WIPO Arbitration and Mediation Center

ADMINISTRATIVE PANEL DECISION

SMS Passcode A/S v. BioXS International B.V.

Case No. DNL2015-0025

1. The Parties

Complainant is SMS Passcode A/S of Brøndby, Denmark, represented by AKD lawyers & civil law notaries, the Netherlands.

Respondent is BioXS International B.V. of Amsterdam, the Netherlands, represented by Kneppelhout & Korthals, the Netherlands.

2. The Domain Name and Registrar

The disputed domain name <smspasscode.nl> (the “Domain Name”) is registered with SIDN through EASYHOSTING // EASYCOLOCATE.

3. Procedural History

The Complaint was filed with the WIPO Arbitration and Mediation Center (the “Center”) on May 20, 2015. On May 20, 2015, the Center transmitted by email to SIDN a request for registrar verification in connection with the Domain Name. On May 22, 2015, SIDN transmitted by email to the Center its verification response confirming that the Respondent is listed as the registrant and providing the contact details. The Center verified that the Complaint satisfied the formal requirements of the Dispute Resolution Regulations for .nl Domain Names (the “Regulations”).

In accordance with the Regulations, articles 5.1 and 16.4, the Center formally notified Respondent of the Complaint, and the proceedings commenced on May 22, 2015. In accordance with the Regulations, article 7.1, the due date for Response was June 11, 2015. The Response was filed with the Center on June 11, 2015.

On June 23, 2015 SIDN commenced the mediation process. On July 6, 2015, SIDN informed parties that the dispute had not been solved in the mediation process.

The Center appointed Gregor Vos as the panelist in this matter on July 20, 2015. The Panel finds that it was properly constituted. The Panelist has submitted the Statement of Acceptance and Declaration of Impartiality and Independence, as required to ensure compliance with the Regulations, article 9.2.

Due to exceptional circumstances, the Panel extended the decision due date to August 20, 2015.

4. Factual Background

Complainant, SMS Passcode A/S, is a Danish company which provides ICT authentication services.

Complainant is the owner of Community trademark SMSPASSCODE (word mark), filed on February 25, 2007, number 5713425, for goods and services in class 9 and 42, (hereafter: “the Trademark”).

In these proceedings, Complainant also relies on trade name rights in the name “SMS Passcode”.

Respondent is the Dutch company BioXS International B.V., also active in the field of ICT authentication services.

The date of registration of the Domain Name is May 21, 2008. Respondent has been the holder of the Domain Name since said date. The Domain Name redirected to Respondent’s website on which products competing with Complainant’s trademarked goods were offered for sale. Currently, the Domain Name does not resolve to an active website.

5. Parties’ Contentions

A. Complainant

Complainant argues that it offers various products and services which relate to “user authentication”, and that it has been offering these products and services in the Benelux since 2008. Respondent, BioXS Distribution B.V., was Complainant’s first distributor in the Benelux (until January 31, 2014). According to Complainant, it ended the distribution relation with Respondent in January 2014, as Respondent failed to meet its payment obligations under the distribution agreement.

Complainant contends that the Domain Name was registered by Respondent for the purposes of the distribution relationship, though Respondent never had Complainant’s approval to register the Domain Name.

Complainant argues that the Domain Name redirects the Internet public directly to Respondent’s website, which makes it impossible for Complainant to use a domain name that is identical to its Trademark and trade name (which name it has been using in the course of business in the Benelux since 2008, thus establishing trade name rights). Complainant further notes that at the time the Complaint was submitted, the Domain Name was no longer redirecting the public to Respondent’s website, but has done so until at least December 2014.

Complainant argues that Respondent has no rights to or legitimate interests in the Domain Name, as Respondent fails to meet the Oki Data criteria¹ . In this regard, Complainant argues that Respondent does not offer Complainant’s goods and/or services, as Respondent no longer is Complainant’s distributor. According to Complainant, Respondent is instead using the Domain Name in a “bait and switch” fashion. Further, Complainant argues that the Domain Name’s website does not accurately disclose Respondent’s relationship with Complainant. Complainant alleges that since Respondent is no longer its distributor, there is no manner in which Respondent can use the Domain Name other than to mislead the public, as the continued use of the Domain Name suggests that Respondent still is Complainant’s distributor. Moreover, Complainant alleges that the Domain Name’s website still lists Respondent as Complainant’s distributor.

According to Complainant, the Domain Name is being used for commercial gain by intentionally attracting Internet users to Respondent’s website (on which website none of Complainant’s products/services are sold), which shows that Respondent does not have rights to or legitimate interests in the Domain Name. Complainant further argues that the Domain Name was registered in bad faith, as Respondent was aware of the existence of the Trademark due to its distribution relationship with Complainant. Complainant argues that it never gave its permission to register a domain name which is identical to its Trademark. In this regard, Complainant also argues that the fact that Respondent has, at one point, been the distributor of Complainant in the Benelux, does not create the right to use the Trademark as a domain name.

Complainant further argues that the Domain Name is being used in bad faith, as the Domain Name directs the Internet user to Respondent’s website “www.bioxs.nl”. This continued use of the Domain Name after the termination of the distribution relation is misleading, according to Complainant. Complainant contends that Respondent is trading off Complainant’s goodwill by using the Domain Name to attract Internet users searching for Complainant and then to refer these Internet users to Respondent’s website.

B. Respondent

Respondent argues that it is a distributor of authentication products, including products used for authorization and authentication processes which require physical, logical, network and remote access. One of the products offered by Respondent uses SMS as a method for authentication.

Respondent mentions that its company BioXS International B.V. is the respondent in these proceedings, and not BioXS Distribution B.V. (which was in fact the real distributor) as mentioned in the Complaint.

Respondent argues that it was assigned by Complainant as Complainant’s exclusive distributor for the Benelux as of June 2008, until the distribution relation was terminated fairly abruptly in January 2014. According to Respondent, this distribution relation was never formalized by means of a contract (there is only an unsigned draft, submitted in these proceedings by Respondent). Respondent points out that it does not agree with said termination, which was the start of a lengthy and ongoing discussion between parties.

According to Respondent, the Trademark is purely descriptive and devoid of distinctive character in the light of the goods and services offered: all goods and services in Complainant’s trademark registration relate to the security of remote access (software) systems and cloud applications. To this end, Respondent has filed a request for cancellation with Office for Harmonization in the Internal Market (“OHIM”).

Respondent argues that Complainant has no trade name rights in the sign “Sms Passcode”, as Complainant has failed to submit proof that it has used “Sms Passcode” as a trade name. According to Respondent, claiming trade mark or trade name rights in such a descriptive term as “sms passcode” is manifestly unreasonable.

Respondent claims that it registered the Domain Name to retrieve potential clients interested in passcode based authentication. Apart from its former distribution relationship with Complainant, Respondent argues that it (re)sells “Authasas Authentication products”, which products also use SMS as a method for authentication. Therefore, Respondent argues it has used the Domain Name in a descriptive manner (namely, in the context of reselling the Authasas Authentication products).

According to Respondent, the Domain Name’s website has always directly referred Internet users to Respondent’s website. Respondent argues that it meets the Oki Data criteria, as it actually offers the goods/services in question (passcodes provided via SMS) and that as such there can be no confusion between Respondent and (the trademark of) Complainant. Respondent argues that insofar confusion would exist, this is caused by the descriptiveness of the terms involved.

Respondent says that it does not claim to be Complainant’s distributor on its current website. According to Respondent, the print screens Complainant submitted in this regard are outdated.

Respondent argues that it has not registered the Domain Name to disrupt Complainant’s business; it is just that both Respondent and Complainant are active in the same field. By using the Domain Name, Respondent is able to communicate to its clients that it provides products/services which relate to SMS authentication.

Respondent further argues that it has registered the Domain name prior to date of the draft distribution agreement and that Complainant has never contested the registration and/or use of the Domain Name by Respondent until now.

6. Discussion and Findings

Based on article 2.1 of the Regulations, a request to transfer a domain name must meet three cumulative conditions:

a. The disputed domain name is identical or confusingly similar to a trademark or trade name protected under Dutch law in which the complainant has rights, or other name by means of article 2.1(a) under II of the Regulations; and

b. The respondent has no rights to or legitimate interests in the disputed domain name; and

c. The disputed domain name has been registered or is being used in bad faith.

Considering these conditions, the Panel rules as follows:

A. Identical or Confusingly Similar

Complainant has based its Complaint on its Community trademark registration SMS PASSCODE (“the Trademark”) and its trade name rights in the name “Sms Passcode”.

The Panel has established that Complainant is the owner of a trademark which is protected under Dutch law. Although Respondent has started a cancellation action against Complainant’s trademark before OHIM (arguing it is completely void of distinctive character), the Panel holds that the validity of a trademark must be assessed on the basis of the legal status of the trademark at the time a complaint is filed.² In other words, Respondent’s cancellation action does not prevent Complainant from successfully relying on the Trademark in the context of article 2.1(a) of the Regulations. Also, for the question of similarity in the context of said provision, it is not relevant for which goods or services a trademark has been registered for.

Further, the Panel holds that Complainant has trade name rights in the name “SMS Passcode”. Though most of the evidence Complainant submitted in this regard shows use of the sign “smspasscode” to identify the product/service offered by Complainant – which qualifies as use of the sign as a trademark – the invoices submitted by Complainant (annex 7c to the Complaint) clearly show use of the company name “SMS Passcode A/S” in the course of business in the Benelux.

The Domain Name, which incorporates Complainant’s Trademark and trade name entirely, is identical to Complainant’s rights.

The first condition of article 2.1 of the Regulations is met.

B. Rights or Legitimate Interests

Pursuant to article 2.1 (b) of the Regulations, Complainant must make a prima facie case that Respondent has no rights to or legitimate interest in the Domain Name. Based on the arguments and documents submitted in these proceedings, the Panel rules as follows.

The Panel holds that it is sufficiently established that Respondent has no trademark or trade name rights with regard to the name SMS Passcode. However, Respondent claims that “sms passcode” is a purely descriptive term for products which use SMS as a method for authentication and therefore it has a legitimate interest in using this descriptive term for its website.

The Panel agrees with Respondent that (the combination of the words) “SMS” (which stands for Short Message Service) and “passcode” appear descriptive in light of the products offered, as these products use SMS as a method for user authentication. However, this does not automatically mean that Respondent has a right to or legitimate interest in the Domain Name. To have such a right or legitimate interest under the Regulations, Respondent must use the Domain Name in connection with a bona fide offering of goods or services. This is not the case, for reasons set out below.

A trademarked term may be used for its descriptive value, but it is not legitimate to use the term “because of its value as a trademark”.³ In these particular circumstances, the use of the Domain Name in connection with a website of a former distributor of Complainant, which website refers the Internet user to products competing with Complainant’s trademarked goods does not constitute a bona fide offering of goods or services under article 3.1(a) of the Regulations, regardless of the Domain Name’s descriptive connotation. The fact that (i) the Trademark was filed prior to the registration of the Domain Name and (ii) the Domain Name was registered around the same time the distribution relation started, shows that it is most likely that the Domain Name was registered by Respondent in the context of the distribution relationship. In turn, this shows that Respondent registered the term “sms passcode” for the value of the term as a trademark and/or as a reference to (the trade name of) Complainant, and not so much as to register a purely descriptive domain name to further its own business. The foregoing precludes a finding that Respondent has a legitimate interest in the Domain Name.

The Panel further notes the Parties’ claims with regards to the Oki Data principles. The Oki Data requirements are cumulative, which means that a respondent must meet all requirements in order to have a right to or legitimate interest in a domain name.⁴ Applied to the case at hand, the Panel holds that at least one requirement is not met, i.e. that the website to which the Domain Name redirects offered products competing with Complainant’s trademarked goods.

The Panel is therefore satisfied that Respondent has no rights to or legitimate interests in the Domain Name.

C. Registered or Used in Bad Faith

Based on the material that has been submitted, it cannot be sufficiently established in these proceedings that the Domain Name was registered in bad faith. On the contrary, in the light of the former distribution relationship, it is more probable that Respondent had Complainant’s (implied) consent to register the Domain Name.

However, article 2.1(c) of the Regulations requires that the Domain Name was registered or is being used in bad faith.

Since Respondent is no longer connected to Complainant and the Domain Name was used to attract Internet users to Respondent’s website on which products competing with Complainant’s trademarked goods were offered for sale, the Domain Name was being used in bad faith. The fact that Respondent used to be Complainant’s distributor, only further enhances the likelihood that Internet visitors would think that Respondent is somehow connected to Complainant. Respondent may very well market its (passcode based authentication) products under its own Domain Name.

The Panel further notes that there is currently no active website connected to the Domain Name. This prevents Complainant from using a domain name which is identical to its trademark and trade name, which constitutes use in bad faith.

7. Decision

For all the foregoing reasons, in accordance with articles 1 and 14 of the Regulations, the Panel orders that the Domain Name, <smspasscode.nl>, be transferred to Complainant.

Gregor Vos
Panelist
Date: August 26, 2015

¹ Oki Data Americas, Inc. v. ASD, Inc., WIPO Case No. D2001-0903.

² See in this regard SuperShuttle International, Inc. v. The Fixer, WIPO Case No. DNL2012-0033.

³ Gibson, LLC v. Jeanette Valencia, WIPO Case No. D2010-0490.

⁴ The Oki Data Americas, Inc. v. ASD, Inc., (supra) criteria which were established in UDRP-case law and which have been adopted in case law under the Regulations, known as the Oki Data criteria are:

- the respondent must actually be offering the goods or services;

- the respondent must use the website to sell only the trademarked goods (otherwise, it could be using the trademark to bait Internet users and then switch them to other goods);

- the website must accurately disclose the registrant’s relationship with the trademark owner;

- the respondent must not try to corner the market in all domain names, thus depriving the trademark owner of reflecting its own mark in a domain name.