years. Broadband
subscriptions have grown nearly 70-fold over the last five years, from 64,000 in 2005 to 4.4
million in 2010. This represents a CAGR of around 133%.The current level of household
broadband penetration has reached 41.6%, which is higher than in Egypt (5%), Jordan (18%),
and Turkey (27%), but still below the UAE (54%) and the USA (66%) - see Table 3.

While the growth of broadband adoption is impressive in the Kingdom, the research revealed

 Broadband Quality: Smaller companies express few concerns

some areas for further improvement:

around Saudi Arabia’s ICT infrastructure, as such businesses do not

usually need to integrate and maintain an extensive network of
physical locations. On the other hand, larger companies express more
concerns about the ICT infrastructure, especially those with locations
spread across the Kingdom and in more remote areas. Large
companies also have stringent performance requirements for
datacenter operations and broadband networks. Improved broadband
speed, reliability, and latency would encourage the diffusion of

 Customer sophistication: The ICT providers feel that enterprise

business outside the major urban centers.

clients in the Kingdom could be more sophisticated when it comes to

purchasing systems integration and other ICT services. Best practices
for ICT procurement increasingly dictate that ICT strategies, RFPs,
and SLAs specify business benefits rather than specific and detailed
technical architectures. Adopting the procurement best practices by
businesses would allow for more efficient solutions to ICT needs.

Despite the rapid development of the Saudi ICT infrastructure, efforts toward developing a
mature infrastructure should continue in order to keep up with advancing technology and
growing demand.

Internet Economy in Saudi Arabia

The Saudi Internet economy contributed SAR37 billion to the overall Saudi economy in 2010,
representing 2.2 percent of GDP, and putting Saudi Arabia at 13th place amongst the G-20
countries. This figure is projected to rise to SAR107 billion by 2016, representing 3.8 percent of
GDP, according to a new report in The Boston Consulting Group’s Connected World series. It
found that by 2016 the total size of the G-20 Internet economy will be $4.2 trillion, equivalent to
5.3 percent of GDP, up from $2.3 trillion or 4.1 percent in 2010.

7
E-Commerce in Saudi Arabia

Source: Boston Consulting Group – The Internet Economy in the G-20

‘The $4.2 Trillion Opportunity: The Internet Economy in the G-20′ finds that if the Internet
were a sector in Saudi Arabia, it would be more than twice as large as the utilities sector.

Saudi Arabia’s Internet economy growth rate of 19.5 percent compares favorably to other
developing nations in the G-20, which are growing at an average of 17.8 percent. Projected
growth rates elsewhere are: 24.3 percent in Argentina, 18.3 percent in Russia and 15.6 percent in
Mexico. In 2016, Saudi Arabia will rank number 10 in the G-20, with its contribution to GDP
increasing to 3.8 percent.

These growth rates are impressive compared to the Internet economies of developed G-20
markets, which are expected to grow at an average of 8.1 percent through 2016 – for example,
10.9 percent for the U.K. and 7.8 percent for Germany. In 2010 developed markets contributed
76 percent of the G-20′s Internet economy; by 2016 that will fall to 66 percent.

“The Internet offers one of the world’s unfettered growth stories,” said Joerg Hildebrandt,
Partner and Managing Director at BCG Middle East. “A robust Internet economy is an essential
underpinning for Saudi Arabia’s future, providing both economic and social benefits.”

8
Source: Boston Consulting Group – The Internet Economy in the G-20

9
The $4.2 Trillion Opportunity builds on three years of research conducted by BCG and is the
most comprehensive report published on the impact of the Internet globally. This study is the
first to examine the Internet’s economic impact across so much of the world’s economy – 90
percent of global GDP – and highlights how this increases as mobile devices and social networks
become more prevalent.

Online Commerce
In 2010, the share of total retail carried out online in Saudi Arabia was 2.9 percent or $3 billion
and is projected to reach 8.0 percent or $15 billion by 2016. Hildebrandt said: “This represents a
dramatic increase and to put it into perspective, it would place Saudi Arabia at 5th position
amongst the G-20 countries, following only UK, Germany, Australia and South Korea.”

Source: Boston Consulting Group – The Internet Economy in the G-20

What’s more, in 2010, the Internet influenced an additional 4.7 percent of total retail from
connected consumers researching online and purchasing offline (‘ROPO’) in Saudi Arabia. These
numbers compare to 4.0 percent for Brazil, 4.8 percent for Russia, and 9.6 percent for the U.S.

10
 Source: Boston Consulting Group – The Internet Economy in the G-20

Consumer Value
Consumers are the big winners of the Internet economy and BCG’s study highlights just how
essential it has become to everyday life and the value which consumers attach to it. Asked how
much they would have to be paid to live without Internet access, respondents across the G-20
said an average of US$1,430 per year, or 4.6 times what they pay for access and services.

SMEs – The Growth Engines of the Economy

The Internet is driving growth in businesses across the G-20. Drawn from the most
comprehensive survey of its kind of SMEs around the world, the BCG report finds that “High-
web” companies – ones that embrace the Internet for marketing, sales and interactions with
customers and suppliers – have grown revenues up to 22 percent points faster over the past
three years compared to those who made low or no use of the Internet.

“Around the world SMEs which embrace the Internet are growing faster and
adding more jobs than those that don’t. By encouraging businesses to adopt the
Internet, countries can improve their competitiveness and growth prospects,”

E-Business Integration

Some businesses, mainly early adopters of e-commerce, are entering the next stage of ICT use,
e-business. They have begun to engage in increasingly sophisticated uses of ICT, involving
business process reengineering and more complex technology. In such firms, B2C and B2B e-
commerce are components of an overall e-business strategy. External relations with customers
as well as internal processes are being linked. Marketing and sales, logistics and delivery, after-

11
sales service, supply chain management and other business functions are integrated in an
overall e-business strategy.

Most SMEs appear still to be at a stage where establishing a Web site or adopting e-commerce is
the main issue. Successful integration of external and internal business processes in e-business
necessitates organisational and management changes which may entail proportionally greater
costs and risks for SMEs. In addition, smaller firms may have fewer incentives to integrate their
business processes than larger firms, which have more complex business processes and
resources to harmonise and co-ordinate. It may therefore take more time and resources for
SMEs to adopt e-business strategies. However, in the near future, B2C and B2B electronic
commerce will have to become components of SMEs’ overall e-business strategy and “normal”
business processes that are supported by ICTs and carried out on electronic networks.

In relation to assisting SMEs to integrate e-business into their entire business process, there
could also be more emphasis on integrating e-government into the business process. For
example in Australia, government compliance activities tend to be undertaken separately to
other 'back office' business processes. The Business Entry Point (BEP) is currently
implementing mechanisms that more closely integrate e-government activities into the day-to-
day activities associated with running a business. E-business will have greater appeal to SMEs if
their B2B, B2C and B2G activities can be more closely integrated. Making use of e-government
initiatives as an incentive for SMEs to go online is crucial but again, these need to be seamless
and integrated into business activities more generally.

Payment Systems in Saudi Arabia

Electronic payment systems support the commercial function of the internet ecosystem by
enabling internet users to sell and buy online, access paid content, and use e-government
applications.

Businesses, as well as individuals, declare a strong need for a range of reliable and secure
payment systems. The Kingdom has made significant progress in building mature electronic
payment systems, with the following payment methods being available today:

• SADAD: Of the three electronic payment systems operated by SAMA, SADAD is the
only available option for e-commerce (The others are SARIE for large clearances, often
interbank, and SPAN, the ATM and POS network).
• Credit cards: A credit card acts as a short-term loan and frees its holder from having to
manage large amounts of cash. Credit cards are available in the Kingdom, but are
generally used for planned, major purchases.
• Short code SMS payments: Enabled by mobile phone operators, these are the most
prevalent form of micropayments in the Kingdom.
• PayPal: Along with similar methods, this is available for sending money but not
receiving it, limiting its use in e-commerce. Some local internet users open PayPal
accounts associated with foreign addresses and bank accounts and use them to purchase
goods abroad.
• Prepaid cards: Various types of companies offer prepaid cards – hosting providers,
gaming companies, and so on.

12
While these electronic payment systems are already in place in the Kingdom, some limitations
remain:

• SADAD: SADAD’s current limitation of 100 billers means that only the biggest billers in
the Kingdom have access to the system. This limits most internet merchants to using
credit cards, short code SMS, and prepaid cards as electronic payment methods. To
address this limitation, SADAD is currently working on Biller Base Expansion, which will
increase its biller options from around 100 to 20,000.
• Mobile payments: According to CITC’s research, mobile payments represent one of
the key challenges for electronic payment systems in the Kingdom. A more advanced
mobile payment method could increase payment availability and decrease the
dependence on cash. The limitations with this method of payment, which include its
usually low transaction ceiling, high transaction fees for operators, and excessively long
delays before passing payments on to merchants, must be addressed for this to become a
more viable payment method.
• In-transaction processing: A best practice for e-commerce, in-transaction payment
processing, whereby placing an order and making a payment are combined into a single
transaction, decreases cancelled transactions, speeds up order flow, and reduces errors.
This capability is currently not offered by SADAD, but does figure in its extended
development plan.
• Credit card availability: Credit cards suffer from a low adoption rate in Saudi Arabia,
and are generally held by the head of the household, reducing their availability for most
types of transactions.
• Prepaid Cards: The high number of card brands has created a fragmented market and
associated distribution challenges as there are too many cards for merchants to stock.
Furthermore, there currently exists no regulation for licensing prepaid cards; therefore,
unless an official license is introduced for their use, these cards will likely be phased out
of the market.

Legal Framework in Saudi Arabia

In the few years since the Internet has become an important venue for commerce,
communications and entertainment, so-called cybercops have tried to impose a variety of rules,
regulations and guidelines to protect the interests of consumers and businesses. Unfortunately,
however, no mechanism yet exists to enforce such initiatives. Enforcement is nearly impossible
for many of the Web's more illicit activities because comprehensive tracking and monitoring
technology does not exist. And any efforts to put the pieces in place usually stir up a storm of
privacy issues.

The Internet is simply too vast, stretching across too many borders and encompassing too many
cultures, for the current scattershot approach to be effective.

The Kingdom’s laws and regulations define the playing field for all entities involved in producing
or consuming internet content. As an enabler of the ecosystem, the legal framework seeks to
achieve wide-ranging objectives, such as protecting intellectual property rights and personal
data, as well as enacting effective sanctions and complaint resolution measures.

13
The legal framework surrounding the internet ecosystem spans different legal domains, such as
telecommunications, banking, privacy, and IT. Consequently, various regulatory bodies,
including Saudi Arabian Monetary Agency (SAMA), CITC, and the ministry of interior, have
reporting and enforcement responsibilities.

With regards to the overall completeness of the framework, Saudi Arabia has enacted rules on
cybercrime, span, online content regulation, domain name regulation, and commercial
regulation, including the following:

 The Anti e-Crime Act is considered the main legal reference in the area of the internet
fraud in the kingdom. Penalties include imprisonment and/or fines up to millions of
riyals.
 The 2007 E-Transactions Law aims to control, regulate, and provide a legal
framework for electronic transactions and signatures and facilitate their implementation
in both the public and private sectors.
 The Anti-Spam Policy Regulation aims to address the issue of spam sent through
electronic means and provides guidance on definitions, controls and duties and
responsibilities for providers.
 The Anti-Commercial Fraud Law outlines the criteria for determining whether the
content of misleading internet advertisements is illegal and if any action should be
taken.
 The Copyright Law and the Dispute Resolution Policy are also relevant pieces of
legislation when it comes to cybercrimes.
 Additionally, specific pieces of legislation have been enacted to regulate various
domains, including banking and telecommunications.

With regards to internet domain name registration, CITC provides registration services through
the Saudi Network Information Center (SaudiNIC), which provides the top-level domain names
of Saudi Arabia (.sa). SaudiNIC has recently started providing the top-level domain for Saudi
Arabia in Arabic )‫السعودية‬.( , in addition to offering two-part top-level domain registration under
.sa (e.g., nic.sa). All domain name registration services are provided for free.

While the Kingdom has covered many areas of the legal framework with the aforementioned
regulation, the maturity of internet ecosystem-related legislation still has some gaps when
compared with neighboring and developed countries:

 In terms of offering protection for consumers in electronic transaction, Saudi Arabia is

roughly on par with its peers in the middle east and North Africa, but lags behind
developed nations. This is true despite the establishment of the Saudi Consumer
Protection Association, which is an independent organization dedicated to defending the
rights of consumers, protecting them from fraud and counterfeit products and services,
and enhancing consumer awareness.
 In the area of personal data protection, developed nations have much more stringent
regulations addressing the sale or disclosure of data collected by companies involved in
internet commerce.

14
  Other areas where the legal framework could be tightened include online dispute
resolutions, authentication and security, and digital copyright.

In cases where the responsibility for enforcing legislations rests with the law enforcement
authorities, adequate training and guidance are critical in ensuring the effective enforcement of
these regulations.

E-Payment Issues

Consumers do not have confidence in sending their credit card details over the internet but they
actually fear this for the wrong reason. Most people are concerned that their credit card details
will be intercepted on the way to the merchant, which is almost impossible. The use of SSL
protocol, which is used by all major E-Commerce sites, encrypts that credit card details during
transmission over the internet ensuring its integrity.

Authentication is the verification of a credit card owner made during a credit card purchase. In
the physical world authentication is achieved through a physical signature which is manually
checked at the point of sale.

In today’s environment, an online buyer simply types the credit card details into a website in
order to make a payment. This has introduced a major problem as anyone can type in anyone
else’s credit card details in order to make a purchase and the online merchant has no way of
determining if the buyer is genuine.

Without effective authentication there are many problems including lack of confidence for
customers, higher cost of transactions and loss of revenue for merchants, higher cost of services
and chargebacks for banks and ultimately damage the image of credit card companies.

Although E-payment is very advanced on the technology side, it still has some serious issues in
gaining trust globally and specially in Saudi Arabia. E-Payment fraud and email authentication
are the main two things that must be resolved.

E-Payment Fraud

Issues determined by card holders

 The holder’s use of the card without the existence of necessary amount in the account for
several operations which do not require authorization ( under the authorization limit),
speculating the fact that the operation will not be checked; the emitting bank refuses the
operation and the accepting bank will face the retailer. The solution is the authorization
for all situations in which risk may be involved.
 The use of the card for transactions which the user does not admit later either
intentionally or form other reasons (the use of the card by another family member
without the knowledge or permission of the holder). In this case the problem of the
quality of the selection of bank clients rises as well as that of the preoccupation of
implementing a banking culture.

15
  The transmission of the card to other people who make transactions (usually abroad)
without the holder’s knowledge or realization. Another problem which occurs is that of
the relation with clients, especially at the beginning of the period of card usage.

Fraud determined by other people

 When the card number is found out by another person in different ways and when the
card is used for fraud. Example: when somebody uses the card in a shop, restaurant or in
a hotel for transactions which are recognized and the number of the card is transmitted
to people who use this information to commit fraud; or when the card number and its
validity are transmitted by internet in order to access to a certain site or to pay for
something and when this confidential information is found out by a hacker who misuses
it. This is the reason why many emitting banks limit the access of card in internet


transactions.
When people copy the magnetic band of a valid card whose attached account is fed by
another card for commercial purpose, the operation is called skimming and it is very


difficult to trace.
When stolen/lost or counterfeit card are used by means of retailers’ ignorance or their
complicity. For example in case of lost/stolen cards the retailer accepts operations below
the authorization limit without consulting the list invalid cards. In the situation of
counterfeit cards, when more valuable goods are purchased (jewelry, electronic goods,
designer clothes etc.) the retailer may not check the card attentively and find out it is not
authentic or they may not be careful enough to require the consultancy of the real holder.
This type of fraud is recuperated when the real holder requests it first from the emitting
bank which goes to the accepting bank which, in turn, requests the sum from the retailer.
With a view to prevent this type of situations, the accepting banks either take out an
insurance policy or they impose a collateral deposit on the retailer, which would
guarantee possible future fraudulent transactions.

Online Payment Fraud Prevention

Preventing fraud online includes using strategic moves on the company’s part. For instance, a
company should never try to authorize a credit card purchase if the initial transaction was
unauthorized. It is a good rule of thumb that in preventing fraud online, to never authorize any
credit card that was initially declined. This will prevent any problems from arising with your
merchant company, and will help detect cases of online payment fraud.

Since credit cards online fraud is so important to the company’s overall success, there is one rule
that should always be adhered to. This rule involves the cardholder’s signature. There should
always be a valid signature for every credit card transaction. In fact, without that signature, it is
very possible that a chargeback could occur on the basis of no valid signature. If someone is in
fact completing credit cards online fraud, it is likely that they will not want to sign the order.

Another important step that companies can take to ensure that they are reducing the risk of
credit cards online fraud is to double check every order carefully. If the order is fraudulent and
there has been an instance of credit cards online fraud, it will be very likely that a double check
of the order will reveal discrepancies.

16
Online payment fraud is also likely if you notice that a customer’s order contains vastly different
information then the information provided with the credit card. If someone is completing online
payment fraud, they will typically send the products that they are purchasing to a different
address then the one assigned to the credit card. This isn’t always the case, but it is a possibility.

Email Authentication

In 2003, several industry efforts emerged to help address the rising tide of spam and forged
email. These efforts ultimately produced two key email authentication technologies: Sender
Policy Framework (SPF) and Domain Keys Identified Mail (DKIM), each of which received
experimental RFC status from the Internet Engineering TaskForce (IETF). Organizations
around the world have adopted SPF (including the Sender ID Framework, SIDF) and DKIM as
complementary approaches to aid in the prevention of malicious email. After several years of
real world deployment, early adopters have recognized the technical value from the combined
implementation of BOTH SPF and DKIM.

In April 2009, to raise awareness of the value of email authentication, OTA published a report
highlighting email authentication best practices, acknowledging early adopters for their
commitment to consumer protection.32 The expanded 2011 report includes added granularity
on deployment for each protocol, highlighting potential gaps in domain coverage and their
ability to protect consumers from spoofing. As illustrated below in step 3, while email
authentication is an essential step in assessing the identity of email, it is critical to use it in
conjunction with an assessment of the sender’s reputation (step 5). With the exception of email
from known entities and a high confidence of their implementation of email authentication,
OTA cautions against applying inbound email authentication results without reputation data
(domain or IP) as the sole method of distinguishing legitimate email.

Authentication can be compared to a driver’s license. As a form of identification, a driver’s

license is documentation showing you are who you say you are and that you are licensed to
drive. However, it does not indicate if you are a good driver. In the same way, email
authentication alone cannot validate that a sender is legitimate or has maintained good mailing
practices. It is only through the application of an email sender’s reputation data, commonly
available by IP address or sending email domain, that one can make an informed judgment on
the ―trustworthiness‖ of email from authenticated domains.

Increased use of email authentication in the financial service and Internet Retail sectors has
been a result of retailers addressing multiple business issues such as fraud and loss prevention,
shopping cart abandonment and the dependence and reliability on transactional email to serve
their users. This growth has been aide in part due to the emergence of third-party services which
provide a combination of deployment, integration and mail stream auditing.

17
The E-commerce Committee in Saudi Arabia
It is a national standing e-commerce committee, formed by council of ministers in 1997. Its
members are:

 Ministry of Commerce
 King Abdulaziz City for Science and Technology
 Ministry of Finance and National Economy
 Ministry of Post, Telegraph and Telephone
 Saudi Arabian Monetary agency
 Ministry of interior
 Ministry of information
 Saudi Communication Authority

Ministry of Commerce

o Drafting electronic transactions law

o Reviewing and adapting current relevant policies and regulations to EC
requirements
o Awareness programs

King Abdulaziz City for Science and Technology

o Developing Public Key Infrastructure for use in Saudi Arabia

o Developing the framework for regulating and managing certificates and use of
digital signatures

Ministry of Finance and National Economy

o Developing electronic government services to enable government agencies to

offer services to citizens and to exchange data electronically

Ministry of Post, Telegraph and Telephone

o Developing a robust telecommunications infrastructure capable of supporting EC

Ministry of Interior

o Defining the requirements for data security and privacy of personal data
information

Saudi Arabian Monetary agency

o Development of payment systems for secure electronic collection of payments for

electronic transactions between businesses, for both B2B and B2C.

18
Ministry of Information

o Development of intellectual Property rights in E-Business contexts

Others

o Providing support services such as delivery of parcels to businesses and homes

(Ministry of Municipalities and Rural affairs)
o Training and education of required manpower resources (Ministry of Higher
education and vocational Training Institutes)
o Developing a business portal for serving SMEs (Chambers of Commerce)

Electronic Commerce: Selling Internationally

Consumers around the world are increasingly turning to their computers to buy a wide array of
goods and services. And because the World Wide Web is, as its name implies, worldwide,
businesses that sell online can potentially reach billions of customers in every country of the
world. Even small “mom-‘n-pop” companies with websites are attracting a client base never
before possible. Many are discovering just how international the Internet really is, processing
orders not only from the next town or state, but from the next continent, too.

That presents new challenges to sellers who have never shipped overseas and may have little
experience with the taxes, duties and customs laws involved.

It also raises questions about consumer protections. When buying from an overseas vendor,
what, if any, protections do consumers have if they run into problems? How safe is it to transmit
credit information overseas via the Internet? How long will it take for an order to be delivered?
Are unexpected taxes or duties routinely added to the price?

New international guidelines are helping to answer those and other questions. The United States
and 28 other countries, working together as members of the Organization for Economic
Cooperation and Development, have signed on to new guidelines.

The guidelines:

 set out principles for voluntary “codes of conduct” for businesses involved in electronic
commerce;
 offer guidance to governments in evaluating their consumer protection laws regarding
electronic commerce; and
 give consumers advice about what to expect and what to look for when shopping online.

The goal is to build consumer confidence in the global electronic marketplace by working to
ensure that consumers are just as safe when shopping online as when shopping offline — no
matter where they live or where the company they do business with is based.

19
E-Businesses that adhere to the guidelines:

 Use fair business, advertising and marketing practices. They provide truthful,
accurate and complete information to consumers, and avoid deceptive, misleading or
unfair claims, omissions or practices. The businesses can back up all claims, such as
claims about how well a product works or how quickly a product will arrive. They also
make sure advertising and marketing material is identifiable as such and, when
appropriate, identify its sponsor.
 Provide accurate, clear and easily accessible information about the company
and the goods or services it offers. They disclose the information consumers need to
understand whom they’re dealing with and what they’re buying. These businesses post
the company’s name, its physical address, including the country, and an email address or
telephone number consumers can use if they have questions or problems. They also
provide a clear, complete description of the product or service being offered. That helps
take the guesswork out of online shopping and could reduce the number of complaints
filed by dissatisfied consumers after the sale.
 Disclose full information about the terms, conditions and costs of the
transaction. They provide consumers a full, itemized list of costs involved in the
transaction, designating the currency involved, as well as terms of delivery or
performance, and terms, conditions and methods of payment. If applicable and
appropriate to a transaction, these businesses also include information about restrictions,
limitations or conditions of the purchase; instructions for proper use of the product and
any safety and health care warnings; warranties and guarantees; cancellation or refund
policies; and whether after-sale service is available. If it’s possible to carry out a
transaction in more than one language, they make available all important terms and
conditions in each language.
 Ensure that consumers know they are making a commitment to buy before
closing the deal. These businesses take steps to protect consumers who are merely
“surfing” the ‘Net from unknowingly entering into a sales contract. They give the
consumer a chance to change the order before committing to the purchase or to cancel it
altogether. They also allow consumers to keep a record of the transaction.
 Provide an easy-to-use and secure method for online payments. They adopt
security measures appropriate to the transactions to make sure that personal information
is less vulnerable to hackers.
 Protect consumer privacy during electronic commerce transactions. They
disclose their privacy policies or information practice statements prominently on their
websites, and offer people choices about how their personal information is used. They
give consumers the opportunity to refuse having their personal information shared with
others or used for promotional purposes.

20
  Address consumer complaints and difficulties. They have policies and procedures
to address consumer problems quickly and fairly, and without excessive cost or
inconvenience to the consumer. They also take advantage of alternative dispute
resolution mechanisms.
 Adopt fair, effective and easy to understand self-regulatory policies and
procedures.
They extend to electronic commerce the same basic level of protections that cover other
forms of commerce. The agreement encourages businesses to work with consumer
representatives to develop policies and procedures that give consumers the tools they
need to make informed decisions and to resolve complaints.
 Help educate consumers about electronic commerce. They are helping create a
consumer-friendly electronic marketplace. These businesses work with governments and
consumer representatives to ensure that consumers understand their rights and
responsibilities when participating in online commerce.

Governments’ role

The guidelines also call on participating governments to take steps to boost consumer
confidence in the electronic marketplace. They encourage governments to evaluate their
consumer protection laws to make sure they extend to online shopping, and to ensure that
consumers have recourse if they are dissatisfied.

And they recommend that governments work together to combat cross-border fraud and
help establish a climate for electronic commerce that balances the needs and interests of
businesses and consumers.

Smartphones and Mobile Apps

Google’s annual Mobile Planet smartphone study has revealed the United Arab Emirates
has some of the highest smartphone penetration in the world, with 62 percent of mobile
phone users in the country reporting that they own smartphones.

The study, which was conducted with Ipsos MediaCT, surveyed mobile phone users in 26
countries around the world. Smartphone penetration was also extremely high in Saudi
Arabia, where 60 percent of mobile phone users had smartphones. By comparison,
smartphone penetration in the U.S. was 44 percent according to the study.

Smartphone users in affluent Middle Eastern countries like Egypt and the United Arab
Emirates were also more likely than Americans to make mobile purchases. According to

21
 the study 41 percent of smartphone users in Egypt and 39 percent of smartphone users in
UAE had made a purchase on their smartphones, compared to 35 percent of Americans.

Source: http://www.insidemobileapps.com

Google found smartphone users in affluent Middle Eastern countries were also more likely to go
online with their smartphones multiple times a day, had more apps on their phones, and looked
up local information more often than users in other emerging smartphone markets like China
and Brazil.

Interesting statistics on smartphone usage in Saudi Arabia (DDArabia):



Smartphones constituted 54.6% of total cellular handset in KSA.


48% of smartphone users in KSA reported using smartphone apllications.
Smartphone applications languages: 50% English, 46.7% Arabic, 3.3%


French.
Smartphone application revenue in 2011 reached 34.85 million US dollars.


And expected to reach 156 million US dollars.
KSA leads mobile internet growth in the region by 40%.

22
Source: Think with Google: Our Mobile Planet Saudi Arabia

23
Source: Think with Google: Our Mobile Planet Saudi Arabia

24
 Source: Think with Google: Our Mobile Planet Saudi Arabia

Online Gaming

Many internet users play online games in the kingdom, data show that the number of
players in the Kingdom ranges roughly between 500 to 600 thousand player, and the
majority of the population in the kingdom of young people, in addition to the rise in GDP
per person (per capita income) which makes the Kingdom the main market in the Middle
East in the field of industry games, hand potential returns, all other markets will be much
lower revenues from the Saudi Arabia market. Another study shows that more than two
thirds of internet users in KSA play games online and that KSA has one of the highest
average revenue per user rates in social gaming.

Challenges and Recommendations

The adoption of e-commerce in the Kingdom has been hampered by specific social and
cultural business traits specific to Saudi Arabia, leadership priorities and the political
structure in the country’s public and private sectors. While the focus on innovation tends
to be geared toward oil, energy, construction, small and medium enterprises (SMEs) and
entrepreneurship, the retail sector is an important economic contributor and should not
be ignored.

25
 Currently, as this sector is strong, retail seems to sustain a profitable growth by itself,
without giving much more thought on creating new solutions to enhance its economic
value and competitiveness. Saudi Arabia has the biggest retail market in the GCC,
contributing to 17 percent of GDP. Saudi Arabia is ripe for e-commerce as long as brands
build trust. It is predicted to hit SR 250 billion ($ 66.7 billion) in 2012 and by 2014 alone.
Overall IT spending is expected to reach $ 5.7 billion, comprising over 50 percent of total
ICT investments throughout the GCC. SMEs in the Kingdom have a 52 percent Internet
penetration rate.

SMEs financial resources are usually limited, this often forces the company to select
solutions that may seem to be cheap initially, but hidden costs appear during
implementation and sometimes lead to financial problems and abandon the project.
Venture capital funds and angel investors can help in fixing this problem. It will require a
clear system or entity that will help the entrepreneurs connect easily with investors to
allocate funding when needed and to give investors investment opportunities. This is
better than debt financing which takes much more time to process.

Implementations of some bigger scale IT project, especially those that involve business
process across different departments or require large amount of initial data entries
require human resource during the implementation. Some SMEs are often in the stage of
frequent firefighting and shortage of manpower. This makes it very difficult for them to
allocate time to carry out implementation. Furthermore, there is always a conflict
between getting the daily routing work going and to do the “Extra” IT implementation.
Part time employees can help in these kinds of projects but it not easy to find part time
staff in Saudi Arabia.

Key inhibitors to widespread adoption of e -commerce for Saudi retailers

Some of the key inhibitors to the widespread adoption of e-commerce for Saudi retailers
include minimal options to gateway payment systems and a slow banking performance,
resistance to change where there is no real benefit in shifting the organizational culture
and structure of mature organization, retail strategy that dispels investments in e-
commerce should they have no immediate monetary returns, few ICT professionals who
are able to design an e-commerce platform for businesses, where HADAF fund does not
provide enough support to hire qualified staff, limited homogeneity between English and

26
 Arabic online content, fear of risk-taking and failure as e-commerce remains a new
business model in the region, and traditional marketing techniques.

Key challenges to online purchasing among Saudi consumers

the key challenges to online purchasing among Saudi consumers. They include the fact the
Internet is still regarded by Saudi consumers as a tool to access data and information
rather than an opportunity to access physical goods; minimal options and reliability of
delivery services, a preference for face-to-face business deals that affects trust in online
purchasing, sociocultural habits and culture where consuming is part of the lifestyle and
shopping an experience to share; minimal online payment options other than credit cards;
and poor customer service and after-sales follow-up to online purchases.

Recommendations

To overcome the challenges, possible solutions is to introduce a proper gateway payment

system that would enable secure and easy purchasing within the Kingdom and in
neighboring Arab countries, as the core of any e-commerce activity are transactions and
payments. E-commerce, more than any other sales mechanism, requires an in-depth
understanding of market segmentation among retailers. It is essential for retailers to
remember that due to Saudi Arabia’s young demographic, today’s youth segment will be
tomorrow’s clientele, and fostering product loyalty is critical. there should also be strict
governmental regulations to enable the development of a commercial strategic framework
of e-commerce taxation laws, ownership and IP protection, to not having unknown local
retailers generating money without proper monitoring. An agreement should be
implemented over proper business conduct and process with competitive pricing equal to
physical shop prices. Retailers should also consider generating a true Arab brand identity
that is recognizable and different from Western ‘copy and paste’ models, and localize the
development amongst Saudi professionals, rather than outsourcing ICT and platform
designs, which brings the problem of continuous training and talent sourcing.
Retail organizations will have to take calculated risks to become ‘click and mortar’
businesses, where both regular retail and new e-retail will have to cohabit within two
different forces to find an appropriate balance and both business models can be
recognized to be of equal in importance and operational excellence.

27
Local entities that can help in enforcement and regulation of e-commerce laws

National Center for Digital Certification

The Government of Saudi Arabia has embarked on an ambitious electronic transactions

program, recognizing that there is a tremendous opportunity to better utilize information
technology to improve the quality of care/service, lower the cost of operations, and
increase customer satisfaction. To ensure the secure, efficient transmission and exchange
of information electronically MCIT has created a National Public Key Infrastructure as
part of its mandate to develop the ICT sector in the country, named as National Centre for
Digital Certification (NCDC). NCDC is created by an act of law and its mandate is
stipulated in the Saudi e-Transaction law, articles 19 & 20. NCDC provides trust services
to secure the exchange of information between key stakeholders. Participants include
government, citizens and the business sector. NCDC has the following goals:

 Supervise the tasks relating to management of digital certificates; coordinate

matters relating to standards and specifications; prepare regulations and policies
to organize the Centre’s work; develop and promote the usage of digital certificates
in the Kingdom
 Define the technical specifications for the Certificates Issuance System, certificate
contents and form, electronic signature initiation process, and its documentation
system.
 Determine the controls for issuance, sending, maintaining and cancellation of
digital certificates.
 Manage the related Public Key Infrastructure (PKI) policies and procedures.
 Qualify new Certificate Services Provider’s request in the kingdom.
 Manage the relationship between the different Certification Services Providers.
 Assist in developing regulations to organize the electronic transactions and to
coordinate with the concerned authorities.

Public Key Infrastructure (PKI)

It is a system that creates a trust environment for conducting transactions over public networks,
by developing a framework for issuing certificates to be used for:

o Confidentiality,
o Integrity,
o Authentication,
o Non-repudiation,

28
 o Digital signatures, access control, creation of
o original documents, among others.

PKI is well-recognized as a main instrument for solving many security problems over public
networks. And may be a very helpful tool to make the E-Commerce industry a more secure place
to conduct business.

Saudi Network Information Center

Saudi Network Information Center (SaudiNIC) is responsible for the administration of the
domain name space for the country code of Saudi Arabia (.SA) as well as the IDN (.‫)السعودية‬. This
includes the operation of the Saudi DNS root servers and the registry services under Saudi TLDs
. SaudiNIC was managed and operated by King Abdulaziz City for Science and Technology
(KACST) since 1995. By the end of 2006 the task of operating SaudiNIC moved to the
Communication and Information Technology Commission (CITC).

Main Tasks

 Setting up policies regulating domain name registrations.

 Domain name registrations
 Maintain the Domain names records and provide Who is services
 Lead the effort toward fully Arabic domain names

29
  Coordinating with other GCC, Arab, and International ccTLDs.
 Participating in international events supervised by ICANN, RIPE, ISOC, and WIPO
related to domain .

Faturah ( Secure E-Commerce)

"Faturah"is a secure e-commerce and credit card e-payment solution that provides customers
with full end to end services through innovative processes and procedures by:

1. Providing complete integrated solutions for small and advanced e-commerce websites. This
can be done based on company size and its business needs. Along with other services,
professional and secure credit card e-payment services are also provided.

2. For businesses which are online but do not have credit card e-payment solution,"Faturah" can
help securely with attractive prices.

3."Faturah" Mall provides infrastructure to companies who do not have website but still wants
to sell their products online by hosting products on "Faturah"Mall.

Nothing prevents"Faturah" from providing ideal and appropriate solutions to merchants.

"Faturah" continuously make efforts to match merchant needs and expectations through well
trained expertise.

In addition,"Faturah" target is to make sure that merchant will have secure and successful e-
commercebusiness by providing hi-tech and smart solutions to meet client's requirements.

30
References
1. Our Mobile Planet: Saudi Arabia
http://www.thinkwithgoogle.com/insights/library/studies/our-mobile-planet-Saudi-
Arabia
2. F. Al-Hoymany, E-Business and PKI in Saudi Arabia, 2002,
http://www.idsc.gov.eg/Conferences/SeminarEbusiness/ E-business-in-Saudi.Pdf
3. ICT in Saudi Arabia: a socio-economic impact review, October 2011 from STC.
4. Electronic Transactions Law, Royal Decree No. (M/8), 26 March 2007
5. CITC Annual Report 2010 on the internet eco-system in Saudi Arabia.
6. E-Commerce landscape in Saudi Arabia: http://www.ddarabia.com/infograph/e-
commerce-landscape-in-saudi-arabia/
7. MENA Internet Statistics in a Nutshell, http://www.ddarabia.com/infograph/mena-
internet-statistics-in-a-nutshell/
8. Applying The OTE Model in determining the E-Commerce adoption on SMEs in Saudi
Arabia, Abdulrahman, Nasser A. Almoawi
9. An Investigation into the Adoption and Implementation of Electronic Commerce in
Saudi Arabian Small and Medium Enterprises, Sabah Al-Somali, Aston University, UK
June 2011. http://www.irma-international.org/viewtitle/53197/
10. The Internet Economy in the G-20: The $4.2 Trillion Growth Opportunity, March 2012.
https://www.bcgperspectives.com/content/articles/media_entertainment_strategic_pla
nning_4_2_trillion_opportunity_internet_economy_g20/

31