INDU Committee Meeting

     Good afternoon, ladies and gentlemen. Bonjour à tous. Welcome to the 12th meeting of the Standing Committee on Industry, Science and Technology.

    We have witnesses here today, and I'll introduce them in the order in which our agenda states. That will be same order in which they'll speak.

    From Visa Canada we have Michael Bradley, who's the head of products.

     From Rogers Communications we have Kenneth Engelhart, senior vice-president, regulatory, as well as David Robinson, vice-president, emerging business.

    From MasterCard Canada we have Don Lebeuf, vice-president and head of customer delivery.

    From Canadian Payments Association we have Doug Kreviazuk, vice-president, policy and public affairs.

    Each organization has six minutes.

    Mr. Bradley, please begin.

    Thank you for the opportunity to speak before the House of Commons Industry Committee on the future of e-commerce and mobile payments.

    My name is Mike Bradley and I am responsible for Products at Visa Canada.

    It might be helpful to start with an overview of Visa. We are a payments network. Our job is to deliver payment products that help us with our mission to be Canada's best way to pay and be paid. Our solutions are designed to serve two groups of end customers—consumers and the retailers that accept Visa cards. We compete vigorously with other methods of payment—cash, cheques, and electronic funds transfer systems as well as other card payment networks such as MasterCard, American Express, and Interac.

    In short, the payments market is highly competitive at all levels. Visa remains a global leader in the payments industry. We enable payments for financial institutions, merchants, governments, and consumers in more than 200 countries. We have one of the world's largest and most advanced processing networks, VisaNet, which can handle up to 20,000 transactions per second. Every day, VisaNet sustains 300,000 cyberattacks on average, not one of which has ever been successful. Visa has invested heavily in anti-fraud technology, such as the recent migration to chip technology, which I am sure many of you use regularly now.

    Our efforts have kept fraud near historic low levels, enabling cardholders to use Visa with increasing trust and confidence.

    While we are known mostly for credit card products in Canada, we also offer business-to-business solutions and prepaid solutions that are convenient, reliable, and, most importantly, secure. Visa debit cards were launched last year by CIBC. For the first time, Canadians can use their debit card to pay for pizza or flowers over the phone, do their Christmas shopping at a wide variety of retailers online, and shop at 30 million merchants outside of Canada that accept Visa. In a limited way, Canada has now joined the 160 countries around the world where Visa debit is available. We believe that making this offer available will improve the ability of Canadians to shop internationally and buy and sell online in Canada.

    To go back to today's discussion, clearly the widespread adoption of Internet and mobile devices is changing the way people connect and transact across the globe. The numbers speak for themselves. Facebook has over 750 million members and millions of merchants, and now operates its own currency called “Facebook credits”. Google recently announced that it will also enter the payments space.

    Yet in Canada and around the world, Visa has remained key to the growth of e-commerce. According to a StatsCan survey for online purchases, 89% of Canadians use credit cards. In 2010, e-commerce already represented 13% of Visa's total payment volume. After more than 40 years operating in Canada, we've remained relevant because our value propositions have met the needs of Canadian consumers and merchants. We offer zero liability that ensures that cardholders won't be held responsible if they are not using the card. Verification by Visa and the three-digit code on the back of your card protects merchants and consumers from fraud, and the e-promise offers cardholders an avenue to settle disputes when shopping online.

    In May, Visa announced our digital wallet. The digital wallet and mobile payment services will deliver greater consumer choice, convenience, and control. It will assist our clients in growing their business and help e-commerce merchants by reducing abandoned shopping carts online.

    How will it work? A consumer may receive a digital wallet from their bank, facilitated through a trusted relationship and through a secure channel such as online banking. The consumer may load multiple cards from multiple issuers and even multiple brands into the wallet. When the customer is ready to make a purchase from a participating merchant, there's no need to enter payment card and shipping information. It will be an easy “click to buy” shopping experience. The investments we are making in these new solutions will bring greater value to merchants, who are likely to see fewer abandoned shopping carts online and, ultimately, higher sales.

    Our digital wallet solution also operates seamlessly with merchants across channels. When a person is ready to make a payment using a mobile device, the consumer can use their existing Visa account to pay through Visa payWave just by waving their phone near a device instead of inserting or swiping a card.

    This is the same payWave technology that exists on millions of Visa cards today and is growing in volume at merchants such as McDonald's, Second Cup, and Petro-Canada.

    Our mobile application....

     Was that the six-minute bell?

    No, I assure you, it was not.

    Voices: Oh, oh!

    An angel just got her wings?

    That was a close encounter, that's all I can tell you.

    Voices: Oh, oh!

    The Chair: Go ahead. We'll give you some time to make up for that.

    I just have another couple of comments.

    The mobile payment application has all the security features that you would expect from Visa and your bank.

    Finally, let me touch on the regulatory environment. While Canada has a robust regulatory framework, the phenomenal advances we've seen in the marketplace were not driven by regulations or mandates, but rather through collaboration and market-based competition.

    The recent adoption of the voluntary code of conduct for the credit and debit card industry was the result of exhaustive consultations with all stakeholders in the payments industry. The code has only been in place for just more than a year, and it has already had its intended effect in a number of areas. Visa has seen the increased transparency that the code has provided for merchants and consumers.

    In our view, the Canadian payments system is fundamentally working. Having said that, there may be ways to improve upon the code, and we're actively working with government stakeholders to identify these improvements.

    We need to be cautious about the application of the code to new technologies. For example, if two of the provisions of the code were to apply beyond cards, to mobile payments, a customer might require three cellphones to enable the different payments of their choice--that is, one for Visa credit, one for Interac, and one for Visa debit.

     In conclusion, Visa has been operating in Canada for over 40 years. We've played a lead role in a lot of the progress that has been made to make Canada a world leader in electronic payments, and I am hopeful we can operate as effectively for the next 40 years.

    Thank you. I'd be happy to answer any questions.

    Thank you very much, Mr. Bradley.

    Mr. Engelhart, will you be the one with the remarks, or Mr. Robinson?

    Mr. Robinson.

    Please go ahead, Mr. Robinson, for six minutes.

     Thank you very much, Mr. Chairman.

     I'm joined by Mr. Engelhart. My name is David Robinson. I'm vice-president of emerging business at Rogers Communications, where I've worked since about 1990. Since about 2005 I've been leading our initiatives in the area of mobile commerce, including the area of what we call mobile proximity payments.

    You all have a deck in front of you. I'm going to walk you through that. You have our written submission for the record, but I'll talk through those slides.

    Please move to the slide that says “Mobile proximity payments is a subset of mCommerce”. What we're trying to do in mobile proximity payment specifically is actually very simple. We're trying to make a cellphone look, to the payment system as it exists today, like a card—nothing more, nothing less.

    To do this is no small feat, however; you need a few really important things. You have to have a mobile version of the card on the phone and you have to make changes to the phone. This is something that started six years ago at an association that we belong to, the GSM association. There are over 800 carriers alone in that association.

    What we tried to do was determine methods and technology that would allow that mobile phone—the ones that are globally available, that are GSM-technology phones, the ones that virtually the entire planet uses—to pretend to be a card. To do that, you have to get antennas into these things and get security software into them.

    The good news is that this part is more or less done. Many of the phones that you're buying today, including the one I have in my hand, actually have the capability built into them today to be a card. A year from now I'd expect that millions of Canadians will already have the hardware that they need in their phones, and that comes from work that started over six years ago. It should be as normal to get a card on a phone as it is today to get a camera on a phone. That was outrageous only a few years ago and is as normal as can be today.

    Turning to the next page, having a card on a phone is rather pointless if there's no acceptance of contactless cards. Mike spoke to you about what Visa is doing in that area. These card phones are really thin, but they're not thin enough to swipe. So there has to be infrastructure to accept that phone as a contactless card or a credit card.

    We're in a pretty good state here in Canada. There are important pieces. The banks, or the issuers, as we call them, are starting to send out cards in tens of millions, to this day, with that really important piece of technology on them. The little wave on the side of the Visa card—I'll pull out a MasterCard, if you'll feel better—says this can be accepted.

    That very same technology is what is going into these phones, and the issuers are sending out the plastics. The retailers are starting to put up these contactless terminals. Go into McDonald's. Go into Tim Hortons. You will see the little reader that allows you to tap that card. You'll be able to use that exact same infrastructure to tap your phone; there's absolutely no change required from that point back. And that was the objective of the GSM association from the very beginning: just make it look like a card; don't change anything else.

    In Canada we're in a pretty good position, and the carriers have pushed technology forward over the years, frankly by subsidizing phones. These things cost $700; you pay maybe a couple of hundred bucks on a term contract. That helps move the technology forward. Every couple of years, people typically get new phones, and in Canada they get smart phones more than in almost any other country in the world. And that's where this is going to start, in smart phones. As I look at phone adoption, next year the outlook is good that we'll have millions of these phones in place.

    Now, on the next page we talk about EnStream. This is how we're going to do this. We have the phones, people want to use them, the banks are issuing the contactless cards, the terminals are starting to proliferate at retail, but how are you actually going to get all those cards onto all those phones? That's what EnStream was created for in 2005.

    It's a joint venture of Bell, Telus, and Rogers that was designed to forward the interest of mobile commerce in this country. In the area of proximity payments, what it's going to do is act as someone in the middle who will say: if you're a bank, or you're a public library, or you're a transit pass, or you have an access card for a building, plug it into this EnStream thing in the middle, and we'll help distribute that virtual card to all of the phones in the country. That's the objective.

    The next page says “Rogers supports the SIM”. That's where the card will be. You might ask what a SIM is. In the case of every GSM phone in the world, if you take the battery off you'll find a little thing on the back that looks exactly like what I'm showing you. That's the SIM. It's where we as carriers put our phone number, which identifies you, with your phone number, and allows us to make the calls happen.

    That is where we put our really important information securely, and we've done it for dozens of years and billions of times quite effectively and without a security incident. That is the location where we are recommending to the industry globally that, through this same standard developed in the GSM association, all the payment cards should go—because it's a wonderful thing.

    First of all, it's secure. It has to be. At the end of the day, MasterCard will have to say this is secure; Visa will have to say this is secure. When you see those logos show up on a mobile phone, it matters; they mean something.

    It's also a wonderful thing because it's portable. One of the attributes that we believe is critical is that there are things about this leather wallet that are not broken. You have to be able to pick what it is that you put in your wallet, and we endorse that. And you should be able to move your cards from wallet to wallet. This SIM is what is going to enable doing that: all your cards will be in this. You'll get a new phone, you put it in, and it works.

    The wallet software, discussed on the next page, is how this is all going to happen. I won't bore you with it, but that's how you actually make this virtual wallet on the mobile phone look like the leather wallet that you have in your pocket today.

    The next page looks at benefits to the consumer. This is a wonderful thing. Think about it. You always think, what if I lose my wallet? It's a terrible thing. First of all, you're powerless; second of all, you have to recreate and replace all this stuff. In a world where you lose your mobile phone, first of all, it's locked. My leather wallet is not locked; anyone can pull out and steal my identity. This will be locked.

    Then, you give us one phone call and all the cards are killed—your ID cards, everything. Then you get a new phone, and it will replace them as quickly as we can, in mere moments. The issuer will be able to get all these cards out over the air in real time. The people who I think are going to benefit the most are going to be the smaller issuers, because now the barriers to distributing a card are lower. It's going to cost less, we can do it in real time, we can do it over the air, and we can do it to millions of phones almost simultaneously rather than mailing them out.

    I'm sorry, but I have to interrupt you, Mr. Robinson. That's all the time we have. You can fill in the rest of this when we get to the question period.

    Very good.

    Mr. Lebeuf, please; you'll have six minutes.

    Good afternoon, and thank you for the invitation to appear today.

    As mentioned, my name is Don Lebeuf. I'm the head of customer delivery at MasterCard Canada.

    By way of introduction, MasterCard is part of the financial services world, but we are essentially a technology company. Globally our technology connects over 24,000 financial institutions with over one billion cardholders and over 30 million merchants globally. It gives people in every corner of Canada and indeed the world the ability to conduct commerce in a fraction of a second.

    For the purposes of this study and our presentation, I will start with a broad definition of e-commerce, that being any financial transaction that is not using cash or cheques. If you consider that definition, one could argue that e-commerce has been a reality for decades.

    What has changed and what continues to evolve is how credit cards are used, with the latest innovations being chip and PIN technology, contactless applications like MasterCard PayPass, and the movement to link payments to smart phones. Regardless of the medium, however, the function remains the same: a short-term extension of credit to the consumer to make a purchase.

    Coupled with these advances, there have been innovations outside the financial sector that have opened up new frontiers, with the Internet being the most obvious example. Our payment system allowed merchants large and small anywhere in the world to open their doors to a global customer base. It is not an exaggeration to suggest that online commerce would not have happened without credit cards. At MasterCard we like to say that we are at the heart of commerce, and nowhere is that truer than in the online marketplace. Revolutionary online distribution models such as iTunes and Netflix simply wouldn't exist without online payments.

    From our perspective, Canada is among the leaders in e-commerce. For example, according to Stats Canada, in 2010 51% of Internet users ordered goods and services, and in Canada Canadians placed nearly 114 million orders online valued at approximately $15.3 billion. As Mike noted, 89% of these transactions were completed using a credit card.

    I would like to stress that adopting these technologies remains a choice for merchants and consumers. Some merchants have expressed concern that new payment technologies might be forced upon them. I can reassure everyone in this room that the plastic in your wallet is not going to disappear. It will remain a payment vehicle for as long as merchants choose to accept credit cards and consumers want to use them. Some consumers may gravitate to payments through smart phones or other technologies, and some merchants may choose to accept that payment option, but the choice will always be theirs.

    I want to add a caveat, though, to my comment that Canada is not a laggard in e-commerce. What I've been discussing thus far deals with the merchant-to-consumer relationship. According to research conducted by the Canadian Federation of Independent Business, such areas as business-to-business, government-to-government, and government-to-business still have a heavy reliance on cheques.

    These are areas where MasterCard can play a role; for example, as part of the government's strategic and operating review to save 5% in overall government spending by 2014. If we can play a role as a facilitator of electronic options for these transactions to reduce the manual processing costs, and if businesses and governments want electronic options, we welcome that discussion.

    Let me now turn to security, which is a critical underpinning of the world of e-commerce. Consumers need to have confidence in the security of the transactions, as do merchants. For online payments, MasterCard has developed several solutions to meet the unique needs of these transactions. The card security code confirms that the actual card issued is in fact being used for the purchase; AVS, address verification service, allows the merchant to ensure that the address they are shipping to is in fact the same as the one used by the card issuer; and SecureCode provides online authentication of the cardholder. Additionally, cardholders are protected by MasterCard's zero liability protection.

    I know you are interested in the future of e-commerce and any potential barriers to further innovation and growth in this area, and there are at least two that I'd like to bring to your attention.

    First is Canada's debit system. Regulatory structures and voluntary codes have been put in place that effectively give Interac a debit monopoly for transactions in Canada. Online debit in Canada is extremely limited, and there is no global interoperability for Interac debit. In other words, you cannot make an online debit purchase using Interac anywhere outside Canada and at only a handful of merchants in Canada.

    It doesn't have to be this way. MasterCard's global debit system allows cardholders to use their debit card anywhere in the world, either at the point of sale or online. Online debit is a widely accepted form of payment throughout the world, and we believe it is a payment option that Canadians would embrace if available. This is one area where Canada is sorely lagging behind the rest of the world.

    Second, while MasterCard supports the Code of Conduct for the Credit and Debit Card Industry in Canada, and agrees with the CFIB that it is working well, there are some elements that may be at odds with the evolution of electronic payments in Canada.

    For example, there is a provision in the code that states that debit and credit card functions cannot reside on the same payment card. As payments become an option through smart phones and digital wallets, it begs the question how this position will be interpreted.

    Will it be possible to have credit and debit functions on the same phone, given that, as David suggested, the phone is essentially duplicating your physical wallet? If we want Canada to play a leadership role in e-commerce, policy makers must ensure that regulatory structures are sufficiently flexible to adapt to and encourage these innovations.

    To sum up, MasterCard's role in e-commerce is largely as a facilitator in the consumer-merchant relationship. Merchants, understanding the global utility and benefits of credit cards, created the online marketplace, and we provided the payment solutions to help everyone prosper from it.

    Thank you. I look forward to your questions.

    Thank you very much, Mr. Lebeuf.

    Now we go on to Mr. Kreviazuk for six minutes, please.

    Thank you, and good afternoon.

    I'd like to thank the committee and the members for the invitation to give the CPA the opportunity to come here and contribute to your study.

    By way of background, the Canadian Payments Association was created by an act of Parliament in 1980. Our membership stands at 136 members and includes the Bank of Canada, all chartered banks, trust and loan companies, credit unions and caisses populaires centrales, and cooperative credit associations, among others.

    Parliament gave us a specific mandate to establish and operate the national clearing and settlement system and to facilitate the interaction of our system with others and facilitate the development of new payment methodologies and technologies. Parliament further set out clear public policy objectives to promote the efficiency, safety, and soundness of our systems, taking into account the interests of users. As such, the CPA plays a leadership role in providing safe and efficient clearing and settlement of payments for Canadians, processing on average more than 24 million payments daily at a value of $170 billion, which translates into six billion transactions annually and $42.8 trillion of value.

    The change drivers in the payments system are common the world over. We see significant advancements in technology that result in new payment products and services, but that also make the payments we do today faster, better, and hopefully less expensive. Also, new players and service providers are making it more convenient for Canadians to shop, trade, and transact over the digital highway.

    In terms of volume of payments processed through the systems of the CPA, the move towards electronic is significant, but some barriers remain to processing all commerce and all payments electronically. It wasn't too long ago, even back in 1990, that approximately 80% of all payments through the CPA were paper-based. Today this has fallen to less than 18%. While this sounds like a great success story, the reality is that there are still almost 3.6 million cheques processed each and every day through our systems, and that doesn't include cheques issued in cases when the buyer and seller are at the same financial institution. Taking those into consideration, Canada has approximately 1.6 billion cheques still in annual circulation.

    One of the largest users of these instruments is small to medium-sized business. The reasons for this are several. Key is the fact that reasonable payment alternatives to provide the small business with complete remittance data or invoice data that can be automated into their accounting processes are not readily available. In other words, straight-through processing is not an option for them today.

    Similarly, for parents who need to send money to schools or organizers of their children's events, choices are few, so they send in the cheque.

    Finally, for online shoppers, the need for shoppers to make payments in an online manner gave rise to payment service providers such as the PayPals and the Googles, and certainly gave a boost to the credit card companies. Online debit options that are linked directly to personal deposit accounts need to be pursued and advanced as viable options to the credit card.

    In 2009 the CPA embarked on a comprehensive strategic plan exercise, which was coast to coast and involved business, consumers, and government, to understand their needs and their challenges. In the end, we developed our Vision 2020, which presented a detailed road map of the future, closing many of the market gaps. The CPA, working with the broad industry, is now developing and implementing solutions that facilitate straight-through processing between corporate users and the payments system and enhancing its standards to ensure that remittance data required by corporate users is in fact provided.

    The CPA is now undertaking a review and potential adoption of international payment standards that will continue to drive efficiencies both domestically and internationally.

     Finally, the CPA is active in developing clearing rules that will allow the marketplace to develop mobile payment applications. By reducing barriers to clearing, and improving the transparency and efficiency of our rules, the market will be free to innovate, and the CPA will be prepared to clear and settle all payments.

    I would be remiss if I did not also acknowledge the work of the task force for the payments system review. This seven-person task force, appointed by the Minister of Finance, has been examining Canada's payment industry for the past year and a half. Their final report is due in December and will address many issues related to competition, innovation, efficiency, and industry governance.

    The task force, together with a broad community of interest, has been studying the issues and impediments to Canada's becoming leader in the digital economy. The CPA has been working closely with the task force and their several subcommittees dealing with issues of digital ID, authentication, payment standards, and bill presentment and payments. The transformation to a new payments ecosystem and a truly digital economy is a large and expensive proposition, and many groups have been engaged in ongoing policy discussions.

    Before the CPA introduces any new policy or rule change, we undertake a rigorous public consultation process. In the development of these rules and policies, we rely heavily on the advice provided by specialized committees comprising members and stakeholders alike. After a new rule is presented to their stakeholder advisory council and our consumer group, we then submit it for general public consultation. We are very proud of the relationships we have forged and the collaborative nature in which our policies are developed.

    We are all well aware that the payments landscape continues to change, and the future shows no sign of slowing. To that end, the CPA will continue to play a leadership role in providing a safe and efficient clearing and settlement system to meet the current and future needs of Canadians.

    Thank you very much.

    Thank you, Mr. Kreviazuk.

    Now we're going to move on to our questioning time. The first is a round of seven minutes.

    The first questioner is Madam Gallant.

    You have seven minutes.

    Thank you, Mr. Chairman, and through you, thanks to our witnesses.

    Looking to a time when Canadians may be dependent on their wallet forms, first of all, cellphone service providers do not necessarily have agreements with every country in the world for sharing that phone.

    First of all, to the cellphone providers—Rogers is here—are you opposed to Canadian consumers being able to use SIM cards from other countries where you don't have that co-agreement for service in place?

    Do you mean if you buy a SIM card from somewhere else and use it in our phones?

    I mean in another country where you're not available.

    We allow people to unlock their phones if they are subsidized. The market provides for open devices into which you can easily insert a SIM from another country.

    So if a new SIM card is being put in, how would that affect, if at all, the mobile payments system? If you have your Visa card or MasterCard on there, would it be impacted?

    Oh, okay. It wouldn't work, so....

    I don't understand the question, obviously.

    If we used a different SIM card and we were dependent on our phone wallet and we were in another country, we couldn't use our phone wallet in that country to make payments.

    Oh, I see: you have your phone number in your SIM and you have all your cards in your SIM and you go to another country with which we don't have a roaming agreement, and so you can't use your phone and therefore can't use your wallet.

    Is that what you're getting at?

    Yes, that's my question.

    I don't know how many countries we don't roam with. I think it's a fairly small number of countries.

    Whereas I do believe a mobile wallet is certainly going to be a reality in a very near period of time, I don't believe for a moment that it's going to replace plastics. The card on your phone is usually a version or a copy, as it were, of your physical card. So the likelihood is that a customer who went to a country where for some strange reason there was not cellphone service that we roam with would probably bring with them their physical cards—which they probably still have, though they might be sitting in a drawer, admittedly.

    Just to emphasize something that Mr. Robinson said in his opening remarks, the cards will be on the SIM card. So really there's nothing on the phone that affects the mobile payments. If you have your credit cards or whatever on that SIM card and you move that SIM card into a different device, the mobile payments will work.

    Okay.

    Now, there's a concern among some of my constituents about receiving their credit cards in the mail with these new radio frequency chips. They're concerned that when they're being mailed to them, they're not in some protective covering, and that the information could be stolen even before they receive it.

    Do those chips have to be physically activated by the owner of the card before the frequencies are sent out?

    I'd be very happy to answer the question, and I thank you for it.

    I'd first want to add to David's and Kenneth's comments about the international interoperability. It's a fundamental premise of Visa card usage that the card or payment credential that you get from your issuer in Canada is used anywhere that Visa is accepted around the world. We're certainly working very closely with GSMA, the cellphone group, and with Rogers and others to ensure that this model of international interoperability continues as we move to the mobile world. So I absolutely support the response there.

    In terms of the protective sleeves, first off, when you receive a card, every issuer in Canada requires that you call to activate that card before it becomes usable. You typically have a sticker on the card and a phone number to call and then a password to communicate with the bank in order to physically activate the card, so that at the point at which the customer is getting the card, it's not activated until they actually make it so.

    When that sort of technology is used in a wallet phone, if it is, are there provisions built into the phone to protect against the data being stolen by somebody else?

    Absolutely. The concept that has been sometimes referred to is data “captured” from a card from a proximity device. The fact is that the way we build transactions and the way transactions flow through the network, any data that was captured from a card or mobile device would not be usable to create a new transaction.

     So I think the concerns of your constituents are maybe addressed within our current framework.

    All right.

    Concerning the use of Bluetooth on the cellphone, or Wi-Fi for that matter, but specifically Bluetooth, you can be talking on your phone, and we are warned that if that Bluetooth is on, information contained in our SIM cards can be stolen.

    So if you're using Bluetooth and you have the information for your different credit cards on your phone, are there security provisions built in so that your wallet phone is not more vulnerable to theft just because you are using Bluetooth?

    There's no relationship in the device between what the Bluetooth radio does and where the cards are on the phone. So it would be a fallacy that you would be able to do that.

    The data on RFID cards, whether it's PayPass or payWave, in terms of the data you could get off the cards, is unusable to conduct a transaction. You're only getting the card number and the expiry date, and you need a lot more than that to actually complete the transaction. There are a number of dynamic security features that are missing from that data.

    We are aware that there is a gentleman walking around selling his product who purports to have a sleeve that can cover it, which is self-serving: that data cannot actually be used to complete a transaction online or face to face, and you cannot counterfeit a card with that data either. It's rudimentary data that you can't turn into an actual transaction.

    Thank you for clarifying that.

    For consumers as well as vendors who use the phone wallet, are there any cost savings?

    If you mean to the consumers, I think the big difference will be that you won't have the barriers to carriage. Will it cost you less to have a virtual card, a virtual Visa or MasterCard, than it does...? Well, it doesn't typically cost you to carry a Visa or MasterCard that you are provided by the bank, and I don't think that will change in a mobile, but--

    Mr. Robinson, I'm sorry to interrupt you, but we go by the clock. That's it.

    We will now go to Mr. Thibeault for seven minutes, please.

    Thank you, Mr. Chair.

    Thank you, gentlemen, for being here today. It's a very interesting subject that we're talking about. You have all been providing some valuable information. We're seeing so much innovation coming forward.

    Mr. Robinson, what you were talking about is very exciting—what we're seeing, the ease of access, and how we're making it easier for consumers to carry around their phones, since more and more of us are doing that. I forget my wallet more often than I do my BlackBerry, since I need it more than my wallet some days.

    In that complexity that we're creating to make our lives simpler, we worry that the potential could be there for...you know, if someone gets hold of our phone because we forget it. What happens then, if all of a sudden someone opens it up, breaks the lock, and goes on a spree, just as they would with the stuff in our wallets?

    Can you talk to me a little about what type of protections there are going to be in a mobile payment to ensure that if we do lose a wallet or if someone tries to crack it...? You mentioned 300,000 cyber attacks daily. Is it on VisaNet? We have applications created on a daily basis for iPads and for BlackBerrys. People are going to start looking at targeting these things to try to get access.

    What are your organizations doing to start protecting consumers and merchants?

    I'll try, and I'll try to make it fast.

    First, yes, there will be a lock on the phone; then there will be underlying security requirements to make sure that everything in there is containerized, unassailable, and encrypted. Remember, we're effectively creating another version of a Visa card or a MasterCard. Behind that are the payments networks with their zero liability. If your phone, for some strange reason, is stolen and used, the same underlying zero liability rules will apply to a card on the phone that apply to a plastic card today.

    For the mobile, it creates some confusion. Essentially, as David mentioned, the mobile phone is a supplemental card. It's like having two cards: one is in your phone, and you have your physical card in your physical wallet.

    If you lost your phone, the situation is actually no different from that of losing your physical card. You follow the same process: you contact your bank and alert them that the card has been lost. You're covered by zero liability; they'll issue you a new card number; then there is the provisioning that has to be put onto the new handset. It's really as simple as that; it's like having an extra card.

    My comment would be that building and growing a successful payments network is all about security. The brand that we provide, the brand that the financial institutions stand behind the payment products with, is absolutely essential. As we've moved to new generations of technology, from the old days of the click-click machines to magnetic stripes to the computer chips that are now on your credit cards, each one of those steps has been accompanied by brand new layers of security that have continued to ensure that not only is fraud not growing but in fact that it is shrinking as time goes by.

    The marriage of computer chips within the mobile phone and the computer chip standards that we have built and that probably most of you have on your credit cards and debit cards in your wallets—these together are a nice marriage of technical security, along with the policies that ensure that you're never going to be held liable as a consumer for fraud. Continuing to protect merchants as well as consumers from fraud is critical.

    I'll start with you, Mr. Bradley, and then I'll give Mr. Lebeuf the opportunity to answer this.

    We could go back to the last Parliament and an issue that is ongoing, the “stop sticking it to us” campaign by the Retail Council of Canada and CIPMA, and there are many other organizations that were very concerned about merchant fees, the fees that are hitting small and medium-sized businesses when people use their credit cards. We're hearing now from the Senate committee that the cost of our merchant fees is one of the reasons—there are many, but one of the reasons—that costs in Canada are more than they are in the United States.

    If more and more people are going to be using their mobile phones to make their purchases, the credit cards will be linked with this, and so the merchant fees will be attached to that.

    Are we going to see any other fees attached to my phone, when I'm using whatever application it may be? Will there be another fee on top of the already high merchant fees that we're hearing of from the small and medium-sized businesses?

    I'll start with that one.

    I think it's important to say, first up, that Visa does not set merchant fees. Each merchant in their relationship with their payments acquirer will typically develop a contractual relationship, and part of it includes the settlement terms and financial terms. That would be the basis for the merchant fees. Visa does not set those fees.

    Visa has a component that probably represents a component of those merchant fees known as the interchange fee. That interchange fee, for us, has remained relatively stable for the past decade or so. We have been transparent about those interchange fees. They've been available on our website since 2008 and are a matter of public record. We think they reflect a tremendous amount of value that's delivered through the network. We look to set these interchange fees in a way that balances the services that are delivered to merchants and those delivered to consumers.

    The benefits that merchants receive out of accepting credit cards, and in fact debit cards too, include immediate settlement or settlement within a very short timeframe; security protections, by ensuring that they no longer have to handle cash in the movement to electronic payments; immediate access to credit for many consumers at point of sale, which helps a merchant to grow their sales.

    A study that has been done by Global Insight, which I referenced, says that over the last 20 years upwards of 20% of Canadian economic growth has been driven by the availability of electronic payments. Now, that's not just Visa; that's MasterCard, Interac, American Express, and all of the various players in electronic payment.

    There is a huge value there, we believe, to the Canadian economy and to merchants who are accepting the cards. Merchants have lots of choices. There are many who have differing acceptance profiles: some choose not to accept Visa; some choose not to accept Interac, in the case of some online merchants. Those payment choices are what will continue to make the market dynamic and competitive.

    So are we going to see any other fees on top of existing fees, with mobile payments?

    It would be too early to commit to a fee structure, as was just asked by Ms. Gallant. A number of things are still being developed in terms of the value proposition. But as always, we embrace a transparent, open environment, and we'll make no secret of our interchange fees. We'll have merchants and consumers making wise choices.

    Thank you very much, Mr. Bradley and Mr. Thibeault.

    Mr. Carmichael, seven minutes.

    Thank you, Mr. Chair.

    Thank you to our witnesses for coming today.

    I'm going to come back to the fees issue in a second. I'm curious to hear, from the Rogers perspective....

    You're part of the Red Tape Reduction Commission and with what's going on there with Minister Bernier. Are we doing enough to truly reduce red tape and create an environment that's going to be more receptive and responsive to growth in your industry? Are we seeing the types of signals that would encourage you that we're truly serious about growing this part of our economy?

    I think, yes, we're seeing encouraging signals. There are still a few areas in the wireless business where we're seeing, I believe, some unnecessary red tape.

    We have on our licence conditions a 2% requirement to spend on R and D. Now, we do spend 2% on R and D. That's just natural when you're a wireless company. But it means there are accountants to keep track of it all, and reports to be filed.

    All of that is, in my view, unnecessary red tape. No other country in the world has a 2% R and D requirement like that on licences. I believe that's something the government could get rid of that would spare us a lot of red tape.

    We're also seeing municipalities and provinces and other entities increasingly making it harder and harder for us to put up our wireless towers in the country. Part of it is that they're responding to concerned citizens, but it is getting very difficult now for us to deploy the infrastructure we need to provide Canadians with the services they want.

    Industry Canada is very helpful, but I think more could be done to assert federal leadership in this area so that this infrastructure could get deployed.

    Thanks, Mr. Engelhart.

    Certainly that's part of what we as a committee hopefully are going to establish--some recommendations that will help create a better environment for doing business.

    I come from a business background, Mr. Bradley. You talked about the fees, the interchange fees versus the transaction fees or the merchant fees, and as a business operator I don't differentiate. What we've heard from small and medium organizations, including the CFIB and others who have been here, is that the fee structure in Canada is a hurdle to growth in that part of business and the economy.

    Just to follow up on what Mr. Thibeault and Madam Gallant said earlier, when you start talking about the fees as a whole, I'd like your opinion. I understand it's early, and we heard some exciting thoughts on technology, but if this is truly a hurdle and something that's going to impede growth and economic development, and something that we have to get our heads around, do you see, with the development of the technologies we're hearing about and the advances being made, that there is an opportunity that this will in fact reduce fees, the consolidated fees, the fees that business owners have to pay every day in order to do business with Visa or MasterCard?

    Mr. Lebeuf, I might like to ask you the same question afterwards.

    First off, I appreciate that, as a business owner, the end ticket price is all that would interest you. I think it is important to differentiate the two.

    We work closely with CFIB and the retail council to try to address the concerns they have. The reason we do differentiate is that the interchange fee we are responsible for is a component that the acquirer, who typically has the relationship with the merchant, would then work into their package price. But many other factors drive how an acquirer prices to a merchant, including the length of term of the relationship, the types of services they provide, and the risk profile of the client. So a lot of different things go into the end price that a merchant pays that are distinct from the interchange fees.

    It wouldn't be appropriate for me to comment on the acquirer relationship with the merchant, only insofar as to say that it is important for all merchants, and merchant associations, to shop around for the best deal. Competition exists at multiple levels. At our level, at the network level, we know we compete with the Interacs, with cash, with other electronic forms of payment, and of course with MasterCard and American Express. But at the same level, the merchant, in their relationship with the acquirer, those acquirers are competing with many of their peers for the merchant's business.

    So I stand behind what I said, which is that interchange rates have been relatively stable for the last decade. Our interchange rates represent about a penny and a half on $100. I've heard some figures quoted that are substantially higher than that, in terms of the cost profile to end businesses.

    Our recommendation would be that there is a very vibrant market for these services that are out there, and that merchants...it's incumbent to shop around to find the best deal.

    Yes, I've seen that; in an industry that I've been involved in in the past, the industry will go and try to find best value and best opportunity for reducing those overall costs for their organization and related retailers.

    I guess the question is, longer term, if this is a hurdle, what are we going to do about it?

    Mr. Lebeuf, do you have any thoughts on that?

    I would echo some of Mike’s statements. I mean, you deserve an answer. No, there would be no additional fees for mobile payments. Hopefully that satisfies that question.

    But from an interchange perspective, we feel that with interchange there needs to be a balance, to bring more consumers into the system and more merchants. If we're out of balance, we lose merchants or we lose cardholders, and the system starts eroding.

    So it's a balancing act. We feel that the interchange rates, as they are today, are commensurate with the value that merchants get. I'm assuming we're specifically talking about online merchants, given the topic of the committee.

    As was noted in my opening remarks, credit cards enable merchants to do e-commerce and make the savings of not having brick-and-mortar infrastructure, leasing and whatnot. Sure there are expenses with e-commerce, but there are significant savings for merchants to open up an e-commerce environment. Credit cards, quite frankly, facilitate that.

    There is competition in the marketplace. From an acquiring perspective, certainly with element one of the code of conduct, it adds a layer of transparency never seen before—for merchants to understand the pricing that acquirers are providing to them, shop around, and get a better deal. There are better deals to be had. They just have to negotiate and understand it.

    I'm going to have to interrupt you now, Mr. Lebeuf.

    That's all the time we have. We went a bit over for your answer.

    We'll now move on to Mr. Regan, for seven minutes.

    Thank you very much, Mr. Chairman.

    To carry on with that note of shopping around, the concern that I think some of us have is that merchants shop around and they may or may not locate in this country. When they choose where to locate or when they consider their ability to grow in one jurisdiction versus another, one of the things they look at is their costs, obviously.

    We had a witness here a few weeks ago, Mr. Samer Forzley of the Ottawa Centre for Regional Innovation, who said as follows:

    Is Mr. Forzley wrong, or should we consider this a problem in terms of people shopping around about where they're going to locate?

    If I may, the interchange rates in Canada, specifically for MasterCard, are lower. I read the statement from that witness. That is incorrect. The interchange in Canada is lower than in the United States, and that is a fact.

    I can't speak to the end price that they negotiate with the acquirer. There are seven acquirers. Certainly the market can't bear hundreds of acquirers as in the U.S., a very large market, but there is opportunity for merchants to negotiate rates. It depends on the type of business they're operating.

    When you say the “acquirer”, would the typical acquirer be a bank, for example?

    It's a financial institution that provides services to merchants. That would be Moneris, Global Payments, First Data, Paymentech, Elavon; there's a list of them.

    Mr. Bradley, you mentioned earlier that your transaction numbers are quite low. To me, the question is what is the number for the actual merchant? We certainly have a concern in this country, or we've seen merchants being concerned, about fees going up on credit cards--the cards that offer the consumers a variety of “pluses”, let's say. That's a concern by itself. If it becomes a concern to the extent that we're not having e-commerce businesses locate and thrive here, that's a problem.

    What do you say?

     I would add that there is one other key differentiating factor between the Canadian and U.S. environments. I would stand behind what Don said about credit card interchange rates in Canada comparing very favourably with those in the U.S. But one factor that's missing there is debit card acceptance online.

    I spoke in my opening remarks about CIBC's launch of a Visa debit card last year. Our interchange rates for debit are considerably lower--upwards of 35%--than our credit card rates. So in a U.S. environment, for example, where the blended average of the number of Visa cards that are used on the merchant site is as much debit as credit, you can imagine it would be a substantially lower price if debit were as big a piece of that merchant's business as it is in the U.S.

    As I said at the outset, I think it would be helpful for merchants in terms of cost of acceptance as well as the ability to be able to do business with a new group of customers who may not qualify for credit cards, or who may be using PayPal at a different cost profile, or a credit card, to start accepting Visa debit products.

    We think that will help drive e-commerce, and drive it at more affordable rates than you described.

    Mr. Lebeuf, you said that Canada's debit system gives a monopoly to Interac, and that's an obstacle. How would you remove that barrier, and what would be the impact of removing it?

    If the code of conduct were amended to allow issuers to issue, as in every other market around the world, what are called co-badge cards, you could have multiple debit networks on the same card. You would have MasterCard debit on the same card that also has Interac.

    It's a voluntary code, right?

    It is a voluntary code, but it is backstopped by the Payment Card Networks Act that the Minister of Finance can put in legislation. So we treat the voluntary code quite seriously, and we want to adhere to it.

    If the debit market were allowed to open up and we were permitted to enter it in a commercially meaningful way, Canadian cardholders would have access to the entire globe online--in Canada and internationally--to use debit.

    As Mike alluded to, debit and credit transactions are completely different, with a completely different risk profile, and the pricing for debit is substantially lower.

    So this requires the minister to say that he's open to changing this, and to work out that change with you.

    Yes, basically to address the issue of e-commerce availability for consumers in Canada.

    Are there any discussions of that sort going on right now? Has the minister asked for that kind of discussion?

    Those types of discussions are happening at the payment task force that's been commissioned. We've certainly made our views known to the CFIB, the RCC, the minister's office, and the Department of Finance. So there are ongoing discussions, but the code is what it is for today.

    As for the regulations that prohibit having a credit and debit function on one card, it seems to me that if I'm waving a smart phone in front of a device to make a payment, I'll look at the phone and select which card. It seems to me you would have regulations prescribing that there has to be a virtual separation between the cards. I pick which one I want, and I set the different functions for debit versus credit.

    Is that how you see it evolving? What's holding that up?

    I don't think anything is holding it up, per se, outside of what David was saying about the migration in Canada to NFC and mobile technology.

    But I think you're accurate, in that as a consumer you might have your MasterCard, Visa, Interac, Diners Club, JCB and American Express cards on your mobile phone. You would make a choice the same as in the physical world, where you pull out of your wallet whichever card you want to tender for the sale. Then the transaction is completed with the payment card you choose.

    Thank you, Mr. Regan, that's all the time we have there.

    We've finished our seven-minute round and will go to our five-minute round.

    Up first is Mr. McColeman for five minutes.

    Thank you, Chair.

    Thanks to all for coming today.

    Mr. Kreviazuk, are there ways you see that your organization could drive more efficiencies to lower the cost to consumers and merchants?

    We've been doing work in the recent past that will continue through 2012 to try to promote the introduction of global standards for payments. That will allow the financial institutions and the scheme operators to develop or expand existing platforms, which should drive further efficiencies. So adoption of global standardization will reduce cost.

    With straight-through processing, manual intervention is removed within the handling of the payment, whether it's at the merchant's back end when they do the reconciliation.... All of that should lend itself to further efficiencies in the system.

     Right.

    All of you might want to comment on this. As we move to these new technologies and the digital era, it would seem that one of the many benefits beyond convenience is just that: we are able to offer more efficiencies to both businesses and consumers.

    Is that how you see the business model unfolding, or is it just to maintain the status quo in terms of the way in which the processes you have today maintain that same cost structure?

    I'd be happy to take that one, or at least take a first crack at it.

    We're always looking for efficiencies in the system. That includes things like fraud reduction and better credit scoring. We build technologies right into VisaNet that help to reduce those costs. Certainly, as we've moved to chip, there's been some favourable early results in terms of fraud reduction, which we think is good news for the system as a whole.

    There's an important element to remember, I think, as we move to the new technologies, which is that they often co-exist with previous technologies. As David and I think Don said earlier, the card that you're carrying today, in the same way that it still has the raised numbers on it for when you run into one of those click-click machines, will probably be in your pocket for a long time to come.

    So the enablement on a cellphone is probably going to run in parallel, for the foreseeable future, with the plastics you have today. So I would just temper expectations on that front in terms of significant cost reductions.

    Anyone else?

    I think it will raise efficiency, because it will be easier to distribute virtual cards through the phone. I think that will ultimately benefit the merchants. Merchants prefer some card types over others—they love their store cards and they love gift cards, because people come back to their stores—and we'll be able to lower the barriers of being able to present those cards to the merchants.

    Now, it is critical that the acquirers also cooperate to allow those now “credentials”, or cards, to be accepted in those store locations. That's going to be an important part of it.

    On another line of questioning here, I'm interested to know, Mr. Bradley, on those 300,000 attacks per day, what technologies you employ to sustain those attacks.

    First off, true confession: I'm not a technology expert. I can tell you, though, that they come from far and wide and that we invest tens of millions of dollars every year in VisaNet protection.

    That protection ensures that the data, as it's travelling through the network, is not able to be hacked and that the fraudsters who are attacking with a really wide variety of attacks are thwarted before they get too far.

    I would be very happy to connect you with someone who's more qualified to provide you with more technical detail on that.

    Okay. I was just curious.

    Do you support the personal information protection of electronic documents legislation, our PIPEDA legislation, which would require companies to report material breaches to both the Privacy Commissioner and their customers?

    We do. We absolutely do. In fact, we believe we take it a step further, by ensuring—based on our standards that we stand behind—that we're continuing to protect cardholder data in merchant environments.

    For example, it is critical that a merchant not store complete “track two” data, as we call it, which is effectively the image of the magnetic stripe that is the gold mine for many fraudsters in a pre-chip environment, and still is for a lot of international fraud.

    So the standards that we take not only adhere to PIPEDA but in fact take it a step higher.

    Mr. Phil McColeman: Okay. Thank you.

    Mr. McColeman, that's all the time we have. I apologize; I know we always fight against that enemy: time.

    Mr. Masse, for five minutes.

    Thank you, Mr. Chair.

    Thank you for being here.

    I'll start with attacks, and I'd like to hear from the panel on the technologies. I actually fell victim to the PS3 attack, and I had to get my Visa redone.

    One of the important things that we haven't talked about is how sometimes you can get your online ticket and go to the airport, but if it fails, then you have a problem. I always have a backup; I have my printed ones with me as well.

    Maybe you could share with me what's being done in the field right now to prevent these kinds of backup failures. Even last week, I went to the airport and tried to use my Visa card, and the machine was down from the attendant. I was lucky I had American money on me from being over in the States recently. I had no Canadian money, but I was able to settle the debt right there.

    We've also had network failures, and this can have significant consequences in the economy.

    So I'd like to hear a little bit about that, and then I'm going to turn the rest of my time over to Mr. Thibeault.

    I really can't speak to the telecom networks, but most merchants today....

    To Mike's earlier point, the days of imprinters have long gone. Most merchants have electronic terminals. If they have an issue with their terminal and it breaks, as they do from time to time, then yes, they have to contact their acquirer, financial institution, or whoever is providing the terminal for them and get it resolved. Certainly it's usually fixed quite quickly, because the retailer wants to get back up and running as quickly as possible. There's typically no backup to an imprinter, or creating paper sales drafts any more. Those days are kind of gone.

    As you may recall, when we had the power blackout several years ago, a lot of merchants were effectively off the air as far as card acceptance, because the terminals need electricity.

    Was there a question about phones?

    It just seems we're anticipating a perfect world of technology and power source and everything else to be able to operate. As we move more and more to e-commerce and e-payments, we have greater vulnerabilities to the actual practicality of paying for merchandise at a time when perhaps the device might not work. It might lock. The network could be down. You used a good example with the power blackout.

     I'm curious to know if anybody is thinking about any of this stuff. We're building this stuff for a perfect operating system, but that often isn't the case.

    We're not. These are incredibly complex transactions that are taking place. Your card swipe at the Ottawa airport has to touch the acquirer, potentially a gateway provider, a processor, before it gets to VisaNet.

     I'm very happy to say that at our level we have what we call “five nines” of reliability--that's 99.999%--with maybe one outage in the last 14 years.

    That's not to say there aren't places along the chain where there can be challenges. It really is important that the consumer transactions are able to continue. When I commented earlier that having the cellphone doesn't mean you're not going to have your card, it's for that reason. When I commented earlier that you still have the raised numbers on your card, it's for that reason. You'll still run into a taxicab driver, for instance, who still relies on the basic form of Visa acceptance. We designed the system that way, and we think it's important to maintain.

    How much time do I have, Mr. Chair?

    You have a minute and a half.

    For our colleagues across the way, PS3 is PlayStation3 by Sony.

    Voices: Oh, oh!

    Mr. Glenn Thibeault: You were all scratching your heads when he said that about PS3.

    I have just a minute and a half, so I'm going to jump in quickly.

    Mr. Lebeuf, thank you for that earlier answer. In relation to your talking with Mr. Regan about co-badging, I talked about the “stop sticking it to us” campaign. Even bigger than that campaign was a huge campaign in relation to the retailers and merchants concerned about co-badging of cards, priority networks.

    If we are to see the co-badging of cards being used on mobile payments, will those rates be the same as currently used by Interac? Or will they be significantly higher if they go on to the priority routing, if it is MasterCard, Visa, or whatever? There are serious concerns from the other side that the debit market is the one place where you can make a transaction and they know what their so-called fixed cost is. If this comes into place, will those costs be significantly higher for the SMEs?

    I would say no. I meet with the CFIB and the RCC, so I'm aware of the spin they put on that.

    I will lay out some facts. When we rolled out our debit program in Canada, called Maestro, the cost was one-third less than that of Interac--not more, less. And we took an approach where we didn't feel negative option acceptance was acceptable for us. So each merchant was presented with a business opportunity, a business case, and they had to agree and sign a contract where they were required to agree to accept that product. Tens of thousands of merchants did.

    With the code of conduct, we had to unbundle that entire debit program, which in effect cost merchants millions of dollars in savings that they've lost because our program was cheaper than Interac. If we made it more expensive than Interac, nobody would accept it. So it was cheaper than Interac, and that was the play given that it was debit.

    Thank you very much, Mr. Lebeuf. That was a sophisticated question that required that much of an answer, and we went a bit over.

    Now on to Mr. Braid for five minutes, please.

    Thank you, Mr. Chair.

    Thank you to all the witnesses for being here this afternoon.

     I'm curious to know your perspective on why we don't have mobile wallets in Canada today, or why we didn't have them sooner.

    Everyone who would like to can contribute.

    May I try first?

    You've seen them in Korea. You've heard about them in Japan. You heard all about the Japanese folks using mobile phones for getting into the transit system. Honestly, that's where a lot of the stuff started. The problem was the transit system used contact cards and they wore out. Someone said they should find something that didn't wear out and they invented contactless.

    The Japanese market is very vertically integrated, as you know, so that Sony technology was, not surprisingly, integrated into Sony phones. As a result, it showed us a very interesting future model of what could be, but it was a proprietary made in Japan, a solution only useful in Japan.

    Now we're getting to a standard global methodology for doing more or less the same thing, and it takes time to get those standards developed, which is what we did in the GSMA, and now it's coming out in all the mobile phones.

    Even though it seems as if we're behind because you've seen it in Japan, there was no problem in this country that needed solving with contactless, as it did in Japan. Now that we have globally accepted contactless platforms and phones coming with the required technology, now is the time for it to come to fruition. We have all the pieces in place to truly lead the world in a global standard world.

    I would agree with that, and it depends on how you define mobile. For quite some time you've been able to use your BlackBerry or mobile device to do online purchases. It's no different from a personal computer at home. I've often bought stuff online from airports. That component has been in place for quite some time.

    The NFC, near field communication, which is what David is alluding to as the next phase that's going to be rolling into Canada, needs a bedrock of acceptance of contactless. That's where MasterCard was the pioneer in rolling out contactless in Canada with PayPass. We now have an acceptance base where you're hitting all the merchants who are fit-for-purpose, where they're queue-sensitive, high-volume, and they have long lineups; that's really the fit-for-purpose area for contactless.

    With an acceptance footprint that's really solid in Canada--and I'm not sure if you're aware, but Canada is, quite frankly, the leader in contactless globally--now the time is ripe to take NFC and then use that acceptance footprint to move mobile payments into the future.

    I would add from the CPA's perspective that we looked globally at what the developments have been in other countries. Some countries had a particular need that the mobile could address. I don't have to look any further than South Africa. They were underserved by banks, by bank branches. They needed to get access to payments out into the community, and mobile served that purpose.

    We similarly don't have that same type of pressing need in this country. We are generally very well served by the financial markets or by financial services and from our payments industry.

    I would add that I absolutely agree with the points made thus far. The only addition I'd make is that I wouldn't take the notion that we are behind, that the solutions that have been developed and deployed around the world are typically one-off solutions, not globally interoperable.

    Even the current state of global interoperability still has some work to do before we can be absolutely certain that a phone with a contactless card on it now is going to be accepted with the same service level quality that Canadians would expect when it's used in Malaysia or even the United States.

    We've been testing the stuff for a number of years. Visa and Rogers together with one of our key clients, RBC, did a pilot a couple of years back whereby we were able to test for consumer response to the technology, what it would mean to provision card credentials onto a phone, security and such. It takes some time to get from those tests and working through those issues to something that can be produced on a production scale.

    I echo the comment that we're absolutely at a tipping point for making this stuff happen, which is exciting.

    You have 90 seconds.

    Great.

    Well, Mr. Thibeault knows what the PS3 is, but I want to know if he remembers Pac-Man.

    Voices: Oh, oh!

    Mr. Peter Braid: I'm getting a blank stare.

    A voice: What about Donkey Kong?

    Thank you very much, Mr. Braid.

    When Pac-Man was around, they were actually putting my card through like that.

    Madame LeBlanc, for five minutes.

    Thank you, Mr. Chair.

    Thank you to the witnesses for being here. I would like to put a question to Mr. Robinson as well as to the other participants.

    My question relates both to consumers and to small and medium-size businesses. We keep adding middlemen. There are institutions issuing credit cards, and there are middlemen processing payments for small businesses. That is another set of intermediaries which I was not aware of. And then, in the future, there will be the cellphone companies.

    As far as I am concerned, this can only increase the costs not only of consumers but also of small businesses. As e-commerce or mobile commerce expands, there will be more and more transactions and I wonder if that will lead to a reduction of costs or, on the contrary, to an increase.

    I've actually been waiting for that question, so thank you for asking it.

    My belief is that from a mobile perspective, we are just carrying the card. We're creating a different vessel into which you will place a MasterCard, Visa, American Express, or Interac card, but we're open to any type of card. It doesn't have to be a payment card any more. But there are merchants out there who love their store cards. They want to see gift cards that they've sold. They want to be able to distribute gift cards. You can do that all virtually, and therefore you can accept them very easily.

    So although we had to build this whole system around the rigour of globally accepted payment networks—Visa, MasterCard, American Express, etc.—once it's in place with all those security layers, you can put other things on it that I think consumers will want to carry, because it's going to be so easy. They will be able to have mobile wallets that reflect their personality and where they shop.

     I shop at Home Depot. I should carry a Home Depot card. I don't, because I just refuse to make my wallet any bigger. But if I had 50 store cards, or a whole series of gift cards in my mobile phone, it doesn't get any bigger; it's just memory. That's great for the consumer, but when the merchants see those cards, they're going to want to accept them.

    Initially there will probably be no change, but as the ability to carry, the willingness to carry, and the ability to accept expand, as merchants and consumers embrace this new technology, I think overall fees will lower. All these alternative payment types in the mobile phone will be accepted by the merchants.

    All right.

    I hesitated to ask you a question because I feared mispronouncing your name.

    “Doug” is good.

    Voices: Oh, oh!

    Thank you.

    You said that they are some barriers to Canada becoming a digital economy. Some of them were mentioned during your presentations. Could you tell us a bit more about those barriers that prevent Canada from becoming a digital economy?

    It's not a simple one; it's a very complex challenge, particularly among the small to medium-sized businesses. Many of them are only now becoming really automated with their accounts receivable and their accounts payable processes. Until this time they've relied on cheques to give themselves all of the remittance data they need to do all of their accounting.

    As you move forward, not only do the corporates and small businesses have to adopt the technology, they have to adopt the software applications. Those applications need to be universal or interoperable with the standards on the payment side. So when they receive the data, whether they're receiving it to an Intuit application, or an SAP platform, or whatever the platform, they have to be able to integrate to all of that.

    So there are costs, not only from a financial institution and the industry to develop the standard, but the users and the corporates to be able to take that data, incorporate that within their systems, and invest into that digital economy. So it's not just one person's problem; it's really the industry's problem.

    Thank you, Mr. Kreviazuk.

    Thank you very much, Mrs. LeBlanc.

    For our researchers, what does the acronym SAP mean?

    You've got me.

    It's a major provider of a software application used for financial services.

    Now we will go on to Mr. Richardson, for five minutes.

    Thank you.

    I think one of the major concerns or preoccupations of government in this regard is security of consumers, safety in the marketplace, consumer protection generally. But as we've been hearing on this committee...and I should say, incidentally, that these presentations were superb. You guys know what you're talking about.

    It's a more and more complicated field. It's moving so quickly that I sometimes wonder if governments can really keep up in that role without entering unintended consequences, problems, or concerns to a greater extent than any problems they might be solving in terms of protecting consumers.

    I'm hopeful that we're going to see that competition is such in the marketplace that...and your concern, of the same kind of trust. We've heard some of the examples today of where people have made mistakes, and there have been hacks and other problems in security.

    Is it sufficient, in your mind...? I'd just like to ask this question generally. I mean, you can't afford not to have the ultimate trust of consumers or you're going down. There's enough competition there that consumers are going to go someplace else if they feel they're being defrauded or ripped off or whatever.

    Is that not the case?

    I would say that is the case, which is why—you'll hear this from the retailer side sometimes—the payments industry got together, in a rare event where all the competitors got together, and created the PCI, or payment card industry, standards. PCI standards are standards for retailers.

    Now that the online marketplace is burgeoning, they were storing lots of card data on websites that could be hacked. We're all aware of data breaches. We're aware of Winners, PS3, and that type of thing. It's incumbent on us as an industry to make sure we put out standards to safeguard the consumers' data and their privacy.

    That is where the PCI standards came from. It's a global initiative and it's rolled out—I'm sure it's through your network as well—where it's embedded in our rules, and merchants must comply with this so they can safeguard their end of the financial transaction and ensure they're not storing data they shouldn't be that puts consumers in harm's way.

    Quite frankly, it's the banks that issue the cards that ultimately hold the risk, because they do protect the consumer with zero liability.

    I would add that building a payments network is an extraordinarily complex thing. You start with the principles: security, convenience, reliability, and international interoperability—making sure that your payment product is going to work anywhere that Visa is accepted—and try to make all of those things work among the significantly changing buying and selling environments as we move to consumers' buying stuff on Facebook, buying stuff through a tablet computer, or buying things through a smart phone at the airport.

    All of those things require a huge amount of thoughtful.... In our world, I will use the word “regulation”. I don't mean a regulation of the government sort but the management that's involved in building a network.

    I think the challenges of adding another layer of regulation on top of that can be that it then puts government in a place where it has to be on top of everything that's changing in the environment in order to accommodate new ways of doing business or there could be a risk that Canada falls behind from a competitiveness standpoint. We've seen some examples of that.

    Visa fundamentally believes that the voluntary code of conduct is a good step forward in terms of managing the payments marketplace and some of the very legitimate concerns that have been raised on increasing transparency and increasing disclosure. So we think it is a very positive step. The fact that it is a voluntary code leaves a lot more flexibility with regard to the industry's being able to interact to address stakeholders' concerns. Visa supports continuing to allow it to work and move forward.

    In addition, the task force that's looking at the payments system review right now is driven by a set of principles, and one of those is light regulation. The CPA has advocated not only light regulation but more principle-based regulation. Technology is moving so quickly that regulation has a difficult time keeping up, and setting it out more as principles allows the industry to innovate faster and bring product speed to market.

    Thank you.

    Thank you very much.

    Mr. Blanchette, you have five minutes.

    Thank you, Mr. Chair.

    My first question is for Mr. Kreviazuk.

    You used a word that is central to our discussion, I believe, when you said that a new payment ecosystem has to be established. Some of the witnesses-- and I thank you all for being here, by the way--have referred to digital wallets. It seems that we have been trying to create digital wallets for several years.

    Do you not believe that there could be a more centralised way to manage digital wallets? Instead of simply giving that to various retailers, various people, various groups, we could do as was done with cheques, with a clearinghouse that did not belong to anyone but still did what had to be done? What do you think of that idea?

    The marketplace in which we work today is very complex. The CPA, for example, back in the early days, worked strictly with the financial institutions, and we found that was no longer a strategy for success. We need to embrace all of the various players within the industry.

    If you look at the payment value chain from the acquirers to the originators to the card issuers to the processors to the scheme operators, there are so many people involved in processing a payment today, and if you want to do it safely and efficiently, you need to involve all the parties around the table.

    Do you need somebody to facilitate and to broker that? It does help. Leadership in this industry is absolutely paramount. I think Don spoke earlier about what they did with PCI compliance, and how the industry came together. That needs to happen on an ongoing basis for a number of things.

    Is there one agency that can do it all? I don't know. I know the task force is looking at that, and the chair of the task force is looking at new “ecosystem”, as I term it, for the payment system, which largely involves all of the players as a self-governing organization as well as infrastructure and an oversight body.

    Thank you very much.

    I have another concern with SMEs. At this time, it is difficult for an SME to create a website. It is even more difficult to set up an online catalog. When talking of electronic payments, we are very advanced already.

    This question is for you again, Mr. Kreviazuk, but the other witnesses are also welcome to answer. How could you help small businesses to make the transition to the digital economy? I am asking this because there is currently a serious problem. Our economy now includes two separate parts: those who follow the digital trend and those who are unable to do so. I believe this is a major issue for small and medium-sized companies.

    Thank you very much for your question.

    There are a number of challenges for merchants for small businesses when they want to sell online. Certainly the scale that is present in the United States--simply because their economy is ten times bigger than ours--has enabled a very complex set of support partners to open up, allowing business to be facilitated online. I would say that probably the Canadian infrastructure--or the Canadian ecosystem, to use Doug's word--has been a little bit behind in developing the same level of players. There are players that provide shopping-cart solutions. There are players that provide encryption solutions. There are players that provide card data storage solutions and various gateways. I don't mean to get into the realm of the complex, but setting up the ability to do business online is a complex thing, and it's only getting to be more so.

    We're starting to see that network of suppliers evolve. Several years ago we sponsored a book called How to Sell Online, which was a tool designed to help merchants sell online. Unfortunately a paper book is going to be outdated almost as soon as it's published, so we've now replaced that with a system of working together with a variety of the players in the system to make sure that the services continue to be robust.

    It's challenging, but I think players like Visa and others, including those at this table, can play a really valuable role in helping to facilitate merchants' ability to sell online.

    Thank you very much, Mr. Bradley and Monsieur Blanchette.

    Now we go on to Mr. Braid for five minutes.

    Thank you, Mr. Chair.

    I have another universal question I'd like to pose to everybody for a reply: how has each of your respective companies helped with and promoted both financial as well as digital literacy?

    On behalf of MasterCard, I can't say I'm intimately aware. I know we've done work with the government on literacy campaigns. I'm not really versed in those programs, but I know we have done a lot of literacy campaigns with the government.

    I wish I could tell you more, but it's just out of my sphere.

    I can speak a little for Visa. Financial literacy is a key platform for us. The ability to be able to continue to help people manage their payment choices responsibly and manage credit responsibly is critical.

    We've had a program for many years called Choices and Decisions, which is a curriculum that we work through the schools in Ontario and in other provinces as well. We're certainly a big supporter of the minister's efforts to continue to make it a higher-profile issue and ensure it's embedded in the curriculum, and that Canadians, as they're starting out, get the very best education they can on their own personal debt management.

    The CPA, being in the back of the payment stream, doesn't have linkages directly to consumers. Over the past two years we've made it a priority to reach out and establish relationships with each of the major consumer groups across Canada, so much so that we formed our own council of the five major consumer groups in order to supplement our stakeholder advisory council. We meet throughout the year in order to brief them on developments within the industry, changes to policy, and changes to rules in order to engage them in this discussion and policy debate.

    Also, we've made our resources available to them. If there are questions or FAQs that we could make available to them so that they can reach out to the various consumers...that would be helpful. So we do that on an ongoing basis.

    As a communications services provider, we help out all of our customers when they call, to try to understand how they use our goods as we move to a mobile wallet. That becomes another service that we will support, and we will help them understand how it works and how to use it properly.

    Okay.

    I have a question for Rogers as well. One of the current concerns with family cellphone plans is that you could have a teenager who, for example, gets an unexpectedly high bill because of downloading, ring tones, exceeding their text messaging, or whatever. What sort of controls or safety measures will be in place, once the new mobile wallet is in place, to deal with that sort of issue?

    I'll start with what we currently do with cellphones, and then David can talk about the mobile wallet.

    We have a mobile tracker that people can have either on their computer or on their smart phone, and it will show them how many voice minutes they've used, how many SMS texts they've used, and how much data they've used, so they can monitor their plan and make sure they're not going over.

     In addition, we send SMS messages out when you're at 75% of your data plan and when you're at 100%. Similarly, on the wire line Internet, we also send messages out at 75% and at 100%.

    We're now doing that for data roaming as well. When you're out of the country, you will get a message telling you how much you've used, and if you use more than $50 worth, we don't let you do any more data roaming until you've bought a plan.

    We're very conscious of those concerns, and we've built in a lot of systems to let people know easily how much they're using, and if they're going to go over their limit.

    In the case where we're carrying banks' payment cards on our phones, all that billing information goes onto the credit card bill issued by the bank. Now, to the extent that we can assist and put in transaction alerts through the mobile phone, the smart phone can facilitate that with products offered by the payment networks that will provide visibility into where you stand on your card balance at any point in time.

    In the area that I talk about, I'm not talking about putting charges on the cellphone bill. That's kind of a different area of work.

    Thank you, Mr. Robinson and Mr. Braid.

    That's all the time for that round of questioning. Now we're moving on to our third round. It, again, is five minutes.

    First up for this third round is Mr. Lake, for five minutes.

    Thank you, Mr. Chair.

    I just want to clarify some things from the presentation by Rogers. It's pretty complicated subject matter, I think, for people to get their heads around so that they understand how this would work practically, beyond the theoretical.

    I see that you say that when you start seeing Visa or MasterCard logos on mobile devices, that logo means something. I envision that....

    My BlackBerry has a Rogers logo on it right now, actually--thankfully, I guess, since you're here in front of us.

    Voices: Oh, oh!

    Mr. Mike Lake: But could I have, for instance, a MasterCard BlackBerry as well? Is that...?

    Let me clarify what I meant by that.

    When you pull out your virtual MasterCard and present that MasterCard for the payment, if it says MasterCard on it, that means MasterCard has looked at this entire system: from the time you ask for that card to be distributed to your phone to how it gets there to how it is presented. Every piece of it has passed their certification requirements in order for us to be able to provide that logo.

    That's what I meant when I said it means something.

    So it would be an app more than anything.

    Yes. It wouldn't be physically printed--

    I don't have to buy a specific MasterCard phone or a Visa phone; I actually can buy a Rogers phone and put a MasterCard or Visa app on it, as I want to.

    It's a good idea, but no.

    I just wanted to make sure.

    They would probably charge us real estate.

    Voices: Oh, oh!

    Yes; we'll wind up having more hearings, if that's the case, I'm pretty sure.

    I want to talk about the SIM card. Just for clarity, the SIM card is the little card inside here that stores information.

    When I went down to States this summer, it was kind of complicated. I actually had to take out the SIM card I have in my iPad and get a new one so that I wasn't paying exorbitant rates down in the States. That concerns me, from a practical standpoint, because when I travel, I can use my MasterCard or my Visa, as the case may be, wherever I am. If it's attached to my SIM card, and I pay all sorts of roaming rates and everything else, that doesn't seem quite as practical. Am I going to be charged higher rates? If I swap out my SIM card so that I can travel down to the States, do I now all of a sudden not have my credit card information on there any more?

    You wouldn't if you switched it. That's a very specific issue with iPads, particularly, which was presented to us by Apple as a requirement for putting that system in place. That's not typical of the way smart phones work. Typically you don't remove your SIM and replace it. It's an iPad-specific problem.

    But I might have my BlackBerry turned off or have it on airplane mode or something so that I don't incur the massive roaming charges. We could talk about that at a different time, maybe. I would think that would be a problem you might want to resolve to give confidence with respect to international use.

    I want to make it very clear. Once the card is sent to the phone, which is done over the network, over the wireless network, there's no network connectivity required from that point forward. When you open your virtual wallet on your phone and choose your Visa or MasterCard, it is presented from the physical phone to the payment terminal over that interface. It never touches the cellular radio network in any country. It's only when it is sent to the card that it uses our wireless mobile network. After that, it's communication directly between this phone and the radio payment terminal.

    It is not using 3G or....

    No. You can turn it off and it will still work.

    Okay. So this won't be an excuse for you to negotiate better rates so that we can have cheaper roaming charges as we travel around the world.

    I would say, Mr. Lake, that we are obviously conscious that we want people to use their devices when they're roaming. We at Rogers have introduced a number of travel packs. When you land in the States now, you get a text message telling you about those travel packs and telling you about the reduced rates.

    So we are working on it, and I believe you'll see that some of our new packages are cheaper.

    Whatever you do, though, don't receive an e-mail with a picture attachment, because it might cost you a lot of money. It might be pretty expensive touching base with home.

    I think our rates will accommodate pictures. You probably don't want to download a lot of video when you're overseas.

    I know it's going in a better direction, but point made.

    I don't know how much time I have, Mr. Chair.

    You have 20 seconds.

    I won't even bother asking a question in 20 seconds. I'll maybe come back in the next round of questioning.

    Thank you very much.

    Mr. Thibeault, you have five minutes.

    Thank you, Mr. Chair.

    I'm going to ask a couple of questions, and then I'm going to hand it over to my colleague.

    Mr. Robinson, in your opening remarks, it was very impressive in terms of the technology that's moving forward, especially the stuff that's coming from telecom. I think we all have to tip our hat at the innovation that's coming forward, with swiping and all of the stuff that's going on with telecom.

    But as an individual who lives in northern Ontario and who drives from Ottawa to Sudbury, I hit Deep River and I hope I don't run out of gas or have a problem between Deep River and Mattawa, because there's absolutely no cell service. It doesn't matter which network you're with. Many times I'm on the hood of my car, holding up my cell, hoping to connect with my wife.

    What are the plans in terms of making sure those who live in northern or rural communities will have access to the same type of services as those in the big cities?

    Now, Sudbury is fantastic. I can't complain about the service in Sudbury. But if you go 20 minutes outside of the city, you're doing dial-up.

    We know that wireless is the way that folks are going. We heard from some of the satellite providers that 15% in rural and northern communities don't have access. From CWTA, we heard 1%.

    What are the plans to ensure that those who live in rural and northern communities are part of this new wave?

    It is something we've devoted a lot of energy to. We've recently completed a fairly massive build in conjunction with Manitoba Tel so that we now have really terrific coverage with our HSP network in a lot of the rural areas of Manitoba.

    We've done a similar project with Thunder Bay Tel to cover a large part of northern Ontario.

    As your question points out, there are other holes that need to be filled, and we are working on those.

    In our comments to the government with respect to the 700 megahertz spectrum that is coming up for auction, we did suggest to the government that this is an ideal opportunity to promote rural coverage, because that 700 spectrum is low down. Just the same way that AM radio goes farther than FM, that lower spectrum is ideal for rural areas because the waves travel farther. You don't need a tower every two miles; you need one every six miles.

    So we've suggested to the government in our written comments on the 700 auction that they should use that spectrum auction as an opportunity to promote rural coverage and to mandate rural coverage as a condition of licence for those who buy that spectrum.

    I should add to that. If you have mobile coverage, now you can provide mobile payment, or at least you can get those cards to the phone, so that's great.

    One of the things we're doing through EnStream is trying to make it easy for smaller merchants, who may be in more rural communities, to be able to participate. If you're a big bank, you've got big infrastructure and you can plug into the carriers individually. But if you're a small issuer in a rural market, we wanted to make sure that those issuers would also be able to send credentials.

    Related to that, small merchants who may live in these small communities want to be able to accept these payments. They also have to have devices that accept them.

    One of the things that you will see, which is something that I spoke about, is that as well as being something that can carry a card, it can also be something that accepts a card. There are applications out there. You've heard of Square in the United States. There's a bunch of add-on features, little things you can plug into iPhones and BlackBerrys, to take a card.

     Similarly, when we have these payment-ready phones in our hands--like this one--you'll be able to have a merchant account on a mobile phone and be approached by a consumer who has a card on a mobile phone. If you tap the two phones together, you take a payment. So now you don't have to have physical infrastructure, a payment terminal, or a big bill from an acquirer. You can have a pay-per-use type of transaction service, which is what Square has done in the U.S. and pointed out that there's an opportunity to serve that.

    You have 30 seconds left.

    I would like to submit an idea to you. We have referred to consumers and SMEs but, as far as the government and the various departments are concerned, such as the revenue agency or the department responsible for supplies, what proportion are already making or receiving payments online?

    I think you said that many are still using cheques. So, how could this major organization--the government-- improve its methods in order to encourage Canadians to make use of online payment systems?

     We're over time. Please answer that briefly.

    I would say there is lots of opportunity for government leadership in the area. I'm really glad you asked the question. It is a fantastic role for government to play. Markets in countries such as Finland and Norway continue to squeeze paper payments out of the system and move more to digital, and government has played a lead role in doing that.

    One small example is the government purchasing card program. Typically a Visa or MasterCard product is used to acquire many of the things that are bought, and this in turn significantly reduces the cost of making those purchases. The Canadian programs are significantly less utilized than the American equivalent. We would be happy to take it offline and work with you to address that.

    Thanks, Mr. Bradley.

    Mr. Lake.

    I'm going to come back to Mr. Engelhart and Mr. Robinson.

    This EnStream, the joint venture between Bell, Rogers, and Telus, sounds like a great idea. Everybody seems to be on the same page. What efforts have been made to include the smaller, newer entrants?

    We've made it open. We announced this new role for EnStream only about three or four weeks ago. We are starting to be approached by the smaller service providers. They're asking what it is they have to do.

    We recognize that if you're an issuer, if you're the Royal Bank, say, and you want your card on phones, you don't just want them on Rogers phones or Bell phones or Telus phones. You want them on every phone, because your customers carry whatever they carry.

    So it will be open to the new entrants, the smaller carriers as well.

    So there's a discussion happening right now on that front?

    Yes. I have meetings booked already.

    I won't ask you what the negotiations look like or how hard it's going to be. I'll leave that discussion up to you guys.

     Mr. Robinson, you're the VP for emerging business. I'm going to take the opportunity to get into a dream scenario. You're focused on mobile payments and things like that. That's the main topic today, but what other opportunities are there? What can we expect?

    I had the opportunity to visit the wireless showcase—I can't remember what it was called—a few weeks back, and I saw some pretty amazing things there. Where are we going in the digital world right now?

    That's a big question.

    One of the areas someone mentioned is government. I participated in the payment task force, including the digital ID. There's an area that is fascinating and very interesting. There were some questions and worries about security and privacy. A mobile phone where you can carry your digital ID allows you to do all sorts of things. It allows you to have higher degrees of privacy.

    Today it is perfectly normal to go to a liquor store and, to prove your age, hand over a card that has your address on it, a photo of you, the type of driver's licence you have, your height—information that is irrelevant to what a liquor control board of a particular province needs. So you can now manage the degree of information that is passed, rather than handing over a generic card. There are also enormous cost savings in providing remote services to government agencies, for example.

     The cost of health care is a massive problem in this country, provincially, right? Health professionals would like to be able to support users of the system remotely, but you have to be able to validate that the person on the computer is the person in question. If we can hold government ID in a phone securely, and you're online getting the results of your brain scan, the government agency will be able to know that the person on the other side of the phone who presented the government-issued health card from, say, the province of B.C., is actually that person and now can provide that brain scan result back to the user without worrying that it's being given to the wrong person. You can't put that back in the box—there's no zero liability for, oops, giving a brain scan result to the wrong person.

    The task force, the digital ID group, is basically saying they like the distribution model being created for global payment methods. They'll adopt it and embrace it, because it's good enough for global payments, and it's good for regional government providers.

    I could go on, given what I do, but....

    I think John had one more question. I'm just going to throw the ball to him.

    Just for clarity, my colleague asked Mr. Lebeuf, I think, about the wave...?

    RFID.

    Right, RFID, the wave on these cards.

    There was a national media story not long ago about how easily these cards are scanned. From a personal security perspective, am I to understand that all they're getting is a number, that the card is totally secure, there's no data transfer, and that as a consumer you have nothing to worry about?

    That's correct. We're aware of this firm that sells things that “protect” the cards, and they go around to media outlets and show how they can scan some pieces of information off the card. There is some consumer fear over that.

    But from an industry perspective, what we're telling the media and anybody, quite frankly, who will listen, is that the information cannot be used. It's not putting the cardholder's personal information or data in jeopardy, and it cannot be used to complete a transaction.

    Does Visa concur?

    Yes, I absolutely concur, and I--

    Actually, we're out of time on that one. Thank you.

    Now on to Mr. Regan for five minutes.

    Thank you, Mr. Chairman.

    Mr. Lebeuf, you talked earlier about the situation with merchants having the kind of information that Mr. Carmichael was talking about. What about the situation where you have an unscrupulous merchant--let's a crime organization? Isn't there a concern that they would have access to information you wouldn't want them to have access to, or am I wrong?

    Well, I guess it's not beyond the realm of possibility, but merchants are vetted by acquiring financial institutions who bring them on board, and certainly online merchants represent a higher risk because we're talking about future delivery. The acquirers put these merchants through an on-board vetting period where they take a look at the business model, the rigour of the merchant, and at the principles involved before they sign them up.

    Quite frankly, they are assuming some risk. If you are a retailer and I sign you up, and you process $100,000 worth of transactions, you never deliver any of those goods, and you disappear, I'm on the hook for that, as the acquirer.

    There is a lot of work in that regard as far as the acquirers go. We have a number of compliance programs that monitor merchants as far as chargebacks, whether or not they're selling illegal goods. We work closely with law enforcement globally, ensuring we don't have merchants doing, among other things, child pornography. Selling illegal goods is something we monitor as well. We'll contact the acquirer and deal with the merchant and, if needed, terminate them from the system if they're violating our rules.

    Thank you.

    Mr. Robinson, you talked earlier about the difficulty with locating towers these days, so let me ask where I can find information on towers you have. In other words, can I find out the wattage of an individual tower? Can I find out what frequencies it's using?

    I've had concerns from constituents about that, and it's very difficult to get the information they're asking for. Actually, it's been impossible in my experience, but perhaps I haven't looked in the right places.

    Industry Canada maintains a database where all the radio antennas are registered. For people who know how to use that database, it's all there. There are also a surprising number of hobbyists who have websites that show all the Rogers towers, sometimes complete with photographs, and they're online too.

    This actually occurred a few years ago, as a matter of fact, so I'll have to recheck to see if we can find that out now. I don't think it was one of your towers, you'll be glad to hear. I happened to knock on the gentleman's door in the spring and I heard about it again, so I was certainly reminded of this and the fact that we weren't able to find out the power, I guess, of this particular tower. It won't surprise you to hear that he lives across from a church that has a tower.

    But let me go on to Mr. Bradley and Mr. Lebeuf about the barriers we discussed earlier, the fact that Interac has a monopoly in our debit system in Canada, that the regulations prevent the credit and debit card from being the same thing...although we're talking about accounts here, as opposed to cards, right?

    In your opinion, why haven't these barriers been removed already?

    If I could just clarify, I wouldn't characterize Interac as having a monopoly on the debit market in Canada. In fact, as I described earlier, we've launched a debit card with CIBC. That debit card works at Interac, at the point of sale, and then, when it's used to shop online or over the phone or internationally, that piece of functionality that you can expect from Visa works as a debit transaction running on Visa. So the two coexist well.

    I think what Don was referring to was that because of Interac's dominance at the point of sale and its acceptance with merchants, it becomes extraordinarily challenging, to the point of being effectively impossible, to launch a stand-alone Visa debit card—I won't speak for MasterCard—that would feature the acceptance that Interac has.

    In fact, the co-badged structure is one that's very common and it exists in just about every market around the world. When Mr. Lebeuf was describing the problem, it's that the code of conduct actually prohibits competitive co-badging on the cards.

    So why, in your opinion, hasn't this been resolved before now?

    The code of conduct is still in early days. It has been 12 months. As I said in my initial remarks, it has brought a lot of very positive aspects to the market. It has made a lot of great contributions in terms of transparency and disclosure. It was always contemplated to be an evolving document—a point in time. We'll be working with all of the key stakeholders to continue to allow it to evolve to embrace the very best level of services for Canadian consumers, merchants, and the economy.

    Thank you very much, Mr. Bradley and Mr. Regan.

    If the committee will indulge me, I have two questions to clear up some things I heard today that would be good for us to have more specificity on.

    It was mentioned that in other countries the debit and credit cards coexist. In the other counties, is there zero liability for the consumer, as there is zero liability here for credit?

    Credit and debit typically don't co-reside on the same card. I was referring to two debit networks residing on the same card, which is what co-badging refers to in Canada. Speaking for MasterCard globally, zero liability is offered to MasterCard holders, to my knowledge, in all 210 countries in which we operate.

    Is that whether it's debit or credit?

    It's for MasterCard debit and MasterCard credit.

     Is that consistent with Visa?

    It is. There are circumstances around the world where debit and credit do coexist on a card, so the consumer can choose at the point of sale if they want credit or debit. Brazil is one example I'm aware of. We think prohibiting that within the code would prohibit an option that some consumers would really opt for.

    Lastly, you were talking about standards for retailers online as far as storage of credit card information, specifically for repurchasing. Is it the way they store it now, or are they not allowed to do that at all any more?

    It's a matter of what data they should and shouldn't be storing after a transaction. Once a transaction happens there are certain pieces of data that the merchant no longer needs and shouldn't store going forward. That's embedded in the standards.

    There are also requirements to have their website scanned by independent third parties to ensure there's no breaching or ability to breach their websites. It's also the physical security of their premises to ensure they are not storing card data they really don't need to store that has been provided to the acquirers, the merchants.

    Most recently MasterCard has worked with the CFIB on a document to make it simpler for small businesses to understand the needs and requirements of PCI. Certainly major retailers have very large IT departments that can handle this stuff. We have to make it simpler and easier to understand for small business. We've been working with CFIB on that.

    Effectively, for a merchant who has a website and a loyal customer who wants to repurchase all the time, this does not limit him from storing information to repurchase all the time. It's simply to be compliant with the PCI standards in how they store it so it's safe.

    They can't store all of the card information to complete another transaction. That would violate the PCI code. They cannot store data that could be replicated by someone who hacked in to create a counterfeit card. You can keep some information for record-keeping and tax purposes and charge-back adjudication. You don't need all of the data that goes with the transaction, so they shouldn't be keeping anything that can be used to counterfeit a card.

    It effectively limits automatic repurchases.

    It does.

    Thank you very much.

    Thank you to the witnesses for the time you've invested here. I know the committee is grateful.

    We're adjourned.