Automating Tax Exemption

Document Sample
Automating Tax Exemption Powered By Docstoc
					Wiz-Tec Computing
Technologies Inc.




Automating Tax Exemption

Understanding the claim process and how it
relates to Indian Tax Exemption Programs
 Chapter


  1
About Wiz-Tec Computing Technologies Inc.

About Wiz-Tec

       Wiz-Tec Computing Technologies Inc. was funded by its President and CEO, Jim Wang,
       in 1992. It is based in Calgary, Alberta, Canada.

       Since its inception, Wiz-Tec has engineered and distributed software products to over
       1500 companies in Canada directly or through its associated dealers. It has also
       developed significant expertise in customizing and delivering technically advanced and
       sophisticated application software solutions for its clients including the Government, Fleet
       card companies, and small to median sized businesses.

       Wiz-Tec has maintained its business focus and succeeded in the same industry through
       both favorable and difficult economical cycles. As a result, it has gained expert knowledge
       and experience in its specialized area of endeavor.

       In addition to its POS and retail automation expertise, Wiz-Tec also has extensive
       knowledge and work experience in the server-based authorization and data-capture
       technology for the banking and credit card industry. It understands the very detailed
       aspects of server-based technology implementation such as card security, encryption
       technology, public key distribution, secured communication, embedded control etc...

       Seeing the amount of abuse, and misuse, due to design and implementation flaws in this
       sector of technology, Wiz-Tec envisioned and initiated the development of the Merchant
       Server in 1997. A specialized server-based authorization and capture technology for Fleet
       card payment and loyalty programs. The Merchant Server achieves enhancements and
       perfection beyond any current industry standard. As a result of this, Merchant Server has
       been customized and deployed for the Indian Tax Exemption program in 2003.

       Some highlights of Wiz-Tec’s history are summarized in the following:

       1. Deployed over 1700 POS applications since 1992.

       2. Designed and implemented private label fleet card payment applications which are
          captured in our POS technologies, and various batch based host communication
          mechanisms for the gas retail industry as early as 1993. The majority of our chain
          retailers are still actively using our applications and software as an effective method of
          fleet control and data collection.
       .
       3. Developed various data capture and loyalty systems with most of these applications
          still in use today. Examples include the Federated Coop Patronage Points Program,
          the AirMiles Program etc…
4. Wiz-tec is or has been certified with most Canadian (and 2 US) financial institutions.
   Some of the banking projects include CIBC, Scotia Bank, Bank Of Montreal, and most
   recently Moneris (Royal Bank and BOM) Banks for the integrated POS debit and
   credit processing application with the latest VPN and public SSL technologies.

5. Developed unattended pay at pump technology since 1995, a pioneer in computer
   automation with real-time control, capture and electronic payment. Only a very few
   Canadian companies can successfully support this technology.

6. Developed and deployed several customized tax exemption claim systems utilizing
   POS. These types of deployment have been occurring since 1995. Examples include
   paper based Indian Tax exemption software for BC and Ontario and the Alberta Farm
   Fuel Tax Exemption Program (AFFDA) for Alberta.
.
7. Certified with the Alberta’s Indian Tax exemption for electronic claims since 1999.

8. Developed and demonstrated the first of its kind real-time fleet (private credit) card
   processing system named Merchant Server in 1998.

9. Implemented Merchant Server and its associated POS technologies to provide a
   100% end to end solution for the Nova Scotia Indian Fuel Tax Exemption Program
   (NSIFTE) in 2003 (Nicknamed NIFTY by the Nova Scotia Finance department).

10. Designed and engineered the first of its kind “Wall Mounted” Automated Gas Teller to
    provide a low cost alternative to Retail Gas vendors with a low through-put volume
    who does not wish for the more expensive upgrading to the Pay at the Pump
    technology in 1999.

    An important milestone for Wiz-Tec because this technology demonstrated Wiz-Tec’s
    ability in the field of embedded control for reliable automation in all weather conditions.

    Wiz-tec has been so successful and reliable in its software development that we still
    have customers using software we made 15 years ago… they will not let us upgrade
    it. Sometimes, our customers have been using our software so long and with so little
    trouble, they do not even know that they are using our software anymore.
.




                                              2
Wiz-Tec Sample Customer List


    Federated Co-op Ltd.

    FCL is Wiz-Tec’s largest Customer, with over 500 lanes using VisualPOS 3.0 (Prism) in their
    rural outlets. FCL and Wiz-Tec have been doing business with each other since 1992. FCL
    has outlets across Canada, and Wiz-Tec looks after the majority of their needs in Western
    Canada, with our systems in their stores from Ontario through to Vancouver Island. Wiz-Tec
    systems are designed to handle over 200 FleetCards and the Co-op Patronage Points
    program.

    Government of Nova Scotia

    The Nova Scotia Government, through the SNSMR division, runs the MerchantServer
    Program created by Wiz-Tec Computing. This includes the MerchantServer Server system
    and Software, the Automated data Retrieval software, and 17 sites encompassing a total of 25
    lanes with Backoffice management systems in each.

    Gasplus Inc.

    Glasplus Inc. is a C-Store retailer and wholesale gas distributor with 44 sites under brand
    name as Gasplus Inc. Wiz-Tec has provided all the lanes and the Backoffice systems for
    these sites, and has been working to assist Gasplus’ model since 1996. Wiz-Tec systems are
    designed to help Gasplus with their FleetCard management and reporting.

    Mr. Gas Inc.

    An Ontario C-Store model based out of Ottawa, Mr. Gas and Wiz-Tec have been working with
    each other since 1998, with over 40 successful installations, and growing.

    Centex Petroleum Ltd.

    Centex is a newcomer to the C-Store business, with most of its retail business based in
    Alberta. Currently operating 7 sites in major centers in Alberta, with a blossoming distribution
    unit as well. Wiz-Tec assists Centex by providing all the retail POS hardware, along with
    FleetCard and integrated banking services.

    United Petroleum Inc.

    United Petroleum is an old and trusted customer of Wiz-Tec. This mid-size fuel distributor also
    runs retail C-Store operations in and about the provinces of BC, Alberta and Saskatchewan.
    Wiz-Tec provides POS, Fleetcard, and Pay at the Pump products to various sites on behalf of
    United.

    Others

    Being in business for the better part of 2 decades makes for a diverse customer base, be it
    Boston Pizza with 187 sites using our integrated banking solutions with Air-miles, or Blue Line
    Taxi tracking their drivers Fuel consumption. We are coast to coast to coast.




                                                      3
The Wiz-Tec Management Team


      Jim Wang, President, M.D.

      Jim Wang graduated as a Medical Doctor from Beijing Medical University in 1987, with a
      keen interest, and demonstrated skills, in computer technology and applied mathematics.
      Jim successfully designed, and marketed his invention of a computer automation device
      even before graduation from Medical School. Jim is also a past recipient of many
      scholastic awards from his University and the Department of Health of China. Jim came to
      Canada in 1998, with a desire to explore new opportunities for himself and his wife, a
      Medical Oncologist practicing at the Tom Baker Cancer Center.

      The unique aspect of Jim’s education in medicine has been a profound influence on his
      work ethics, professionalism, and business style.

      For instance, Jim has zero tolerance for errors, This makes perfect sense when one
      equates medical errors with potential harm to humans. He has an almost anal sense of
      perfectionism for design and technical implementation. This is the underlying reason for
      his success. He creates great products that are elegant and extremely effective. Jim is
      also trusted among his clients for his responsibility and accountability.

      Jim is visionary in his own trade of business. He sees the direction of the industry and the
      needs of his customer’s years before the time arrives. He enjoys study philosophy and
      science in his spare time.

      As the founder and owner of Wiz-Tec, Jim has overseen or directly participated in the
      development of many products, always with the mindset of a mad scientist, trying to create
      the best “mouse trap”. Some of Wiz-Tec products are still in big demand today even
      though they were created15 years ago.

      Since 1992 Jim has created many different applications for the Gas Retail industry. As a
      result, Wiz-Tec, ostensibly a relatively small firm, maintains over 1.2 million lines of code.
      Products such as VisualPOS, VisualGas, VisualCASH, Automated Gas Teller, and our
      Merchant Server Program continue to enjoy broad support.

      Jim is very aggressive in his mindset on product development and implementation. It is his
      philosophical view that the human factors are the major cause of many problems created.
      Without extensive knowledge, expertise and skills, hardly anyone could design a product
      or solution to work.

      Developing products is easy, engineering solutions to solve problems is definitely not.
      Making a product work is easy, making it not break is very hard that requires enormous
      efforts to anticipate and handle the unexpected. It is part of our own human mind and
      nature to make errors and create problems. Computer automation is in the business of
      gaining control to eliminate human problems. Responsibility and accountability is the only
      way to overcome.

      William Macdonell, VP, Operations and Corp. Development.

      With a strong background in Wireless and Internet applications, Bill brings 20 years of
      experience in project development, implementation and marketing. Having started out
      with Rogers AT& in the early 90’s, Bill saw great diffiencies in the methodologies used to

                                                     4
create branded wireless products, and a distinct lack of marketable options to wireless
consumers in the Canadian market place.             The advent of deregulation of the
Telecommunications industry was the opportunity Bill required to begin testing his theories
regarding product application and marketability in an increasingly technological consumer
market.

The result was the founding Vir-Tec TeleServices Inc., serving as Vice President of
Marketing and Product Development, which sold wireless and long distance products to
the general market. With the assistance of his partners, Bill and Vir-Tec created the very
first truly convergent billing platform for the telecommunications industry, combining single
billing of telecomm products on one invoice.

Vir-Tec went from 0 to over $1 million per month in sales in under 6 months, and Bill
negotiated the first reseller agreement for private branded cellular products in North
America. Bill also brought the first Virtual office product to North America, deploying in
New York, Toronto, and Vancouver, as well as negotiated the first Rebiller agreement in
Canadian telecommunications history for Local Access services. In conjunction with his
partners, Bill grew Vir-Tec from a 4 man operation, to a company with 200 employee’s in
less than 2 years.

In 1999, Bill left Regare Inc. (Formerly known as Vir-Tec) as Director of Wireless and
Internet Technologies, to form Shift Networks, a broadband company designated as a
“BLEC” (in-building local exchange Carrier) by the industry… the first in Canada.
Assuming the mantle of CFO and Treasurer of the Board of Directors, Bill stayed with Shift
until the company completed its vend-in, and Shift went public in 2002 under the symbol
“SHF” on the “Toronto Venture Exchange”.            Shift is now one of the leading
telecommunication companies in Western Canada, selling VOIP products to business
consumers.

Bill has served as Chairman and sat as a Director on the boards of several dot.com
companies, and in 2003, began to work with Wiz-Tec Computing Technologies Inc.
Combining his product knowledge, operational skill-sets, and marketing skills with Wiz-
Tecs dynamic product offering. Along side his duties at Wiz-Tec, Bill is currently
completing a Bachelor of Science degree in Computer and Information Technologies.

The Wiz-Tec Core Development Team

Zeos Zhang, Certified Senior Database Specialist

Zeos is Wiz-Tec’s resident Database guru, with a Masters in Computer Science from the
University of Calgary. Zeos brings 27 years of experience as a certified DBA and Oracle
Database Developer, as well as being certified for DB@, Sybase, and Informix, to the Wiz-Tec
knowledge base.

Robert Zheng, Certified Electrical Engineer

Robert is Wiz-Tec’s bridge builder, with a PH.D in Electrical Engineering from the
University of Calgary. Robert brings 23 years of experience to the Wiz-Tec Team, and is
instrumental in assisting Wiz-Tec in product development, hardware selection, and
production. Without Rob, the world doesn’t turn.




                                              5
Nick Cheng, Programmer, Certified System Specialist

Nick is a graduate from the Beijing Science and Technology University, holding a BSc in
Computer Science, and bringing 12 years of experience to the Wiz-Tec team. Nick is
certified in MCSE (all), MCDBA for MSSQL:, and he is also a certified Network Engineer in
Novel.

Simon Shen, Senior Programmer

With a BSc in Computer Science from the University of Bejing, Simon brings 15 years of
experience in software development and programming to the Wiz-Tec team. He has
exceptional knowledge and skills in communication and server based data capturing
technology

Robert Liu, Intermediate Programmer

Robert holds a Computer Science degree with 11 years experience in POS software
development. His primary experiences and skills are in the area SQL database
applications as well web browser based user applications.

The Crew

Chris Parker, Technical Service and Support Manager, Western Canada
Roy J. Wiley, Technical Service and Support Manager, Ontario
Donald Cox, Technical Service and Support Manager, Maritimes

Additionally, Wiz-Tec currently has 20 strategically placed hardware support staff, who
work on a contract basis as required for Wiz-Tec, located across Canada.




                                             6
 Chapter


  2

Background on Tax Exemption Programs
       Electronic Indian Tax Exemption Claims are a pioneer deployment of modern
       technologies in the fields of effective government control and tax regulation, unique in its
       own right and of the very first kind.

       The only other successful deployment of this manner of controlled application is the world
       wide debit and credit payment processing system, first designed and deployed (in real-
       time) in the late 80s. As is clear since its inception, this system has dominated the world
       as its most successful gain of control and resulting automation.

       Electronic Tax Claims are essentially the same concept. They have the same
       requirements, controls, and would follow the same trend and path of implementation as
       their predecessor technologies.

       In-depth knowledge and skills are required on each aspect of the control and of the
       controlled substance in order to successfully design and implement a successful tax
       exemption program without incurring huge costs as a result of "trail and error".

       Since the 60s and 70s (the so-called information age), information collection has been in
       place for all governments, and large to medium sized organizations.

       Having information gives an organization the basic mechanism, as a starting point, to gain
       control. Yet within the current complex infrastructure (the rules and policies) which is rife
       with explosively overloaded information, the control becomes an "illusion". All the
       information gatherer has is information with no real means of validation to control the
       implications of the information they gather.

       This basic flaw in gathering information makes it extremely costly to gain significant
       control, and further to enforce that control. Such policy implementation failures have been
       seen in many areas in virtually any place where there are rules and regulations in place.

       A good example of this would be to look at thousands of years of criminal law
       enforcement, to the now infamous "gun registry" and the Federal Government Ad-scam
       Scandal. Information is gathered, policy is created, but there is no methodology to support
       implementation, or to validate information to support efforts to enforce the original policy
       created. Control becomes a matter of social science in human behavioral psychology,
       which results in becoming a matter of prevention, not punishment.

       Fundamentally, there is no true difference in the restricted production, distribution, and tax
       collection or rebate issues surrounding Indians on reserves. The fundamental problem has
       always been the "human" factor to interpret, understand, carry, monitor, follow or
       otherwise report, and enforce such rules and regulations where the "human factor" may
       be involved, as well as within the "conflict of interest" components of the program.



                                                     7
Crime is a good example. It is a known fact that where crime exists, 90% of the law
breaking cases are not known, and less than 50% of those reported result in charges
being laid. (Each as a result becomes extremely costly to enforce, in direct relation to the
cost as opposed to expenses or lost revenue’s as a result of the unenforceable, or
unreported crimes).

An obvious example would be speeding motorists… less than 1% of the occurrences that
are caught, can easily consume more than a quarter of all the police resources to enforce
speeding laws. This is a prime example of a crime that is committed, but which is difficult
to enforce simply due to the shear volume of offenders. If the police could catch everyone
who speeds, the cost associated with trying to enforce the law and stop speeders would
go down.

The irony of these types of examples is that economical, feasible methods and
technologies do exist. These technologies have the ability to effectuate a level of control
that can, for example, catch 90% of the speeders, utilizing only a fraction of the resources
of a local police department.

This is no different in the "policy making" business of Indian tax exemption on Reserves.
Beyond the primary human "interpretation" factors, there are human errors in many, if not
most, of the industry applications that can and do result in potential loss through over-
payment.

Based on the erroneous assumption that data means information and information means
control, many policy makers and system designers pursue costly implementations that
achieve not much more than populating a hard drive with information.

The gun control program is a very good example of this. The program was designed to
serve the purpose of aiding in stopping the proliferation of guns. As well as the tracking of
the whereabouts of registered guns, but to date has been not but a source of political
optics, be they good optics or bad.

Clear understanding of control and controlled substances would result in effective design
of the control program, and effective design and implementation would yield the sought
after outcome.

Policies and laws must exist as a judgment tool, but by no means can one categorically
state a particular law to be one of effective "control". Information collected helps to
understand what needs to be controlled, but still has no meaning in the sense of actual
"control". Policing and punishment is the least effective way of gaining control, and
nowadays becomes a matter of "risk management" over the cost of control.

So the formula of control should read: Policy + Enforcement = Control

The conventional formula has been:: Enforcement = Policing + Punishment
i.e. Policy + Policing + Punishment = Control

“Kill them all” is obviously not an option to consider. The "Effectiveness" (or limitation
under the guise of “risk management”) would be the equation and balance between "Cost
of Enforcement" verses "Cost of Loss of control ".




                                              8
In which case the formula should read:
    Enforcement = Prevention
i.e.
       Policy x Enforcement = Control

It is part of our human nature and mindset that, "hiding and running" is easy, while
"catching them all" is extremely hard. 10% of the exceptions are typically the cause of 90%
of the problems, yet 90% of the resources must be spent to stop the 10% from growing to
be 90%. Nor does it mean the 10% causing issues can be completely eliminated, rather
they are isolated.

When the interest or benefit becomes significant enough, it is a condition of human nature
to take risks, break rules, and taking advantage of a situation. That is why we are human,
and how we advance and evolve. On the other side of the coin, it is also a human
condition to be obsessively minded to believe that we can control a situation and that we
should “catch them all”, which is a mathematical impossibility.

The most effective means of enforcement obviously is prevention. The effective prevention
becomes the enforcement, and the enforcement is the control integrated directly from
policy. Policymaking becomes part of the control and enforcement.

The implementation of prevention is not costly, nor hard to achieve. Rather "training" or
"education" which still relies on human psychological stress (conscious fear of
consequences) is expensive and unreliable. In the advent of a technologically enabled
society, it should be an effective automated machine preprogrammed with policy, which
then enforces that policy.

In the following formula,

       Benefit x Opportunity - enforcement = Exceptions

When the interest and benefit (like tax) is significant, humans can not avoid the temptation
to break the law. If opportunity presents itself, regardless of how much brainwashing, or
punishment is involved, there will always be someone who can see advantage.

Speeding is the result of greater “opportunity”, and drug trafficking is from greater benefit
than consequence. The prevention efforts and technologies introduced are to reduce the
“opportunity”, viewing this as the most effective and only method to reduce exceptions. If
consequence of infraction was sufficient enough a deterrent, no one would bother locking
their doors at night, confident in the security of the consequences to anyone invading their
homes. Obviously, this has not been the trend.

This is why deployment of technologies, when they can do a better job than humans, must
be implemented. One must always remember that machines are stupid in nature, and
they can only do what we tell them to do. A machine does not suffer from consciousness.

This can be likened to the concept of putting up a “stay off the grass” sign, knowing that
the moment the sign goes up, someone will walk on the grass. Why not take the money
spent on the sign, and the money spent attempting to maintain a trodden lawn, and put it
into a hedge surrounding the lawn, effectively preventing anyone from walking on it to
begin with, and saving the headache of repairing any damage.




                                              9
This method of thinking creates a situation where there is no case of “catch me if you can”
and “catch and release”. Simply “obey” because there is no option to “Disobey”.

Lets look at an Indian tax exemption program… on top of automating electronic process’
to reduce labor intensive manual processing costs, the primary target is to effectively
implement human independent devices and mechanisms. This provides the environment
to avoid abuse and misuse, which would end up being more costly to control without
effective security and control.

This requires zero tolerance for misunderstandings and errors at the design stage and
throughout the implementation process, in addition to allowing room for flexibility for future
expansions -- the so-called design to control the "unknown".

Wiz-Tec has seen abuse and misuse rates as high as 15% to 30%. With lack of control,
the incidences can go as high as 200% or more. The failure is not the policy itself, but
rather the mechanisms to implement an effective and efficient system so the policy maker
can obtain the control, and most importantly, the active enforcement with minimal cost.

In the following case studies, the reader will notice that there is a common thread
throughout all five studies. This thread is simple… more anticipation of human behavior
implemented in the design stage of a project creates a more satisfactory result for every
party involved.




                                              10
Case Study #1 - MasterCard and Visa, the evolution of card
management and security

       Background of the Credit Card industry

       The credit card was the successor of a variety of merchant credit schemes. It was first
       deployed in the 1920’s in the United States, specifically to sell fuel to a growing number of
       automobile owners. In 1938 several companies started to accept each others cards.

       The credit card industry originated in charge accounts that were maintained by individual
       shoppers at certain stores. These were relatively simple two-party arrangements involving
       only the customer and the store extending the credit.

       Today’s credit card industry, although it involves complex relationships among several
       corporate entities, can simply be described as a three-party system in which the credit
       card company occupies a position between the customer and the store. Typically, the
       credit card issuer pays the merchant for charges made by a credit card holder, then the
       credit card company bills the card holder for the amount of the purchase.


       The concept of paying multiple merchants using a card was invented in 1950 with
       Dinnerclub’s invention of the charge card, which is similar the modern version, but
       required the entire bill to be paid with each statement. It was followed shortly thereafter by
       American Express.

       Bank of America created the BankAmericard in 1958, a product which eventually evolved
       into the Visa system. MasterCard came to being in 1966 when a group of credit-issuing
       banks established MasterCharge.

       There are now countless variations on the basic concept of revolving credit for individuals
       (as issued by banks and honored by a network of financial institutions), including
       organization-branded credit cards, corporate-user credit cards, store cards and so on.


       How they Work

       A credit card user is issued the card after approval from a provider (often a general bank
       but sometimes from a captive bank created to issue a particular brand of credit, in which
       they will be able to make purchases from retailers supporting that credit card up to a pre-
       negotiated credit limit. When a purchase is made, the credit card user indicates his/her
       consent to pay, usually by signing a receipt with a record of the card details and indicating
       the amount to be paid. More recently, electronic verification systems have allowed
       merchants to verify that the card is valid and the credit card customer has sufficient credit
       to cover the purchase in a few seconds, allowing the verification to happen at time of
       purchase.

       Each month, the credit card user is sent a statement indicating the purchases undertaken
       with the card, and the total amount owing. The cardholder must then pay a minimum
       proportion of the bill by a due date, and may choose to pay more or indeed pay the entire
       amount owing. The credit provider charges interest on the amount owing (typically at a
       much higher rate than most other forms of debt). Credit card issuers may waive interest
       charges if the balance is paid in full each month, which allows the credit card to serve as a


                                                     11
form of revolving credit, or they may choose to apply any payments toward recent rather
than previous debt.

Security

The Credit Card industry has grown at an enormous rate during the past 20 years.
Unfortunately this rapid growth made it an easy target and created many new
opportunities for individual criminals and crime syndicates. No one can provide an exact
figure for the annual loss caused by credit card fraud, but according to Chris Trotskie,
chairman of the South African Card Fraud Forum, it exceeds R 50-million per annum in
South Africa. The four major banks in South Africa for example, loose approximately R 5-
million per month due to credit card fraud. Visa’s global losses are about $ 2-billion per
annum. If this continues at the same rate fraud will cost $ 11 per card by 2008. This only
accounts for what the card issuers’ portion of fraud represents, and does not include those
occurring with individual users.

The relatively low security of the credit card system presents many opportunities for fraud.
However, this does not imply that the system is broken. The goal of the credit card
companies is not to eliminate fraud, but to reduce it to manageable levels, such that the
total cost of both fraud and fraud prevention is minimized.

This implies that high-cost low-return fraud prevention measures will not be used if their
cost exceeds the potential gains from fraud reduction. This opportunity for fraud has
created a black market in stolen credit card numbers, which must generally be used
quickly before the cards are reported stolen.

Up until the early 90’s, Credit card companies such as Visa, Amex, and MasterCard
contented themselves with simplistic, batch-based negative card files and the honesty of
the retailer to manage their delinquency and fraud. This, of course, was hardly successful
by current standards, and fraud had the potential of reaching what we would consider
extremely high levels, at 15% to 30%, or more. It should be noted that when a Card
Issuer publishes any figures relating to this, it is highly unlikely that they are giving the true
numbers out. They are generally higher than admitted to.

Additionally, it placed the retailer in a position of danger as a result of irate customers
focusing their anger and frustration at the poor sod standing behind the cash register
when their cards were taken and cut-up.

This policy was in effect forcing the retailer to police the card user, and as such created a
substantial liability to the card issuer

Two major improvements were enacted. The first was the advent of online, real time
processing, which eliminated the need for negative card files. The card issuer, the retailer,
and the customer received immediate notification from the newly created Pinpad
technologies being deployed throughout the country.

This was a major break-through for the card issuer, as it immediately stepped down the
level of exposure to over-limit usage. It was also beneficial to the retailer, as the purchase
amount was confirmed, and the transaction fully executed as soon as the transaction
approval was returned.

It also assisted the retailer by reducing the effective amount of charge backs they might
suffer from, and consequently allowed a major reduction in the transaction fees they paid
to the card issuer.




                                               12
Up until roughly ten years ago, very little was done to ensure some level of integrity in the
use of credit cards. Unfortunately, the sheer volume of fraud that had been occurring,
especially with the introduction of on line payment, forced the Banks and their respective
Credit Card Partners to re-evaluate the transaction process to increase the level of
security.

The largest improvement was the confirmation that the individual presenting the card, was
in fact the person on the card. This was done by confirming the signature on the card to
the signature on the submission receipt.

The author of this case study recently used a new card which he forgot to sign the back of
for almost two months, before a store clerk noticed the signature had not been committed
to the back of the card. She requested the card be signed, and then requested the
receipt be endorsed as well, then compared the two, and the transaction was completed.

Obviously, one cannot consider this a major leap in security.

Despite this, Visa and MasterCard claim less than a 5% loss through fraud and abuse and
this is reflected in the merchant transaction charges.

Three improvements to card security are being introduced to the more common credit
card networks at the time of writing.

1) the on-line verification system used by merchants is being enhanced to require a 4
   digit Personal Identification Number (PIN) known only to the card holder,

2) Second, the cards themselves are being replaced with similar-looking tamper-
   resistant smart cards, which are intended to make forgery more difficult. The majority
   of smart card (IC card) based credit cards comply with the EMV (Europay Visa
   MasterCard) standard.

3) Third, an additional 3 or 4 digit code is now present on the back of most cards, for use
   in "card not present" transactions. These codes are an important new security feature
   for online transactions. There are three types of card security numbers:

Card Verification Value (CVV) is a three-digit code printed on the back of Visa
and Discover cards.

Card Validation Code (CVC) is a three-digit code printed on the back of
MasterCard credit cards.

Card Identification Number (CID) is a four-digit code printed on the front of
American Express cards.
This feature helps validate that a genuine card is being used during a transaction.

The code is not contained in the magnetic stripe information, nor does it appear on sales
receipts. The code is ONLY printed on the cards. Therefore, someone who may have
stolen your credit card number will not have that code. When you enter your code, it is
validated during the order process. The code ensures that you have the card in your
possession and that your card account is legitimate. Not secure but achieved fair level of
effectiveness, we did recommended and accepted by Nova Scotia Merchant Server
program using “issue date” to verify card present as if a “Pin number” validated by the
server.




                                             13
The Banking and Debit Card Industry

The banking industry has been lagging behind although they have always been
association with various major credit companies. The implementation of real-time debit
transactions in electronic form has been developed and well accepted in Canada (in US it
is called an ATM card, which to some degree lacks the universal compatibility between the
banks).

The existing data security is based on Pin Numbers using 56bit DES. This is an aging
technology and a major security flaw. Despite this, it is a much better security standard
than the current Visa and MasterCard applications. Regardless, the known and a majority
of the unknown fraud cases, specifically in Europe, are huge.

The level of fraud is forcing the banking industry to upgrade their existing security
standards. Europe and Asia have implemented a "cash in the card" based smartcard
application, which is a "distributed" application. At the same time, they are looking into
implementing new 3DES or AES based Pin Number encryption as well new industry
standard (RSA) ways for public key distributions.

As yet this has not been implemented, nor is it easily distributed.

The bank industry has also looked into possible security threats and non-expandable
applications (for autograph or fingerprint) when transmitting the actual Pin Number
(encrypted) in the data stream. To date they have yet to find an effective mechanism of
replacing the methodology, other than upgrading the encryption security standard.

(Note: Combined with all the advanced technology existing today, Wiz-Tec’s Merchant
Server is also capable of hosting multiple dynamic Pin Numbers managed by our Agent
Server, which is much more flexible than existing “all or none” debit Pin implementations.
Wiz-Tec has also developed digital signature on data transmission (used in Nova Scotia)
to effectively prevent possible retailer or communication associated fraud, that the banking
and credit card industries have yet to mandate. In addition, Wiz-Tec has developed its
exclusive “Pinner60” technology, where the Pin Number is not transmitted in the data
stream, and thus is not subject to future encryption defects. Further more, combined with
Agent Server, Pinner60 is designed for use with other types of Pin identification like
autograph, fingerprints etc…)

Conclusion

The debit and credit card industries have evolved over many years through costly trials
and errors. Consider the transaction volume worldwide (up to $26 billion in one given
day). Visa and MasterCard have mandated new security standards and compliance
requirements using either chip based technology and server based Pin Number
verification (based on RSA and 3DES).

A requirement for signature and photo ID validation have not been effective, but does
provide a means of "charge back" to pass through some of the cost and loss from abuse
and fraud.

The only effective way to control abuse and fraud is to maximize security designs with an
eye towards minimum dependency on individuals and the respective retailers.




                                              14
Merchant server was designed and developed in 1998, and had security standards light-
years ahead of the 2010 mandate. It is capable of handling all current forms of card
security, as well as retinel, and fingerprint verification.

As a result, Merchant Server was proposed to several major internet based dot-com
companies to battle online credit card fraud. Unfortunately none of the Dot.com
companies could afford the program without issuing paper, and Wiz-Tec does not take
stock in kind. All of those companies eventually went bankrupt.




                                          15
Case Study #2 – Canadian Gun Control Program


       Background on the Program

       In the late 90’s, the Canadian Government announced the launch of Canada’s first true, all
       encompassing gun registry, which would form a database of all guns legally owned in
       Canada. This is an effort to better understand the distribution of firearms across the
       country, and to enable the Canadian Government to presumably control the issuance of
       licenses and such to people who sought gun ownership.

       As of 2003, most people, who are not directly involved in the Gun Control Program, would
       agree that the model instituted by the Federal Government was an unmitigated failure.
       This caused no small amount of anger amongst the population, and was responsible for
       defacto rebellion from some of the western provinces unwilling to accept the law. Alberta
       for example essentially refused to prosecute the act of violating the program.

       The Department of Justice is responsible for the Canadian Firearms Program (CFP). The
       program is organized as a sub-activity within the department. The 1995 Firearms Act
       requires that all owners and users of firearms must be licensed by January 1, 2001 and
       that all firearms must be registered by January 1, 2003. In 2000, a sample survey
       conducted by GPC estimated that there are 2.46 million owners and users of 7.9 million
       firearms in Canada.

       The Result of the Program

       Given the fact that over $2 billion has been spent at an annual cost running into the tens of
       millions, each registration by owner costs about $900 for every $100 spent by a user per
       annum. Put another way, each firearm cost the Federal Government an average of
       roughly $300 to process at $31 per registration per gun per year. On top of that, it is an
       incomplete database. Theoretically, the gun registry costs more than all the guns in this
       country combined.

       Gun related crime actually increased since the programs inception, and hardly any
       firearms retrieved from gun related homicides have ever been registered.

       In July of 2005, Deputy Prime Minister Ann McCellan announced the program had
       successfully prevented a little over 2000 applicants from receiving license’s for firearms,
       and that the nations police had made over 20 million inquiries to the register. This, she
       proclaimed, was proof the program was money well spent.

       The same day she made the announcement, the gun related homicide statistics for the
       province of Alberta were released announcing that they were up in 2005 by 33% over the
       entire year of 2004. Only a small percentage of the firearms used were registered.

       The program’s success is obviously highly debatable.

       The cost of the registry database is mis-represented as "information". If one considers
       having information on registered guns and law abiding gun owners the measurement of
       success, while ignoring gun crimes, unlawful gun distributions and the ever increasing use
       of guns in criminal behavior. Then one could say the program is a success.


                                                    16
However, if one begins to take gun crimes, prevention of unlawful gun distribution, and the
percentage of crimes involving guns as the measuring stick, (this being the published and
stated goal of the CFP) then the program is a failure.

The registry "information" is wrongly promoted as gun control where there are no
mechanisms, implementations or even a means of "control". The originally proposed cost
of $2 million is fair to create and manage the run registry. The cost of $2.3 billion is a result
of "trial and error" based on misunderstanding a bad design, while attempting to make the
database a source of information and information as control.

Where did it all go wrong?

Simply put, the Government had the right idea to commence on a program, namely the
gathering of all pertinent information regarding who owns what guns.

Raymond V. Hession, who was contracted by the Federal Government to do an
independent evaluation of the program, summed where the program failed best. He
stated categorically in 2003;

“The first baseline forecast suggesting that the Canadian Firearms Program (CFP) would
cost taxpayers only about two million dollars in excess of the fee income it would generate
was plainly based on flawed assumptions. The technical requirements and business
processes that were developed to implement the stipulated functions of Bill C-68
(Firearms Act) proved to be dauntingly complex.

And, the project struck to manage the development failed to prescribe the business
process and technical architecture of the solution based on which it would be designed in
detail, built, tested and rolled out. Without that full architectural expression, it was not
feasible to do a proper estimate of development costs. Instead, the architecture evolved
and, change-by-change, the project grew more complex. The development costs
escalated.

And, because the CFP was a wholly new venture for the department, there was very
limited operational experience on which to draw as a check on the unintended deleterious
effects of policy requirements on efficient program administration. The procurement
method employed by the government allocated little performance risk to the two
contractors who were asked to detail the design and build the solution. They did what they
were told to do and billed accordingly”.

Clearly, lack of understanding, and an unclear definition of what was attempting to be
achieved, completely derailed what in essence is a very simple program.

In other words from the beginning the IT companies controlled the whole process, they
provided the hardware, developed the software and data processing, and maintained
control over it leasing it back to the government. Every time a change was made, a charge
was issued, driving up the operational costs of the CFC and the CFP. The costs were in
the millions, and the government still did not own the hardware, software or data, this was
still the property of the IT companies.

It is apparent that in this case, large multi-national companies took complete advantage of
the ignorance of the managers from the government side of the equation. As Eugene
Plawiuk, an executive member of CUPE states:

The result of all this outsourcing of computer technology for the CFP is the
recommendation from Hennison that "to bring development costs under control, with the
exception of normal application maintenance, no additional software functions should be

                                               17
added to the existing technical infrastructure." So when outsourcing fails once we try it
again and when it fails again and cost overruns occur we now freeze the program.


Like EDS, Team Centra benefited from outsourcing. "By joining forces with AMS, CGI has
doubled its critical mass in both the United States and Europe. With 25,000 professionals
and US$3 billion in revenue, CGI is one of the largest independent IT and BPO companies
in the world," says their web page. And again they profited from cost overruns at CFP, just
like EDS.

He basically states that the P3 model deployed for this program was a complete wash,
and that because of lack of technical expertise on the part of the Government, the large
multi-nationals were able to lead the Government managers down the garden path, by not
helping to educate them on what they were attempting, but rather allowing them to think
they understood the end run goals of the program on the implementation side.

This is confirmed in Hennsion’s report, although he states it in a much more diplomatic
manner.

The first baseline forecast suggesting that the Canadian Firearms Program (CFP) would
cost taxpayers only about two million dollars in excess of the fee income it would generate
was plainly based on flawed assumptions. The technical requirements and business
processes that were developed to implement the stipulated functions of Bill C-68
(Firearms Act) proved to be dauntingly complex.

And, the project struck to manage the development failed to prescribe the business
process and technical architecture of the solution based on which it would be designed in
detail, built, tested and rolled out. Without that full architectural expression, it was not
feasible to do a proper estimate of development costs. Instead, the architecture evolved
and, change-by-change, the project grew more complex. The development costs
escalated. And, because the CFP was a wholly new venture for the department, there was
very limited operational experience on which to draw as a check on the unintended
deleterious effects of policy requirements on efficient program administration. The
procurement method employed by the government allocated little performance risk to the
two contractors who were asked to detail the design and build the solution. They did what
they were told to do and billed accordingly.

The Federal Government made the mistake of assuming that because you have
information at your fingertips, you have control. They commenced on design with an eye
towards implementation, and discovered they hadn’t put enough into the planning stage,
thusly forcing them to continue to go back to the developer companies to revamp this form
or that, and those companies cheerfully took their marching orders without explaining the
complexities that were mounting with the continual changes. They would just send a bill
and do the change.

Conclusion

This categorically shows that the implementation of a policy is a crucial if not the most
important factor of enforcement. A conventional and political way of introducing policy
would typically result in "putting the cart before the horse".

Like "gun control" and most other policy implementations, they come to the conventional
route of "information = control = enforcement" where "information" is misinterpreted as
"control", and "control" is misunderstood as "enforcement". The control and enforcement
are designed and applied based on the assumptions that law-abiding citizens are
accounted for and would commit a majority of the gun crimes.

                                             18
This methodology is somewhat akin to placing a "do not enter" sign at a bathroom door
and subsequently dedicating resources to watch the door, then using lawyers to punish
those go through the door and get caught.

The purpose of gun control is to control the guns, gun trafficking, and gun uses that are
specifically associated with gun crimes and criminals.

If Merchant Server were implemented for the gun control program, and integrated with all
the existing criminal databases, with real-time enforcement devices at every gun shop,
every gun supplier, every police station, every emergency vehicle, and every border
crossing, it would still cost less than 10% of what has been spent today.

The reason for this is simple, Wiz-Tec educates our customer, participating in the design
process, and works hand in hand to make sure that what the customer is paying for is
what they get, while still achieving the end goal.

Large entities are not so mindful of this, and at the end of the day, will take advantage of
the situation because what the customer wants is only part of what they are being charged
for, using the 90’s mentality of “trapping the customer”, by providing the carrot, but
dangling it from a stick.

This is substantial, because it speaks to how the IT world does its business. To
companies like IBM, CGI, Microsoft etc… a problem is not a problem when it requires
servicing, because servicing means man-hours and man-hours mean money. So in
effect, if there are no problems, that is a problem for the IT supplier because they do not
make money on technology that does not break.

What we emphasize in relation to the gun control program is the importance of trying to
have people learn the costly lesson of what not to do in every aspect of the program. In
the case of the CFP the design, development, implementation, deployment, and the risk
management resulted in mistakes, and the cost of that has been clearly shown.

Whoever got the $2 billion is the only true beneficiary of the gun control program.

Without knowing where to go, and how to get there, it is fair to say that the Government
got on the wrong bus at the cost of $2 billion, and are still figuring out which direction to go.

In relation to cost vs benefit vs control, It would have been cheaper and more effective to
purchase a handgun for every Canadian over the age of 16. Then everyone would have a
gun, every gun would be noted in the registry, and illegal gun distribution would effectively
be eliminated because everyone would already own a gun. Most importantly, the
database to store ownership information might cost around $20 million, and the
Government would have spent less than a billion dollars.

Irony has no limitation.




                                               19
Case Study #3 SITE and AITE

       Background on the two Programs

       Backed by provincial policies, most of the current provincial government Indian Tax
       exemption systems (ITE) are based on manual and paper process’s, carried by individuals
       where each transaction occurs at the retailer level. Besides the amount of resources and
       the cost incurred by manual procedure methodologies, the actual tax lost due to failure of
       such control and enforcement is huge, especially with high prices and higher rates of tax.

       Wiz-Tec has seen many instances, some estimated to be above 50% in tobacco, and
       25% in fuel, all a result of "human“ factors like fraud, theft, abuse, misuse, human error,
       etc…

       Referencing the card payment industry without an effective control mechanism, there is an
       estimated minimum 5% to 30% loss due to human factors. With limited information
       collected, and in consideration of the absence of any control mechanism, Wiz-Tec would
       estimate that 15% to 30% or more claims are subject to loss due to human factors. The
       cumulative effects would be serious and very substantial. It’s not a “growing pain” that
       goes away over time, but a serious “gaping wound” that has to treated early and fast.

       In particular, the SITE program, assuming that $52 million in rebates have been issued per
       annum, the tax portion would equate to $1 million per week, $0.5 million per retail store
       per year, and $770 per individual. This is assuming all 65,000 Indian residents are active
       drivers and smokers. (Note: Wiz-Tec has been told the number of users may be higher,
       and has derived this number by eliminating the participation of any First Nations member
       within the Province of Saskatchewan under the age of 15, based on the 2001 census)

       When one is considering only a few years of implementation of the tax rebate program,
       and without any effective control mechanism, this number will continue to climb almost
       exponentially over the next 5 years.

       To our best understanding, derived from a legal dispute, the initial mandate of the SITE
       program is to automate the costly manual tax exemption claims in order to reduce labor
       and infrastructure costs, and to insure that members of the First Nations receive their
       treaty entitlements.

       It is safe to say it has been effective in this aspect, although not completely because the
       implementation is not deployed to every retailer on every reserve, thus it is not achieving
       100% penetration. Some labor and infrastructure has to be kept in place to accommodate
       non-compliant retailers for manual claims.

       SITE depends 100% on the POS functions, 100% on retailers' and individuals' trust, as a
       result, it has minimal measures of validation, control, security and enforcement to reduce
       any human factors for misuse or fraud. Tobacco, and ever increasingly priced fuel are
       primary substances for abuse.

       By our estimates, without effective validation, security and control measures, the cost of
       the “human factor” would be so huge that it could easily result in negative overall cost
       benefit. By this we mean that the money spent to implement the program in effect caused



                                                    20
the program to become more expensive because of the potential for abuse inherent in the
design of the program.

This is not to say that the program is a failure, rather we suggest that it does exactly what it
was designed to do, automate data collection. What it does not do is carry forward
security measures to limit potential abuse. That was not part of its functional design.

The Alberta AITE is implemented with some degree of control by uploading and enforcing
validations at the POS. Although this is still not a 100% solution in terms of cost savings to
eliminate the infrastructure and labor costs for manual paper claims.

Additionally, AITE is still POS dependant, both functionally, in reliability, and service and
support.

The biggest failing of the AITE is the use of a non-secure bar-coded called somewhat
euphemistically the "white card", which is distributed by the retailers.

The AITE has minimal card level security for validations and enforcement for qualifying
individual’s which is one primary road block yet to be overcome. This leaves the AITE with
no effective means of elimination based on eligibility, as ineffective validation of manual
entry automatically defeats the fundamental design of eligibility validation.

Another issue in the AITE program is the communication component (using aged and less
reliable "Blast") which is troublesome and offers no future possibility of upgrade or
enhancement. In this regard the SITE program has a little bit more robustness, as it is
using a common day standard, PC Anywhere, which is easily upgraded, and used by over
40 million entities world wide.

AITE, like SITE, has no transmission, nor data encryption security, and the result is a
vulnerable implementation subject to potentially serious electronic fraud.

AITE has attempted to police the validation process, and has used lawsuits in its attempts
at post-enforcement, all they have achieved is minimal effect at great cost to the taxpayer.

They are defeated based on the fundamental fact that it is the treaty right of the Indians to
receive their exemptions. Federal law trumping Provincial law as it were. While the
retailers are not in the business (nor are they being paid to) act as police and a collection
agency for the government. Civil enforcement is a pure waste of time at the end of the
day, and the Alberta Government has had its share of defeats in the courtroom.

When taken in the context of the existing Saskatchewan and Alberta tax exemption
systems, Wiz-Tec sees a clear defect at implementation. The program has the
information to effect control, but not the necessary tools to make that control seamless for
all parties involved.

This actually speaks out to the fundamental difference in the Merchant Server system,
versus ad-hock programs, where machine (the lock) enforcement is placed in the front of
the process.

Merchant Server is not designed just for "automation", but rather with all the security and
data encryption implementations necessary to gain effective control and enforcement
without human "factors" or "opinions". As earlier stated, "human factors are the cause of
the problem". They must be minimized, if not eliminated all together, during the control
process.




                                              21
For example, there is nothing fundamentally wrong with projects like the federal gun
control registry per say. It is the implementation of the gun registry, which is the ($2 billion)
failure, and as a consequence it is deemed useless, because it does not give control, or
enforcement.

What makes it worse is the "control" attempting to be created is not really in the politician's
mind, nor in the designer's hand. The gun control program, and by further extension,
social insurance cards, driver's license, healthcare cards, and passports, give a
government an effective way of regulating the majority of lawful citizens. By no means do
these programs speak to controlling serious crime or abuses. Those continue to enjoy an
aloofness that one might say is “above and beyond” the law.

Going back to the formula we already introduced:

Benefit x Opportunity - enforcement = Exceptions

In the case of ITE exemption programs, there are clear benefits (tax), and there are
definitely easy opportunities to execute against with minimal effort. Without policing or
another other means of enforcement, the only major factor allowing control of the
“exceptions” would rely on human consciousness. Without hiding our heads in the sand,
we know exceptions like abuse, fraud are definitely occurring. SITE has a higher
probability factor, and an easier opportunity factor than AITE, yet the AITE opportunity
factor is still large without secure and reliable identification cards and implementation.

Quotation implementation of the ITE policy

After battles over Indian treaty rights for provincial tax exemptions, most provinces in this
country set up some kind of policy for a quota and purchase limit system. Quotation based
implementations, electronic or not, are merely a method of “risk management” to limit
reasonable maximum amounts of tax rebate.

In this case “risk management” is the “control”, to limit abuse and fraud to a maximum
tolerance amount, enforced upon individuals and retailers. Many provinces like Ontario,
Quebec, Alberta and New Brunswick believe it works effectively. Working on the premise
that if total consumption of the quota equals “x”, then essentially any number under the
maximum number is considered insignificant. The money stolen or lost is a manageable
expenditure and the provinces are literally budgeting for abuse and fraud

The fundamental fact is that, regardless of negotiated agreements with current Indian
Authorities, the implementation and enforcement of a quota system is not the “historic”
treaty precedence. They can and eventually will be disputed over time when limitation is
set and enforced too aggressively.

Since first introducing the AITE program in Alberta (and SITE by extension) the Alberta
government has already seen challenges, and as a result has had to allow exemptions
when a valid reason could be given, which is a fact of defeat of their quota system.
Denying rebate payment after the fact (when the exemption is already given) would
seriously offend the retailers, many of which are band owned entities, and not shy about
engaging experienced lawyers.

Quota’s and limits are effective, but when applying general non-exception rules (like
AITE), it broadens the scope of effects upon all retailers and the entire resident Indian
population. It becomes the recipe for dispute.




                                               22
Nova Scotia’s NSIFTE program, delivered by our Merchant Server system, manages and
applies limits and restrictions individually, and further to that validates and enforces at our
POS device.

It does not just manage the exemption, it manages the entire harmonized tax
component of the sale.

Again, policy, enforcement and control are fully integrated at the POS device level. The
difference is that the Retailer and band will not be part of the equation for dispute initiation
and resolution. The reason is simple, control is in place every step of the way,
dynamically adjusted individually to effectively prevent costly disputes and possible law
suits.

Essentially, the Nova Scotia Government has taken the band and the retailer out of the
argument over denial of exemption rights by making it an individually controlled benefit. If
the individual wants to complain, they must do so only over their personal treaty
exemption rights, not the bands, because its not the band that is effected overall.

The resolution is simple… your one person, we are the Government, we will either agree
with you or not, and if we do not, you as an individual must dispute this. What single
individual would realistically do that… not many.

Probable Points of Failure in SITE and AITE

The primary subjects should be properly identified and controlled. The following highlight
some of the specific situations one must eliminate from the equation

•   Identification of qualifying individuals using effective and secure status cards

•   Validation and enforcement to eliminate non-qualifying individuals for each product
    purchase

•   Validation and auditing of retailers and wholesalers to avoid unlawful tax free product
    distributions

•   Create a minimum dependency on retailers and wholesalers through automation of
    the data collection and verification of eligible users of the program

•   Minimum dependency on POS functions and POS companies. Each device
    deployed at the retail level must ultimately be controlled by the Government, and of
    robust enough design to facilitate upgrades and modifications virtually on demand.

Without the control measures, the abuse and misuse results in the previously mentioned
chain of events:

•   Non-qualifying individuals benefiting from tax free items

•   Abusive individuals purchase and redistribute tax free items as a revenue source

•   Retailers and Wholesalers benefit from a larger volume of product distribution in
    addition to guaranteed tax rebates

Bluntly put, the elimination of the human element at the point of transaction is the only way
to begin to control the situation. To assume people will not abuse a system is to virtually
ignore human nature as a whole.


                                               23
One cannot eliminate all abuse. No matter how well the mouse trap is designed, there will
always be someone capable of beating it. One might say it is a condition of human nature
to find a way to overcome, and if the value is there for the effort, they will.

A government does however have the ability to make it so difficult that only a select few
will find a value in attempting to end-run the system, and the control measures can be
designed to be significant enough that those individuals are easily identified.

Essentially the pay-out becomes so insignificant compared to the cost of achieving it that
only the most sophisticated will attempt to rip the system off. That select few would have
been a problem regardless… The government just makes it harder for them.

Conclusion

Clearly, the two programs have what can only be considered gaping holes in their design,
which will eventually begin to be exploited, if they are not being exploited already. The
respective finance departments are not at issue here. They have fine individuals working
in both provinces ITE programs.

Rather the situation is more likely a result of policy, and what can and cannot be done
under the auspices of that policy. This in itself is the issue with government in general. Its
not that there are not capable minds to apply to a problem, it is that those same minds
have to wait until policy catches up with them to begin to initiate change.

Compared to the gun control program, the ITE solution is actually far more sophisticated.
The complexity of the gun registry is limited to operating and administrating a database,
which is similar to managing the Indian card administration. All existing ITE programs have
already achieved the same degree of success of what the gun registry has done, which
obviously is still not enough without an effective mechanism of control. Other than
automation of electronic claim captures, the primary solution of the ITE program should be
the control to prevent abuse and fraud, which otherwise is extremely costly to eliminate
and hard to retain.




                                             24
Case Study #4 – Nova Scotia Indian Fuel Tax Exemption Program



       Background on the NSIFTE

       As is generally known, most of the Canadian and US Indian Treaty matters have been
       forced via "policies" and many cases "denials" which is subject to innumerous legal
       challenges. It is the Indian's treaty right not to pay tax as very effective factor for the
       dispute. Yet, giving tax exemptions without policy enforcement cost hugely in unnecessary
       revenue lost due to many human factors of misuse/abuse.

       The Nova Scotia Indian Fuel Tax Exemption program came about as a result of litigation
       by the members of the Firsts Nations against the Provincial Government. The Indians
       claimed that the Government was not providing for the treaty rights of the natives by not
       allowing exemptions to which the First Nations felt they had right to when they would
       purchase fuel.

       The resulting court action ended in a settlement, which partly tasked the Nova Scotia
       government to come up with a more effective system to track and monitor the exempt
       purchases.

       In the aftermath of the settlement, SNSMR (Service Nova Scotia Municipal Relations)
       placed a request for pricing after having consulted various organizations, and ended up
       selecting a joint bid from AM/PM Services and Wiz-Tec Computing Technologies.

       Roll-out , Implementation, and Operation

       After a few months of discussions and consulting with us, given the fact of limited
       revenues and time requirements, NS government took many but not all our Wiz-Tec
       recommendations. Merchant Server System is scaled down, customized and
       implemented exactly to their detailed specifications.

       The Server side of the program took 10 weeks to customize and implement, with an
       expectation that the POS roll-out would take a further 4 months. The principle
       components of the program were designed in 3 stages:

       1) Merchant Server System

       2) Merchant Server Integration to existing government applications for auditing and
          automated payment process

       3) ADR Communication (Automated Data Retrieval)

       4) POS System (Point of Sale System)

       5) 100% end to end service/support of the servers, the communication and the POS

       The Merchant Server system (Wiz-Tec designed and installed) has never failed, and it has
       been in place for almost 2 years. The outcome has been exceptional beyond



                                                   25
expectations, including Wiz-Tec's ability, accountability, reliability, quality service/support,
and most of all the effectiveness of control at accumulative cost savings in multiple folds.

Initially the contract was awarded to a known larger company to deliver service, using
Wiz-Tec supplied software at the server and POS points, development and
implementations. Due to lack of knowledge, skills and accountability, the service company
had many hardware and communication related difficulties. After 9 months of repeated
problems, Wiz-Tec had been asked by the government to provide 100% service in
replacement. Wiz-Tec revisited each and every site, replaced over 50% of the hardware.
Wiz-tec also re-implemented our own ADR and as a result achieved next to 100% in less
than 45 days in reliability and performance, where previously the service contractor had
been unable to achieve more than 60%, after having 9 months to solve it.

The ADR component is completely self-repairing, and self-recovering, and requires
virtually no intervention by either Wiz-Tec or the customer. The fundamental but most
significant difference is that, we recognize the fact of communication errors exist because
of technology limitations and human factors, instead of deny them, our ADR anticipate and
automatically handle them.

This also put lie to the “no one ever got fired buying IBM” philosophy of the Nova Scotia
Government towards larger companies, and resulted in the establishment of a mutually
beneficial working relationship based on respect, trust, and integrity.

The POS system is utilized as the gatekeeper to the program, enforcing validation at
retailer level, by having the eligible consumer swiping their 3-track mag-stripe card at the
POS, identifying the user as an eligible member of the First Nations. When swiped, Card
ISO and expiry date validation is used. Issue Date and Birth Date is captured but elected
not to use for validation. In case of card swiping error at any given track, the POS can
detect and rebuild full information with 2 remaining tracks. When during manual card entry,
taking our recommendations, issue date must be entered and validated. This allows an
individual to purchase fuel with the exemption built into the purchase, and provides the
details of the transaction to the Provincial Government.

The retailer also provides the bulk fuel purchases, and the tank dip measurements. This
information is gathered by the POS system, and is retrieved along with the transaction
information on a batch based polling system which both pulls data from the POS, and
pushes information back to the POS from the NSIFTE program.

Diagram of the Polling Process for the NSIFTE




                                              26
How the System Process’

Validation and claim Capture is processed based on daily batches

•   With ADR, changes of registry data is sent daily to all retailers to be imported by the
    POS. Data records are digitally signed and validated by the POS.

•   POS, with specifically designed rules and validations, provide proportional tax
    exemptions based on individual quota/limit. Data is captured and digitally signed for
    claims. Daily claim totals are reported by the batch to the retailers.

•   With ADR, claims are polled daily from individual retailers. Up to 23 sets of
    configurable validation rules are set as part of the validation/authorization before
    claims are captured and filed. Exceptions and rejections are logged and reported,
    including digital signature validation of each merchant, date, claim batch number, and
    all individual claims. Possible electronic fraud case will be immediately highlighted and
    alerted to the operator.

•   Process is managed by individual batches, including each claim details with
    associated batch and unique reference number attached. This will avoid duplicate
    claims could ever been filed for rebate.

•   “Dual-balancing” technology is employed and automatically balanced between two
    completely separated processes and threads, by each batch of each retailer. Any
    discrepancies possibly caused by systematic database (transaction or replication)
    and/or OS (hardware or memory cache) errors will be caught, reported and settled.

•   Automated ADR will perform daily “hunt” at each retailer’s POS machine, in addition to
    error retrying. Looking for possible missing batches in case of possible error (like POS
    device corruption). When “hunt” fails, it will locate POS and analysis electronic
    journals and report for possible store closure (like Sundays).

•   Management Server automates, logs and self-recovers all process tasks including
    logging, ADR, data replication backup, daily batches, and all server interface tasks.
    Only unknown/unanticipated exceptions/errors that could not be successfully
    recovered, or cases of possible security breach, would the Management Server raise
    alert to the operator for attention.

How the System Interfaces

Custom interfaces were built to interface and integrate with existing government servers
and processes.

•   Interface and import from government’s eligibility and quota database derived from
    DMV (driver’s license). Identification of Indian Status as well suspension status

•   Interface to government retailer eligibility file, used for activation and suspension of
    given retailer non in compliance

•   Exporting of retailer weekly rebate payment directly to government’s SAP
    (accounting)




                                              27
•   Exporting, by batch, of daily transaction details imported to the government for
    transaction auditing and internal reporting

•   Server Interface via VPN and secure FTP. POS interface via ADR over modem

•   Interface to POS for eligibility of individuals, products, quota, exemption rate.


How the System Administers

In addition to server interfaced components Merchant Server provides various of simplified
system and data administration.

•   Data administrations like retailer data editing, individual card/member editing, eligible
    product editing, etc. are done via Wiz-Tec’s MClient (Merchant Server Client). Daily
    exception/error monitoring as well data administration are completed by the
    government

•   System administration and reporting via Wiz-Tec’s MConsole (Merchant Server
    Console). ADR and Management Server are fully integrated into MConsole for
    various exception/error reports, and numerous manual procedures and reports. The
    government carries monitoring and some essential administrative tasks. All the
    technical and majority non-routine administrative tasks are carried by Wiz-Tec.

•   Physical server devices like hardware, external tape backup and network connection
    are managed by data center


•   All software, OS, Database, Antivirus, Web/FTP servers, all Merchant Server
    associated software and hosting related services are administered by Wiz-Tec

•   Service/Support (server and POS) is administered by Wiz-Tec


How the System Reports

The Merchant Server System has 3 reports mechanisms in place:

•   Over a dozen of pre-build reports customized to government’s requirement and
    specification. There are dozens of pre-build Merchant Server reports though not used
    by the government, but may be used by Wiz-Tec for various administrative tasks.

•   ADR and Management Server to report status and errors/exceptions on
    communication and automation processes

•   Merchant Server processes to report status of all processes and some routine data
    administration tasks



The result of Properly implemented Technologies

Wiz-Tec has successfully designed and implemented an effective and trouble free
NSIFTE program using Wiz-Tec's Merchant Server technologies. Although not all Wiz-Tec
recommendations are taken by NS, several key effective measures has taken place to

                                              28
achieve exceptional reliability, NSIFTE program success and cost savings at minimum
operating/maintenance

Highlights of the NSIFTE successful implementations and deployments can be summed
up in the followings:

•   Implementation and deployment of the Server technologies was done in less than 12
    weeks. Pilot was completed 3 weeks after Server deployment. Roll out completed in
    4 month. POS systems currently installed at 15 sites. After designated Wiz-Tec as the
    service/support provider, has achieved above, and beyond the specification required.
    Combined with Wiz-Tec’s effective auto-recovery implementation it achieved virtually
    100% effective performance.

•   As the 100% end to end solution provider, Wiz-Tec delivered expert
    recommendations, reliable products, efficient development, effective implementations,
    and accountable quality services.

•   The performance goes above, and beyond not only the satisfaction of our work,
    products and services. Based on our Merchant Server design and recommendations,
    the cost savings the entire program achieved has also been exceptional beyond any
    expectations. Exact numbers are strictly confidential to the government of Nova
    Scotia, though from the numbers suggested by the SNSMR over 2 years of the
    program, a simple math, yields close to 80% (or 4 times) cost savings which means
    the whole program has been paid for in 3 month or less.

Consideration factors for program success

•   Policy making, design, implementation and enforcement are all integrated to be part of
    the policy and control

•   Raised card level security plus issue date validation for manual entries, to achieve
    effective eligible identifications.

•   Enforced POS device level identification and eligibility validation

•   100% deployment penetration to complete elimination of labour intensive troublesome
    manual/paper claims

•   Single accountable service/support vendor for POS devices, the Servers, and
    communications, from Wiz-Tec to archive trouble free 100% end to end solutions

•   Of course, use of our sophisticated design and reliable Merchant Server system

•   For various reasons including cost and time limitations, various components were not
    implemented nor deployed including the real-time component, tobacco tax
    exemptions, the Agent Server, the Pinner60 associated technologies, and enhanced
    card level securities.




                                             29
Case Study #5 – Chiniki Band of the Lakota First Nations utilizing “Pay
at the Pump”, a Technological Success:


        The Chiniki Band is a participating member of the AITE (Alberta Indian Tax Exemption)
        program, and as such, utilizes the card format, POS (Point of Sale) software, and
        communication software (Blast) initiated by the Government of Alberta in order better
        manage the exemption program.

        Since its inception, the program has worked adequately, in conjunction with a great deal of
        manual investigation, and enforcement on the part of the Government, unfortunately, it
        has not been able to answer the problem of fraud occurrence within the reserve itself
        though. The abuse of privilege, in relation to fuel by employees of the Band was known,
        but no real measurement of how much or how often the theft of fuel was occurring existed.

        Chiniki, is in this case history, a perfect example of a 360-degree solution using
        technology to control band services fuel consumption.

        About “Pay at the Pump”

        Pay at the Pump was first introduced into the market place around 1992 (by Gilbarco
        Pump Manufacturing). Wiz-Tec’s first “Pay at the Pump” product was released in 1994
        and deployed in 1995. Wiz-Tec is one of only three known Canadian manufacturers of
        “Pay at the Pump” products.

        “Pay at the Pump” is considered a mature technology and widely available nationwide.
        Wiz-Tec has been the first and only solution provider to deploy a “Pay at the Pump”
        solution to a member band of the First Nations, with upgraded security and control options
        custom developed for the customer.

        How is Pay at the Pump Utilized by the Chiniki band

        Wiz-Tec’s product is in the market place competing with mostly U.S. based rivals, and
        offers the standard features you find at any non-Indian related site. There are some
        specific custom features built into our solution, which only have applicability to Indian
        Reserve use.

        •   Dedicated Use – Pay at the Pump is implemented in such a manner that it is not
            available to the general public. As such, it cannot be used for Visa, MasterCard, fleet
            card, or debit. It will only accept specially encoded Mag-Stripe cards with hidden Pin
            Numbers for real-time verification, with assigned daily and weekly limits (individual
            and group), available balance on accounts (individual and group), and associated
            product restrictions. These private cards are tightly controlled by the Band
            administration, who issue the cards only to their employees, for the sole purpose of
            preventing abuse which the band ends up paying for. It is purely in the bands interest
            to prevent loss by rights, they are liable for.

        •   Security – There are built in security protocols, from physical security such as locked
            door access, to Windows logon security, including application software password
            access (which changes regularly), to limited/authorized personnel access and so on.



                                                     30
    Upon use, the individual must have the specially encoded card as well as the privately
    assigned Pin Number to use and purchase fuel.

•   Business usage – Based on types of business use (for Fuel), each card is tightly
    restricted for types of fuel the employee is permitted to purchase, including maximum
    limit by day and week, determined by the band for the individual who is to be “Pay at
    the Pump” enabled.

How the Technology assists the Chinook Band

Upon each fueling, the card must be presented, within the quota/balance limits, upon
restricted product selections, and associated with the correct pin number entry, in real-time
for verification purposes. The Pin-number itself can be up to 9 digit. If the wrong Pin
number is entered in, the system will allow a maximum of 5 retries before permanently
disabling the card.

As with conventional Pay at the Pump solutions, it processes and logs every fueling
automatically, strictly enforcing the rules required for operation, avoiding any manual
intervention and possible abuse. As mentioned, administration of the cards (users,
eligabilities, limits…etc) are strictly enforced by the Band for their sole purpose and
interests, thereby avoiding any abuse or fraud.

The transaction details logged, and reports are generated for accounting, control and
auditing purposes.

What was the result of properly implementing technology?

Since the system has been deployed, it has had significant effect for the Chiniki Reserve.
It has increased user satisfaction, and user exception (Costs were ranging up to $6000.00
per day prior to implementation).

As a result of the adoption of technology, the Chiniki Reserve has reduced daily costs to
roughly $1200.00 per day, or put another way, a reduction of approximately $125,000 to
$140,000 per month in expenditures by the band. Additionally, the Alberta Government
reduces exemption expenditure by roughly $14,000.00 to $16,000.00 monthly in
exemption rebates.

There are approximately 56 First Nation reserves in Alberta, and by extrapolating based
on the numbers aforementioned, and dividing by two, one can quickly see that the fraud
from Band administration services could easily reach into the $5 to $10 million per annum
range for the respective government.

Using this same formula and assumption applying to Saskatchewan and any other
provinces' retailers, that could result in multi-million dollar revenue and subsequence tax
lost per annum otherwise could be recovered through effective control.




                                             31
Conclusion

Wiz-Tec is an expert company in automation. No business is too small or too big. With our
Wiz-Tec recommendations, quality products and service, Wiz-Tec will always achieve
what it is designated to do. Combining secure mag-stripe card, with real-time Pin number
validation and product/limit restrictions, it works and performs effectively just as it was
designed to.

This site has tried to gain control of its bleeding with other POS vendors (who currently
have deployment in a majority of Saskatchewan sites), and continued to have close to $1
million loss annually. Using Wiz-Tec's POS, quality services and expertise to catch several
clerks and one manager at theft, they are enjoying about $1 million in annual profit. To put
simply, software and products mean nothing without accountable people, expertise and
quality service backing those products up.




                                            32
 Chapter


  3
Understanding and Identifying the weakness
in an ITE program

       When one takes into account every aspect of a policy and implementation that could result
       in direct, indirect, or other financial means of benefit are the subject of fraud or abuse.
       Then certainly there will not be an exception in the Tax Exemption program.

       •   Not using nor validating by retailer for identification cards
       •   Manual Entry of "borrowed" Identification Cards
       •   Getting around the "policy" and "limits" by individuals and retailers for excessive
           volume of purchase
       •   Using fake cards which can be easily made at minimal cost
       •   Intentionally and unintentionally making false claims by means of purchase entry at
           POS, or by altering the non-protected plain text claim file. This is a serious security
           threat, and could result serious fraud costing millions and becomes extremely difficult
           to prosecute


       “Every police enforcement agency will tell you the number one crime in terms of
       complexity for prosecution purposes is fraud”


       The Customer

       Non-qualified Indians may purchase tobacco or fuel while on reserve and obtain the
       exemption. The retailer is not in the business of tax policy enforcement (nor do they
       receive any benefit by doing so), and is the primary beneficiary of the sale. Thus the
       retailer is subject to audit in questionable circumstance, such as invalid tax exemption
       activity.

       Experience shows us that in the initial Nova Scotia deployment, as well as in years of
       Alberta ITE implementation, that manual card entry and transferring of the card number
       usage is frequently a target for abuse.

       Note, Wiz-Tec proposes an effective low cost mag-stripe card with extra coded security
       features, working together with a reliable independent POS devices, and alternative Pin
       Number identification for exception entries). It is the first line of defense, with accurate and
       reliable machine enforced identification validation.

       The Cashier

       The typical retail business deals with up to 15% (or more) cashier associated abuse, theft
       and fraud. This would result in illegal product distribution and tax loss. Tobacco and fuel


                                                      33
are typically the highest target products that might be subject to theft. The cashier is also
the conventional manual purchase validation point, which must be deemed unreliable and
ineffective.

At a minimum, the cashier will gain better job security and indirectly benefit from profiting
retailers, and to the maximum, could be competent in committing electronic or other
means of sophisticated fraud.

Note: over the past years, we have helped many of our retail owners with employee theft
and fraud. We have caught dozens of serious thefts, and it started from as early as 15
years ago with our very first retail customer (Shell site losing $500 per day). More recently
Sobey's, who run a store at an Indian Reserve, were informed of a $11,000 per week theft
occurring. and as large as $14,000 within 20 opening hours (Independent, Indian
Reserve), to as little as giving free gas to friends (Centex, $400/week).

We've designed our products to have the highest security and validation standard
available, combined with our extensive experience, skills and expertise. As a result, our
Merchant Server, POS and Pinpad has and will continue to perform above expectation.


The Retailer

Because the retailer is the direct receiver and primary beneficial party of the tax rebate,
minimum dependency and maximum allowable control should be put in place to effectively
prevent possible abuse and Fraud. There is practically no money for an independent in
fuel sales for example, and the temptation to commit fraud is strong as a result.

As previously mentioned, selling products is the primary business and interest of the
retailer. In addition to conventional methods of carrying invalid tax exemption sales and/or
mis-reporting of tax exemption sales and purchases, -- some retailers could also gain
benefits from black market distribution. These black market activities range from smaller
scale "wholesaling" to high volume bulk "distribution".

Note: In addition to secure and reliable validations using independent POS devices with
enforced card and Pin identification security, our Merchant Server system will log and
monitor both retailer sales and purchases, and can further enforcing cashier and retailer
Pin Number entry as an effective means of monitoring and validation.

The delivery truck

There are reported occurrences of truckers stealing from either the retailer or
wholesalers…or both. Lack of information collection makes it difficult to track this theft.

Fuel deliveries for example, are subject 5% tare lost. However new technologies are
hitting the market which help reduce this number. The dilemma is that they are horribly
expensive, and out of reach of most retailers. Typically, only major players in Gas Retailer
environments can afford the cost, and understand it in relation to their bottom line.

(Note: our POS and Pinpad systems can capture product receiving, especially on fuel.
The system supports tank level dipping measurement of delivery. Delivery #, invoice #,
Trucker # and quantity can be optionally enforced at the Retail level as an effective tool to
eliminate trucker theft which is a primary benefit for the retailer and wholesalers. In the
case of Tobacco, we simply have the UPC’s scanned into the system, and the Merchant
Server tracks the sales based on the delivery information from the retailer, compared to
the delivery information provided the Government)


                                              34
The wholesaler

Like the retailer, the wholesaler is not in the law enforcement business, and their primary
interest is to sell products. They are typically off reserve and are closely controlled and
audited by the government. There may a temptation for smaller players who have at least
tacit knowledge of occurrences on reserve (at least the known documented occurrences in
relation to their business), to take advantage of the systems in place.

Note: Wiz-Tec has designed and could implement a mechanism in place as a tool for
balancing between the wholesale distribution and the receiving retailer, thusly providing
effective control in the elimination of possible failure in the product distribution portion of
the fuel business.

Gaining control at the wholesaler level also indirectly controls the retailer by restricting
some product availability.

Note: our Merchant Server can capture wholesaler/distribution data that can be used
against a retailer purchase/receiving specifically for this purpose.

False claims and electronic fraud

There are sophisticated fraud cases, which can range from something as simple as
making bulk volume false claims, to situations as complex as electronic fraud. Any
individual with minimal knowledge and some experience in the business can easily
achieve both methods of fraud under the existing design of the SITE and AITE programs.

This could be something as simple as replicating the barcodes used in the AITE program
and replicating them at the time of purchase by an off-reserve person. To gathering the
treaty number of an out of province Indian visiting Saskatchewan and saving it for later
use. There is always the potential of the POS company to become involved in a larger
scale scam, simply by writing a piece of code into the transaction sequence.

With defective designs, over time, these cases will (and based on our experience are)
happening, and will continue to grow. Such cases are hard to catch, extremely costly, and
impossible to prosecute.

Note: Merchant Server has designed and implemented key based digital signature and
data encryption technology.


So then, from the fore-mentioned, it is fairly obvious that there are many ways to defeat an
ITE program… we have only mentioned a few in this document. The goal here is not to
be concerned with sophisticated criminal attempts on the system. They are inevitable,
and no procedure, no security, no barrier in the world will keep a sophisticated criminal
from attempting to circumvent your system if the dollar value exists to make the attempt
worth the effort.

In order to combat the sophisticated criminal, you must begin by making your ITE program
defensible against the casual abuser. The casual abuser is an abuser by circumstance.
They know they can abuse the system, they know its almost impossible to catch them,
and they know there is no real punishment for being caught, therefore why not? By taking
the casual element out of the mix, the ITE program then sets itself up to uncover the
sophisticated abuser.


                                               35
Card Mechanisms and a Brief background on how they work

      Indian Identification Card (for tax exemption


         In Alberta, the Indian Identification card (status card) is an essential component of the
         program. The conventional method has treated the "status card" as a way of
         enforcement.

         It is a known abuse and failure point, because of unreliable plastic and barcode or
         mag-stripe encoding as well as reading device failures. The security feature provided
         has been "out dated" and can be easily broken or reproduced. The only effective use
         of these ID cards are for "information collection" purposes like in Alberta, without a
         very effective mechanism of enforcement.

         (Note: As mentioned previously, information in and of itself is not necessarily a
         commodity. If you are unable to effectively “enforce” as a result of the information,
         you are in a situation where you essentially “know” there is a problem, and you have
         not the ability to exert substantial influence.

         This particular card mechanism provides no true substantive means of control, and in
         cases where it is implemented, it is more the level of competence in staff than in the
         process, that forgoes loss to the province. This, while certainly laudable to the
         respective finance departments, is subject to change, and staff coming in are not
         always quite up to the level of those departing.)

         Alberta uses a plastic "white card" (so called tax cards, which is a15 year old
         technology) with 5-6 digit numbers. The numbers are frequently "reused" (transferred)
         and otherwise "abused".

         In an attempt to eliminate "manual" card entry to battle possible abuse, the Alberta
         government started to implement "barcode" stickers and a retailer carries a procedure
         to attach a barcode to each "white card".

         (Note: It is still a serious battle to administrate these cards and barcodes as well as
         enforce scanning in place of manual entry, and its success in the long run is
         unquestionably debatable. Not to mention these cards are often carried by
         individuals, and the barcode (30 year old technology) has a 6 to 24 months average
         life span. Administration of these cheap plastic cards is much higher due to wear, tear,
         and loss. Additionally, as a result of their lack of durability, this card often results in
         high scanning failure ratio’s and lower barcode enforcement. The consequence of this
         is that manual entry must be allowed in POS systems and as a result, it becomes a
         point of failure.)

         The Alberta government also experimented using UPC-A types of 10 digit bar codes,
         which had the unfortunate result of conflicting with UPC/ISO standards. That resulted
         in random scanning problems where the POS recognizes a tax card as a product, or
         mistakes a product as an Indian status card.

         (Note: this card implementation has a good chance at becoming a legal matter of
         liability, which given sufficient time could become potentially significant)
         .




                                                  36
Example of a Barcode Identity card




Picture ID


Nova Scotia uses the provincial "driver's license" with special track 3 encoding of "Indian
Status" identification. It is a much higher quality plastic card with mag-stripe special track
encoding on the back of the card that our POS product decodes and recognizes.

Mag-stripe cards have about a 2-5 year lifespan, and up to a 5% fail reading rate (thus
manual entry must be allowed). There were many occurrences where abuse of "manual
entry" occurred, and Wiz-Tec is now recommending prompt entry of "issue date" and
"expiry date" (both printed on cards) making it as difficult as it could be for manual entry
abuse.

Despite this, the current "drivers license" insisted upon by Nova Scotia (for easier central
administration) practically eliminates tobacco exemption and denies purchases without
driver's license.

Our POS/Pinpad solutions and our Merchant Server system can deliver an alternative "tax
card" as well as "federal Indian Status cards" (in pilot), which will support them in the
future. Nova Scotia track 1 and track 2 mag-stripe encoding also has usage conflicts with
the ISO standard, where upon scanning, some cards are recognized as "American
Express" or "Dinner Club". Wiz-Tec was aware of this in the pilot, and the customer was
warned and provided special POS coding and procedures to avoid these possible
conflicts.

    (Note: Wiz-Tec believes the Photo ID experiment to be the wrong methodology to
    employ in card administration.



                                              37
    The problem was in the policies of the credit card companies, which was to have the
    clerk, when identifying a person who did not belong to the card presented, seize and
    cut the card up. One would have thought it obvious that certain people would not
    necessarily appreciate this, and the result of their ire at the actions of the clerks ended
    in violence.

    The first mistake here was the expectation that the store clerk could be utilized as a
    method of enforcement and a deterrence to fraud, which led to the second mistake of
    having to assume the liability when violence did occur, as a result of the card
    companies policy. The card company forced this implementation upon the retailer,
    therefore they are culpable for the injury of an employee enforcing their policy.

    In the case of Nova Scotia, the problem with using the Driver’s License is that not all
    people who might be purchasing Tobacco products necessarily drive. Coupled with
    the policy of “no card, no exemption”, that Nova Scotia embraces, it essentially
    eliminates the card for usage in tracking tobacco product sales.

    Additionally, the card is a form of private information, and usage could be construed
    as an involuntary surrendering of personal information under the privacy act. The
    store that a participant is buying fuel or tobacco at only needs to know the customer is
    eligible for exemption, they do not need to know the details of the persons vital
    statistics.

    This has not yet been tested in court, but with First Nation Members, who are well
    known for guarding their privacy, as the participants in the program… its only a matter

Example of a Mag-stripe card




Smart Card Technology

The smart card is one of the digital icons of the Information Age. Smart card technology is
being applied in various ways to facilitate trade, gain access to services and products,
verify identity, and establish and influence relationships. The Smart Card is called such

                                              38
because the card has an embedded CPU and smartness of security and encryption,
which is different than conventional memory-chip based cards generally referred to as IC-
Cards.

In the UK there have been many applications, for example, the electronic purse - Mondex,
the Shell loyalty card and the Social Security Benefits Card. Similar examples can be
found in different parts of the world. In Spain a smart card has been introduced for benefit
payments and access to government databases. A smart patient data card is being tested
in a region of the Czech Republic to replace the paper-based system that had limited
capacity, was inaccurate, labour intensive to maintain and open to widespread abuse.
Two million smart cards have been issued to the poor in Mexico for distributing food and
cash benefits.

A recent study found that 27% of smart card applications were within banking, 18% within
health and welfare and 15% within transport.

Smart cards have three broad functions; authentication, storing value and storing
personalized information. Authentication is concerned with ensuring only authorized
individuals gain access to systems and buildings. A smart card can be used as an
electronic purse to store units of value in different currency denominations as well as credit
and other units of value such as bonus points or air miles. Values can be replenished on a
smart card. The smart card can also be used as a portable storage device independent of
some fixed location and with the capability of holding a large amount of data of different
forms and for different purposes but usually of a personal nature.

Clearly there are beneficial outcomes from the application of smart cards. Realizing these
benefits, both for individuals and organizations, may well profoundly change the
relationship between clients or consumers and suppliers or government bodies. A smart
card that is your passport, driving license, credit and debit card, access to your place of
work and your car ignition key will undoubtedly alter relationships due to potential
uneasiness about what data is held, accessed and modified.

Such cards are already being piloted. For example, in South Korea a national citizen card
is being introduced which is used as a driving license, identity card, pension card and
medical insurance card.

Some of the potential benefits of smart cards are:

•   Using smart cards is safer than carrying cash for an individual

•   Smart cards can improve access to services for the disabled and elderly

•   It is a secure means of authenticating the identity of reader device

•   It is a portable and secure store of information available to all

•   Access can be made available in geographical locations where on-line
    communication is not possible

•   The opportunity of fraud is reduced using smart cards

•   Social disadvantaged groups can gain access to facilities and resources without
    feeling stigmatized

•   Objective selection criteria can be upheld and the risk of bias or favoritism reduced


                                              39
There are however potential pitfalls for individuals and society in general regarding smart
card applications and these include:

•   Smart cards lead to a loss of anonymity

•   Pseudonimity can be mistaken for anonymity as card schemes indirectly hold
    cardholder identity

•   Smart card schemes could lead to a reduction in the provision of non-smart card
    facilities and so affect freedom of choice

•   Smart cards can reduce access to services and resources for the technology illiterate
    or technology wary

•   There are difficulties in viewing personal data by card holders

•   Smart cards can result in significant invasions of privacy

•   Profiling and tracking of individuals can occur

    (Note: Given the cost of deployment, and the stigma associated with a government
    smart card, it is unlikely the First Nations members would warm to the card.
    Additionally, beyond verification, it has little use in a program such as ITE as it is not
    designed to transmit the data it collects, and would require significant investment to
    achieve the same principles. Although the Smart Card can be used as the most
    effective identification card at high cost, it's primary use is "cash-on-card" type of
    serverless distributed applications, thus it is not suitable for Tax Exemption programs
    which require server and transactional data capture)


I-button Chip

    The ultimate choice of card is the electronic chip called "I-button". It has 100 years life-
    span, is manufactured with a unique serial number (8 digits, up to 128 digits),
    dirt/water/temper and magnetic resistant metal case, key-chainable, 99.99%
    successful reading rate (3 attempts, 0.5 sec minimum contact time)…

    Once issued, the most (if not only) possible replacement reason is if its reported lost
    or stolen, which happens much less than the incidence of damaged plastic cards.

    Cost per memory chip based cards similar to "i-Button" is higher (about $4.5CDN cost
    each on 1000 lot purchased), but when compared to the typical plastic card
    administration of a mag-stripe card at around $12.5 to $15 per card per year. The
    effective administration cost of I-button is slightly lower ($6 to $10 per button per year),
    yet the possible abuse, damage, lack of transferability and significantly better reliability
    makes it the most effective "enforcement lock".

    Although Wiz-Tec would recommend the chip-on-card or i-Button solutions, at a
    minimum Wiz-Tec suggests a mag-stripe encoded high quality plastic card.




                                              40
Items to consider to assist in Card Management

Manual entry of card numbers can be very effectively controlled with mag-stripe by issuing
a "charge back if manually entered" policy (because mag-stripe can deliver a 95%
successful reading rate). The transaction must be signed, mailed and manually claimed
which created complex procedures and difficulties for the small percentage that does not
wish to comply with the policy). When allowed, the most effective identification control
would be Pin number entry. Wiz-Tec's flexible "Pinner60" technology and implementations
(associated Agent Server hosting), server based real-time device level identification can
be effectively achieved.

Individualized capped purchase limits should also be used. This was likewise suggested
and used in Nova Scotia, and has been a very effective way of eliminating customer and
retailer oriented abuses

During initial implementation and deployment, each individual limit can be set at a higher
number. Future policy can be predicated upon data analysis, (e.g. automatically set as
120% of the last 12 months average usage) and altered (to target some extremely high
volume purchase) with charge back policies. One might require signatures, and manual
or paper verification to assist auditing, even temporary suspension)

For some high volume fleet, band, or business types of purchase, with our real time
solution, a selective "Pin Number" verification (as if an electronic signature) may be
effectively enforced. Furthermore Wiz-Tec has been piloting a "Pay at the Pump" based
machine enforcement technology, that resulted in an estimated $60,000 to $150,000 per
year possible tax revenue recovered at one single location.

For "out of province", and "lost” or “stolen" member cards, manual entry can be allowed
within 24 hours (or a period of time that can be later regulated) where retailers must
capture another form of ID, or obtain phone authorization (if not using a real-time solution)
otherwise the retailer is subject to a "charge back".

This is the best "key-lock" enforcement technology one can put right at the POS, at lower
cost, effectively making the government a pioneer in technology and frontline
enforcement, that is the best of class for the whole country.




                                             41
Understanding POS (Point of Sale Systems) and ITE

The current implementation has a fundamental flaw. It was primarily designed to ease the
administration process as well as the cost of the tax claim/rebate for Indians. Such
implementations, even with multiple certified POS vendors, created a policy dependant on
the POS system, their performance and sustainable service quality. Also, these POS
systems are very costly, especially to provide a mere 50% solution, which in turn makes
the policy control and enforcement only a "half foot in the door".

Additionally, the market size is limited, thus when its close to being filled, the POS vendors
may have difficulties dedicating support to the existing systems, and thus may threaten the
whole government ITE programs ability to operate.

The current interface file specification is old and lacks in security, against even non-
technical hackers. Our Merchant Server system (deployed with the Nova Scotia program)
has "digital signatures" on every transaction, as well as the merchant identifier, specifically
targeted at prevention of electronic fraud.

(Note: Merchant Server will closely monitor and report daily on any possible data or file
tampering, and is a very effective mechanism for the elimination of possible retailer fraud.
In addition, having other wholesalers, and retailers receiving information allows balancing
both to become a whole control mechanism, closing the circle as it were)

With the "end-to-end" solution proposed, Wiz-Tec will also provide a much lower cost real-
time solution. This will permit the government of Saskatchewan to create and enforce the
policy that every retailer must, at minimum, use the PinPad for ITE transactions. It would
be even simpler for the government to purchase and give away these PinPads.
Otherwise, there will be a cost of $50/month to $75/month for leasing to the retailer, as a
cost of business.

This is very reasonable for retailers to carry, and is far cheaper than the labor cost of
manual/paper claims. A Real tiime solution combined with our Merchant Server also gives
the government the maximum, direct control mechanism to further enforce rules and
regulations, with optional and selective Pin Number verification, real-time rejection and so
on.

Understanding Transmission and ITE

Transmission is a mission critical component of an application like an ITE program, without
which SAP runs are not timely, nor accurate. A successful program recognizes the
importance of a bulletproof method for transmission,

The program should support both server initiated conventional batch mode processing as
well as client initiated real-time processing mechanisms. Additionally the following should
be considered:

•   It should support conventional phone/modem dial up, as well as moderated VPN
    solutions

•   It should support DSL/Cable/PPP and wireless based internet/public network
    passthrough with maximum key and data encryption technology. This is the future,
    and within the next few years will definitely become the standard technology to use for
    the next 30 years to come



                                              42
•    All data transmission (batch or real-time) should digitally signed to avoid electronic
     and manual fraud. Additionally, deemed critical retailer and card holder information
     should be digitally encrypted.

•    In batch mode processing, there must be an extremely reliable and fully automated
     ADR (Automated Data Retrieval) server, similar to the one currently deployed in Nova
     Scotia. It should be extremely robust, fully self recovering, and it should have an
     expectation of performing at better than 99%, with maintenance and operation free
     performance.

(Note: To ensure 100% uninterrupted retail operations, with consideration of possible
communication failures, offline processing or so called SAF (Store And Forward, terms in
banking industry) should be allowed under a different set of pre-designed rules. Merchant
Server fully supports SAF in its design and implementation)

Understanding Policy and ITE

For the individual:
1)       To assist the Finance department in controlling abuse by off-reserve
         purchasers:

         The new policy is not about control of First Nations Members, or about denying
         those members from purchasing tax-free goods. It is about non-First Nations
         individuals abusing or pretending to be members of the First Nations to receive
         tax-free goods.

         This is an issue of the “common good”, which costs all tax-payers money. In
         contrast to the existing system, the new system will better ensure that First
         Nations members and their retailers are the only beneficiaries of tax exemption.
         This essentially reinforces their distinct identity, and their special status rights as
         the First Nations.

         The new program will be the most accurate and reliable way to ensure this. The
         old system has been problematic and less reliable. It is not about restricting the
         legitimate members of First Nations, rather to eliminate non-native purchasers.

         This actually serves the First Nations better, both physically, and in political
         mileage, by presenting the First Nations as willing to ensure that the taxpayer’s of
         Saskatchewan are being protected from fraudulent abuse of the treaty rights.


2)       To better facilitate the management of individual claims and limits, which
         will in turn more adequately reflect usage by the individual claimant:
         Essentially, the new SITE program will allow the Government to abandon the
         quota system… which is the primary bone of contention stimulating lawsuits.
         There will be no need for a universal policy with limit restrictions (e.g. 3 carton per
         week), but rather a system based on individual needs and usage (Individual
         quota’s). The new program puts the Government in a position to provide as much
         as an individual requires to satisfy their needs, without allowing non-First Nations
         to piggy back on claims.

         So in essence, the Government might have a claimant who smokes 4 cartons a
         week, and another who doesn’t smoke at all. The Government is now in a



                                               43
     position to say “We recognize that you as an individual smoke 4 cartons, and we
     will allow you to purchase 4 cartons a week”.

     With the non-smokers exemption, the Government can say “You do not smoke,
     and you are not showing up as a purchaser of cigarettes, therefore, to guarantee
     that your exemption right is not abused by others, we are placing your purchase
     level at 0 cartons per week. This does not mean you cannot buy tax exempt
     cigarettes, but you will have to let us know your intention.”

     The Government could run into an issue of an exempt non-smoker using his
     exemption for others, and if they are First Nations members, the Government
     simply tells the non-smoker to have that individual call Sask. Finance and request
     an increase in their weekly limit. If the individual is using their status right for
     someone off-reserve… they simply won’t phone, or they won’t phone back.

     In addition, special purchases for the Band and their special activities are better
     handled. The Band can purchase for special events as one-time purchases
     simply by notifying the Government of the one-time purchase ahead of time.

3)       To insure that the individual band member is provided the correct tax
         exemptions within the scope of their Treaty rights.

         When a band member has a track record of purchasing 1 or 2 cartons a
         week, the excess of that individuals quota becomes a target for a retailer
         aware of their consumption. Reserves are typically no larger than a town, so
         understanding an individuals buying pattern is not really that difficult.

         The Government, using historical data from the new system, can identify the
         atypical usage of an individual, and move the system limits down to ensure
                   rd
         that the 3 carton of cigarettes is not being purchased fraudulently.

4)       To provide accountability to individual First Nations members should a
         dispute arise:

         Essentially, as a result of being able to manage the consumption of Tobacco
         and Fuel products at an individual level, the Government is in a position to be
         completely accountable to the individual First Nations member.

         “I went to buy a tank of gas and my limit showed over, why”? The
         Government replies back, you purchased 140 liters of fuel in the morning,
         and came back to fill up 150 liters in the afternoon… how did you burn 140
         liters in several hours?

         “I went to buy a tank of gas and my limit showed over, why”? The
         Government replies back, “you purchased 150 liters at 9:am this morning,
         and your card was presented at 10:am 30 kilometers away at another site for
         150 liters. Can you explain this please…?

         Perhaps the Indian was filling his tractor the second time, or was it his white
         friends truck? Regardless, the system provides instant dispute resolution…
         the First Nations member can be given a one time exception so he can fill his
         tractor up, even if in fact it was his friends truck.

         The simple fact that he was called on it in the midst of the purchase will most
         likely prevent it again. Most importantly, the Government has responded to
         his need, and there is no dispute. The Government can inform him that he

                                         44
              will get the exemption increase today, but that if its something he requires as
              an ongoing thing, he will have to submit evidence of usage to receive a
              permanent increase, and the Government will be able to go back and audit
              his purchases in the future should they choose, simply by requesting his log
              and receipts for a given period.

     The Government never said “no you cannot have this”… rather the Government is
     saying “Tell us why?”. This is the proper role of Government as the protector of the
     revenue purse.

5)   To protect the right of a First Nations member to their privacy, and accord them
     the means to protect their exemption limits from others who would take
     advantage of those rights.

     By going with a Mag-Strip card, or I-button, with a PIN, the individual is no longer
     surrendering up their treaty right information, and any abuse of that information can be
     tracked back to the retailer.

6)   To provide the individual claimant with a path of resolution should
     disagreement arise:

     If a dispute arises, the individual simply has to engage the Government to seek
     resolution. If a limit is to low, they justify why they need an increase. If the limit is to
     high, they can request a lowering. If one person buys for many, the many can
     surrender their needs over to the one, all they have to do is ask. They do not need a
     lawyer to protect themselves when denial never occurs in the first place.

         What is the advantage to the retailer:

1)   To create an environment which promotes diversity in technological decisions. (Not
     limiting the retailer to only two or three POS vendors, but rather letting them shop out
     to all available providers)

2)   To assist the retailers in identifying the proper individuals for entitlement by taking
     away the pressure of requiring them to properly identify the purchaser. (by using a
     pin-number scenario, the government effectively takes the policing of the program
     away from the retailer)

3)   The new system, as a result of automation and a bullet proof data retrieval system,
     would remove the Sask. Government from the day to day operations of the retailer,
     and ease up the need for a more micro managed system to exist.

4)   To remove the onus of responsibility from the retailer and their staff when a claim is
     not accepted. A user who is denied… is denied. The retailer has no control over the
     situation and cannot aid the purchaser. All the retailer can do is refer them to the
     Sask. Finance department. The purchaser and the retailer are helpless in denying the
     device. It makes no exceptions, and finds no fault. It either excepts the purchase for
     exemption or it doesn’t.

5)   The retailers will get their cheques faster due to an automated reconciliation process.
     Those cheques will be for the right amount, and the retailer can even be given a web-
     login to find out how much they are due on the next remittance.

6)   The retailer will not have to reconcile the PST component anymore either, as the
     system will take that component of the transaction into its account of the transaction…
     releasing the retailer from remittance issues to the Government for the purpose of
     PST on first nations individuals.


                                                45
7)       The retailers will get advance replacement of equipment should problems occur,
         instead of waiting for Service and support to arrive.
     What is the advantage to the Band itself;


1)       By entering into agreement with the Sask. Government, the band insures that its
         members are accorded all of the treaty rights due them, without prejudice, or
         interference.

2)       By entering into agreement with the Sask. Government, the band will no longer have
         to deal with the complaints of individual members, as a new, more effective resolution
         path will be created. This is a path, which is transparent, and accountable to the
         people of Saskatchewan.

3)       By entering into agreement with the Sask. Government, the band will provide its
         retailers with new technological options at their stores. The retailers will be able to
         take advantage of the program, without being held hostage to a few select POS
         vendors.

4)       By agreeing to this program, the Band can show the program as a political victory to
         its members. Everyone likes looking good.

     What is the advantage to the First Nations as a whole;

     The First Nations can stand up and state clearly to the rest of the nation that measured,
     negotiated, and principled solutions can be achieved inside the Crown. This can be held
     up as an example of concerned co-operation between two governing bodies.




                                                   46
 Chapter


  4
Wiz-Tec’s Solution “The Merchant Server
Program”
Introduction


       Wiz-Tec proposes our successfully developed and deployed Merchant Server to be the
       solution. On top of reliable and fully automated claim captures, with many industrial
       strength advanced technological implementations, Merchant Server is specifically
       designed for control applications against misuse/abuse and fraud.

       Merchant Server was first developed and demonstrated in 1998. It is Wiz-Tec's exclusive
       solution specifically designed for secure authorization and capturing applications. Put in
       simpler words, it is a credit and debit card processing server with many advanced security
       features beyond any existing current industry implementations. While it is similar to what
       Visa and MasterCard are planning to deploy by 2010, it has implementations that reach far
       beyond those standards as well.

       It has been marketed for fleet card (private label credit cards) and loyalty program. It was
       first successfully deployed in Nova Scotia for Indian Tax Exemption Program. The primary
       benefit of Merchant Server is to provide maximum allowable secure controls against
       misuse and fraud to deliver the most effective means of payment or claim authorization
       and capture.

       Under the conventional concept of "control" (including the gun control program) there is
       the implicit assumption that people will follow the law. The law makers (government)
       make the law, the police enforces the law, and the lawyers dispute the law.

       It goes without saying that for every law that has been broken, the majority of law breakers
       will not be caught. When someone is caught, they can be successfully prosecuted, but
       only after costly dispute resolution (Trial). The most effective control can only be achieved
       by enforcement prior to the law being broken.

       Under normal human psychological interpretation and social behavior, "the law is not
       broken unless I get caught" and further to the point "if I am not likely to get caught and
       punished, then is no law to break".

       Frankly speaking, with so many laws and policies from speeding and parking, to filing for
       tax deductions or rebates, the majority of the population becomes a "defacto" criminal.

       Post enforcement by police and lawyers is extremely costly and its effectiveness is
       definitely debatable, but it is the only game in place for law enforcement. That is why it is
       more logical to conclude that enforcement must be via "prevention” not “punishment" to
       reduce crime.


                                                     47
Merchant Server is Wiz-Tec’s answer to the ITE issue. The most effective means of
control (prevention) of any policy or law is to develop a independent "machine" that will not
negotiate nor be capable of being flexible (see case study #4). A machine will not argue
or dispute a situation. It does not have human opinions, or the ability to create
interpretations or give considerations, and it does not make "human errors".

If every car had a "machine" to control the vehicles speed based on road speed limits,
there would not be any speeding motorists. In the case of a claims orientated program
like the ITE programs, Merchant Sever is the "machine", which provides the control.

In relation to an Indian Tax exemption program, there is no substantial difference from a
credit/debit payment systems when there is significant money involved. Unlike a
credit/debit system, the government faces several unique dilemmas when implementing a
program,

1. Under treaty rights, the eligible Indians are entitled to tax rebates:

    (Note: the government made the tax exemption and rebate programs like SITE, under
    the assumption that this is the law, and the law is for everyone to follow)

2. When abused, eligible Indians could benefit from reselling their purchases

    (Note: SITE is still working on the assumption that individuals will not break the law)

3. Non-eligible individuals could benefit from purchasing tax free for personal use or
   resale

    (Note: If there is a chance to abuse a system, people will find a way, therefore it is a
    wrong assumption that individuals will not abuse the system

4. If the potential for abuse exists, the retailers (who, because of more protracted
   exposure to the system) could benefit from selling to non-eligible individuals to
   increase retail distribution. They can further profit from re-distribution to other non
   eligible resellers

    (Note: It is the wrong assumption to think that retailers will not be abusive and will help
    enforce the law)

5. Under fraud situations, people and retailers could make false claims (without selling
   the products) and receive signification amounts of tax rebate as a result

    (Note: wrong assumption that there is no or minimum possibility for criminal fraud)

6. Product suppliers could gain competitive benefits from larger product distributions.
   Illegal distribution to non-eligible retailers could also occur

    Merchant Server for ITE program will effectively address these dilemmas
    because of the following factors:

1. Merchant Server does not rely on individuals or retailers to follow or enforce the law
                                                   rd
2. Merchant Server does not rely on complex 3 party POS functions to mis-interpret the
   law




                                              48
3. Merchant Server provides effective measures to identify eligible individuals including
   card level security and PIN identification

4. Merchant Server provides Realtime (or batch) validation of each transaction before
   the transaction occurs

5. Merchant Server provides effective data encryption to prevent fraud

6. Merchant Server Minimizes the operational cost through reliable and redundant
   automation

7. Merchant Server minimizes the cost of enforcing the exemption limits by automation,
   rather than by expensive non-effective auditing and penalties which are after the fact

8. Merchant Server minimizes possible disputes by prevention, rather than prosecution

9. Merchant Server allows the policy makers to gradually implement and enforce the
   exemption limitations, and this has minimum impact over the entire population
   (Spares one the political battles)

10. Merchant Server allows for gradual migration and future implementation of new
    policies to be enforced

Wiz-Tec will customize and implement Merchant Server based on the exact government
specifications and needs.

Giving the data and limited information we have gathered, Wiz-Tec believes that the
current SITE implementation is very vulnerable, with minimal control and security
measures in place. The cost benefit to implement Merchant Server would be very
significant, to the extent that millions of dollars each year can be saved and the cumulative
dollars over a 5 year period would be profound.

The RFI specification requirement of real-time authorization and capturing is one of the
most important first steps. Based on our knowledge and experience, in order to achieve
the most effective control and cost benefits, we must reference to the costly evolvement of
credit and banking industry, as well our success in the Nova Scotia ITE program, we
made many Wiz-Tec recommendations that could be very valuable.


Merchant Server for ITE

A law is only good when it can be effectively enforced. The "machine" used to enforce the
law is only as good as the people who designed them. For years, Wiz-Tec has understood
the deficiencies in the industry, understood the "law" as it pertains to an exemption
program, and understood how the law could be "broken". This results in an intimate
understanding of how an ITE program should be enforced, not just now but well into the
future.

Wiz-Tec is the only company in Canada that has designed, tested, successfully
deployed, and proven the reliability of a "machine", the Merchant Server for the
purpose of ITE programs.

Merchant Server has a number of advanced features and implementations specially
designed for reliable claim authorization and capture applications:




                                             49
1. The Merchant Server provides dual balancing for reliable and accurate authorization
   and data capturing

2. The Agent Server ensures data and processing security, to automatically audit and
   settle disputes between processing servers

3. The Management Server archives maximum reliable systematic automation with
   minimal maintenance and operation, and it provides an archive for automatic recovery
   for many critical processing components

4. The ADR Server and its implementations ensure the most reliable communication in
   realtime or batch mode

5. The configurable Pinner60 implementation ensures gradual and effective identification
   security

6. Merchant Server and its associated components provide the most advanced and
   most secure AES with random public key distribution and digital signature, to ensure
   maximum security against fraud, with added SSL/VPN server applications

7. Wiz-Tec provides failsafe and Redundant servers to ensure reliable processing and
   operation

8. Wiz-Tec, by extension, Merchant Server, provide responsible and accountable
   services to ensure reliable support of the entire program. The automatic Epager
   implementation to automatically report errors on communication and database failures
   promotes prompt automatic service responses

9. Merchant Server Program comes complete with database and communication load
   balancing,

10. Merchant Server also provides multiple version and protocol control, over multi-layer
    component design and with advanced remote firmware download to ensure flexible
    migration, adaptability and expandability




                                            50
 Chapter


  5
Conclusion

Why Wiz-Tec

       Wiz-Tec is the only company in Canada with the knowledge and experience in designing
       a program like SITE.

       Wiz-Tec has the product - Merchant Server, which is fully developed and mature, and has
       proven itself in live operation with proven performance and results. Everyone else is pure
       theory to "build to suit". Do you really want to be someone else’s beta project for "trail and
       error"?

       Only Wiz-Tec has proven reliability, performance and success in an ITE application. We
       expect and make efforts on the "unexpected". Furthermore, our work and quality are
       guarantied.

       Wiz-Tec will provide a 100% end to end solution. No finger pointing, no hide and run. No
       issues of dealing with partnerships or combines.

       Wiz-Tec has proven accountability for effective quality service and support, and we
       encourage you to speak to our customers… we have nothing to hide.

       Our pricing is aggressive, the cost is at a minimum, and only Wiz-Tec can say without
       being questioned on veracity, that we can provide the most effective cost saving and cost
       recovery scenario in the shortest time-frame possible.

       Wiz-Tec has the will and desire to achieve complete success (after Nova Scotia pilot) and
       seeks optimal performance in cost effectiveness to market to all other provinces.
       Manitoba, B.C., New Brunswick, Ontario, Quebec and including Alberta which has many
       identifiable flaws

       How would Wiz-Tec assure the success of this program

       Wiz-Tec intends to market to other provinces, and further to extend this program to the
       US, Australia, and New Zealand. It is our business and in our primary interest that the
       program be successful and provide effective cost savings, in order to pursue our corporate
       mandate

       We all know that for complicated criminal cases, the Police rely on “profilers” who
       understand criminal psychology and how it helps to catch criminals. We believe Wiz-Tec is
       the “profiler” in this business. We understand, and have the combined skills and



                                                    51
experience of social science and technical engineering to deploy a proven product and
solution

"A machine can only be as good as the person who designed it". Bear in mind that despite
the complexity of a program like this, Wiz-Tec is the only company in Canada that can
understand it from all aspects. We have already built one for Nova Scotia, and as a result
every component Wiz-Tec designs has multiple redundant measures.

In every specialty industry, each company has its own uniqueness that most engineers
simply do not have all the knowledge and experience to contribute to. I.e. only a very
special percentage of the professionals have the complete skill of "know how".

Even for those who are very knowledgeable and experienced, most engineers design their
product based on "how it should work". There is a huge difference between "how it
should work" and how "it end’s up working in the real world".

How to make something work is only 30% of the battle. There is a huge difference
between "how it works" and "how it breaks". Wiz-Tec has the upscale mindset to
engineer its products based on learning how to break it before it ever goes out the door.

Furthermore, there is a big difference in "how it works today" in relation to "how it
works for tomorrow”.

In this day and age of technology, software and hardware products have become a
"consumable item", that takes only a few months to a couple of years to "consume".

We build our toys for the long haul. We specifically decide how it should work for the next
10-20 years, and long term viability is what the government needs for SITE, and is what
Wiz-Tec is capable of delivering.

Visa and MasterCard battled for over a decade before implementing the costly 2010
standard, which Merchant Server had designed in 1997.

The cost of a good design and engineer is not much higher than a bad one, with
cumulative benefits to gain when something is done right. On the other hand, the cost of a
bad design ends up very high as a result of failures, fix ups, cover-ups, and disputes
between the contractor and the Government.

In particular to SITE, from the information gathered, the government paid out $52 million
last year (where 5 years ago it was only $3 million). If one considers that there are
perhaps 65 thousand eligible Indians, and they all smoke and drive, that is $770 per
individual in tax rebates per year. In our considered opinion with all our recommendations
taken, we believe we can reduce that number by a minimum of 15%, and we are equally
sure it will most likely be reduced by 30% if the Saskatchewan Government lets us help
them. One should further consider the fact that, abuse/misuse of existing ITE program will
continue to grow, and the PST has not been placed into part of the equation which our
Merchant Server will enforce for eligibility identification at the same time.

Wiz-Tec must insure the program's success and cost effectiveness to market to other
provinces. In addition to reliability, Wiz-Tec has to also insure quality service/support at the
lowest possible operational cost.




                                              52
How is the cost structured

Our cost structure includes the cost of products, development invested, hardware,
implementations, management, services and delivery, in addition to room for sustainability
and future expandability. One item worth mentioning is that we invest extensively on
quality control and error/exception handling. In our development philosophy, design and
engineering counts for 1/3, actual develop and implement is 1/3, and error or exception
handling is the remaining 1/3 to ensure quality and reliability. Wiz-Tec does not only want
our products to “work”, but also not “break”. The key to Wiz-Tec’s reliability is that we
make such a good product that service is minimal.

The Merchant Server system we propose is designed for substantial cost reduction with
the most effective control and solutions we can create implemented. It would only exist to
ensure it will benefit the user significantly enough to pay for itself in a very short period of
time, while enjoying sequential savings and effective controls.

Keep in mind that a cost structured on a conventional server based authorization and
capturing system is by no means a simple task, nor is it easy or cheap. The cost of not
having an effectively controlled system in relation to something like the government tax
rebate program, would be much greater.

For capture only systems (non-secure, non-authorization system), like the Airmiles
program, costs reach above $200 million per year. Other loyalty programs like Safeway
and Shopper's DrugMart cost between $40 to $50 million per year... That’s just to run it,
that is not the cost of building it. Even so, they are successful and cost effective in their
market place.

The gun registry program, without even a capture system, has a greater than $70 million
per year cost.

This may sound like a Brick Store sales pitch, but we are so confident that this
system will pay for itself in under a year, we are willing to give it to you for zero up
front. We will cheerfully take 25% of the savings for 5 years after the first full year
of full deployment versus what you spent in the previous year prior to full
penetration.

When is the last time anyone made you an offer like that?

How the Performance and Results are justified

Like we have already mentioned, when justifying a result for a product or solution, there
are common formulas we use to project the outcome:

Design x Engineering x (Quality Control + Risk Management) = Result

Engineering = Development + Implementation + Production + Deployment

Quality Control = Error/Exception Handling + Post Service/Support

Risk Management is commonly the cyclical result of “ re-engineering” and “reproduction”:

Risk Management = Re-Design x Re-Engineering x (Quality Control + Risk Management)



                                              53
When applied to the ITE program, our mindset is for the best possible “Design” and
“Engineering” at the minimum cost of “Risk Management”. Realizing that there is no
perfect “Design” and there is no perfect “Engineering”, we seek to achieve the best
possible result with minimal risk factors. This would be the investment of “Quality Control”.

That concludes our reasons why we weigh “Design”, “Engineering”, and “Quality Control”
as all being equally important (each takes 1/3). A company that does not approach this
type of program this way is cheating or covering up, “Risk Management” is extremely
costly for the entire re-design and re-engineering process.

Using these formula’s, we believe that our Merchant Server has achieved above a 90%
score in Nova Scotia, after consideration that not all the recommendations were
implemented in the design specifications of the province. As referenced, the current
Banking and Credit Card industry is at a score of 95%, the solution and recommendations
proposed for SITE will be targeted for above 95%.

So how do we calculate for the gun control programs score?

Design achieved less than 10%, Engineering receives roughly 50%, and Quality Control
definitely less than 50%. The end result achieved under the poor design would be 2.5%.
Based on the formula introduced above, even 100% of the Engineering and Quality
Control is achieved at maximum possible cost, the best achievable result would still not
exceed the 10% for what and how it was designed for.

The huge cost is due to multiple recursive engineering based on the same poor design.
This results in a program that is 1000 times more costly than originally estimated ($2 billion
versus $2 million). The end result is still at a minimum not really known.

The total cost of the gun control program is not from cost of technology, but from the cost
of very bad design, and the further cost of denial. So, at a maximum the cost of
Engineering, Quality Control and Risk Management, when combined still only achieve 5%.
Essentially the score is reflective of the worst component… it is only “as good as what its
flawed component is designed to be”.

Why not "build to suit" by contractors

 rd
3 party contractors offer services to build applications based on specification. No design
is perfect, which requires engineering not only to compensate but also to assist in design.
The primary interest, and as a result the benefit, of a contractor, is time and money spent
by the customer in the service provided.

Without understanding and knowledge gained as a result of participating in the design,
and without a vested interest in the success of the program, the result means more screw-
ups, and more re-design. This actually means more benefit, increased revenue and better
business for the contractor, at the expense of the customer.

Anticipating imperfection and incomplete planning in the design stage, which is a given,
they also tend to bid low to get into the door first and charge higher when program
dependency is secure. Fair to say that the contractors who did the gun control database
got the most advantage and benefit, clearly the most if not the only winner of all.

That is exactly why and how our infamous gun control program has exceeded 1000 times
the original estimate of $2 million. It has nothing to do the simplicity or complexity of the


                                             54
design, which in this case is less than a fraction the complexity of a Visa or MasterCard, or
even our ITE application. Rather the cost becomes the desperate desire of the designer
in the political battle to show success despite poor planning, and the need to compensate
for that poor planning to justify cost.

Not only does the customer incur the expense of "reinventing the wheel", but also the cost
of "trial and error" which would result when design and engineering could not be
combined.

The American Automobile Association put it best when they stated that rebuilding a car by
a service centre or repairshop cost 10 times more than what the original production cost.

What is the chance that custom designing and building a entirely new vehicle from scratch
by “Canadian Tire” would work, at what cost, than buying a known working one. Will
much larger companies like Waltmart, Microsoft or IBM build better working cars? The
fundamental facts are, saying you can do it is easy, actually doing it is hard. Doing it is
easy, getting it working is hard. Getting it working is easy, getting it to perform and produce
the desired result is hard.

Why not develop internally by departmental IT staff

The main reason is obvious, in that departmental IT staff are not in this industry. As such
it is not reasonable to expect them to truly understand, design, implement and deploy a
solution such as this. Without the combination of design and engineering experience, the
anticipated result becomes the unknown, which becomes a very costly scenario relating
back to the "risk management" of re-design and re-engineering.

When "reinventing the wheel", the costs of learning, trial and error are high.

Not to mention that the credit card and banking industry, each and every retailer's loyalty
program (capture only) in this country realm into the excessive multi-million dollar range.
Safeway's "club card", the Airmiles program, all suffer due to "unique" requirements and
industry competition, they do not have much choice but to custom design and privately
implement. Even so, like the gun control program, many still rely on the performance of
external contract "engineers" to produce the results.




                                              55
Appendix A – References




Merchant Server Direct Contact Reference Names and Numbers:

Service Nova Scotia & Municipal Relations
PO Box 2521, Halifax, NS. B3J 3N5

Whitney Lidstone .
Project Manager
Phone:      902-424-0675
Fax:        902-424-0639
lidstows@gov.ns.ca

Bernard Meagher
PO Box 2521, Halifax, NS. B3J 3N5
Manager SNSMR
Phone:     902-424-3192
meagherb@gov.ns.ca

Frank Moore
Appeals Director / Senior Policy Advisor
PO Box 755, Halifax, NS B3J 2V4
Phone:      902-424-4723
Fax:        902-424-0523
mooref@gov.ns.ca

Service Nova Scotia Registry and Information
PO Box 1523, Halifax, NS, B3J 3N5

Claude Borage
Program Administration Officer
Audit & Enforcement
Phone:      902-424-2829
Fax:        902-424-0702
bordagec@gov.ns.ca

Products and Services Direct Contact Reference Names and Numbers:

Federated Co-op Ltd

Len Andres
Information Services Manager
PO Box 1050, Saskatoon, SK. S7K 3M9
Phone:       306-244-3425
l.andres@fcl.ca




                                            56

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:34
posted:10/21/2011
language:English
pages:57
gjmpzlaezgx gjmpzlaezgx
About