FINA Committee Meeting
Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
For an advanced search, use Publication Search tool.
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
Standing Committee on Finance
|
l |
|
l |
|
EVIDENCE
Tuesday, March 4, 2014
[Recorded by Electronic Apparatus]
[English]
I call this meeting to order. This is meeting 22 of the Standing Committee on Finance.
I want to welcome all of our guests who have joined us here this afternoon. Thank you so much for being with us.
Our orders of the day, pursuant to Standing Order 108(2), are for our continuing study of emerging digital payments systems.
We have five witnesses here this afternoon. First of all, from BlackBerry, we have the senior director, product management, mobile payments, Mr. Frank Maduri; from the Canadian Payments Association we have the president and CEO, Mr. Gerry Gaetz; from the Canadian Wireless Telecommunications Association we have the director of regulatory affairs, Mr. Kurt Eby; from Flow Inc. we have the CEO, Ms. Amy ter Haar; and from Interac Association we have the head of external affairs, enterprise strategy, Ms. Caroline Hubberstey.
Welcome to the committee, and thank you so much for being with us. You will each have five minutes for an opening statement, and then we will have questions from members.
We'll start with Mr. Maduri, please.
First off, thank you for having us and inviting BlackBerry. This is a topic that's very important to our company. It leverages some of our strengths that we've forgotten about over the past few years—namely, security and management of mobile devices. We're taking that expertise and we're leveraging that in mobile payments.
I won't go through everything now, but we're deeply involved in mobile payments in Canada and abroad. We're actually taking a lot of the products and services that we're deploying beyond BlackBerry devices. Currently, as an example, in the Canadian market, we run and operate the EnStream platform. I think they spoke at one of your previous sessions. Those services, in terms of managing the security and deployment of a credit card on a device, we actually operate. It is not limited just to BlackBerrys but to any type of device.
So for BlackBerry this is an important topic. It leverages some of our key strengths, and we're taking the best of those capabilities and deploying them on other types of devices, including Android, iOS, and Windows.
Thank you very much for that opening statement.
We'll now hear from the Canadian Payments Association, please.
Thank you very much.
Good afternoon.
The Canadian Payments Association, as you know, is Canada's main financial market infrastructure. We design and operate Canada's national clearing and settlement systems for payments. While the CPA is a little-known commodity to most Canadians, it plays an essential role in their financial lives and in the day-to-day operations of financial institutions and businesses across the country.
The CPA systems ensure that payments between financial institutions, which represent the aggregation of payments made by Canadians and businesses and governments, are safely and securely completed each and every day. The value transferred across our systems each day is over $170 billion.
We're guided by the public policy objectives of safety, soundness, efficiency, and the interests of users. These objectives are enshrined in the legislation. Financial institutions that are engaged in the business of payments are required to be members of the Canadian Payments Association and they fund our operations. We're overseen by the Bank of Canada because of our importance to the stability of the overall financial system.
We do not operate at the retail end of the payments chain where the emerging digital payment technologies are conceived. Our focus is at the macro level and is concerned with ensuring that the financial claims between financial institutions can be settled efficiently and without risk. That's very important. However, in consultation with members and stakeholders we maintain a robust set of rules and standards that facilitate the deployment of emerging payment products and services, and existing payment products and services.
Obviously the national payment infrastructure needs to be responsive to the changing environment and the needs of users. If you'd permit me I'd like to offer a perspective of some of the trends from our vantage point. Like this committee, the CPA has been taking a hard look at the evolving payments environment. It is changing rapidly, creating both challenges and opportunities for industry, regulators, policy-makers, and of course the end user.
There are a number of emerging and important trends that certainly inform our view of the future and our direction. The emergence of online and mobile payments is a relatively recent phenomenon, although we're all talking about it a lot, and as such it represents a very small share today of overall payment volumes and value at the aggregate level. That said, the growth is there and certainly is expected. Most of consumer spending, as you know, is done using non-cash methods and consumers rely almost completely on electronic payment options at point of sale.
As an active global player, Canada is contributing to the harmonization of international payment standards. This is important because global standards for payment processing and payment messages will over time enhance Canada’s global interoperability and help better meet the needs of Canadian businesses for data to accompany a payment. Increasingly governments and central banks are becoming much more active in the payments ecosystem around the world as they seek to ensure greater levels of efficiency, safety, soundness, and the satisfaction of end-user needs.
Clearly payment methods are increasingly complex and they can create risk exposures for participants and users. Today we see, for example, new non-traditional and unregulated players in the payments space. We see the demands for faster payment processing, faster settlement and funds availability, and new delivery mechanisms, such as the mobile phone. All of these need to be carefully considered.
I'd highlight four interesting challenges for Canada, again from our vantage point: consistent and comprehensive user protection, understanding and managing risks, concerns with security and cyber-risk, and ensuring continued innovation in payments.
The digital revolution is transforming almost all industries and businesses today. These transformations have brought about significant efficiencies and capabilities. However, they introduce new challenges for policy-makers, regulators, and the industry.
As the payments industry undergoes this transformation, there will be an increased reliance on industry collaboration and coordination. By working together, we can ensure that the public policy objectives underpinning the Canadian payments system are respected.
Thank you.
I'm very pleased to be here representing the Canadian Wireless Telecommunications Association.
The CWTA is the authority on wireless issues, developments, and trends in Canada. We represent more than 100 members, including wireless service providers and companies that develop and produce products and services for the industry, including handset and equipment manufacturers, content and application creators, and business-to-business service providers.
Although our members comprise a diverse range of competitors, they all share one common goal: more Canadians and businesses using the wireless network to do more things. First and foremost, we stand for the growth, expansion, and use of Canada’s digital infrastructure to enhance social, commercial, and personal prosperity. Not only do our members respond to the demand for wireless bandwidth, they help generate that demand.
Mobile payments provide a perfect example of this shared goal. The widespread rollout of point-of-sale proximity payments from mobile devices requires collaboration from multiple stakeholders, including mobile operators, device manufacturers, issuers, global payment networks, and secure software providers. Because of our world-leading status in all of these industries, Canada has been identified as one of the most advanced markets in the world for mobile payments.
It is therefore timely of the standing committee to undertake this study of digital payment systems. There is a very real opportunity for Canada to drive the global mobile payments agenda, resulting in job creation and R and D benefits not only from domestic industry development but also from export opportunities. The regulatory climate could play a significant role in determining whether Canada’s first-mover promise in mobile payments is realized.
Wireless technology has spawned a communications revolution. By uniting the two most important enabling technologies of the 21st century so far—mobile communications and broadband Internet—wireless networks and devices have transformed not only the way we communicate but the way we work, inform, navigate, collaborate, and entertain. Canadians have embraced this revolution more than virtually anyone else in the world. In 2013, the average Canadian mobile consumer used more than one gigabyte of mobile data per month. This number is forecast to be nearly eight gigabytes per month by 2018.
To meet this demand, Canada’s wireless carriers have made world-leading investments to provide the fastest and most reliable network technology commercially available in the world. In 2012, the wireless industry invested $2.6 billion in network infrastructure, which ranks Canada third among OECD countries in terms of capital investment per subscriber. It is also predicted that by 2016 almost 80% of the smartphones in Canada will be NFC-enabled devices, increasing the potential base for mobile payments. Canadians’ demand for data over smartphones and the investments by network operators and device manufacturers to meet this demand provide part of the foundation for the widespread adoption of mobile payments in Canada.
Canada’s payments industry and retailers have also deployed the necessary infrastructure to support mobile payments. Approximately 5% of card-accepting merchants in Canada are accepting NFC transactions, more than double the percentage in the U.S., which is only 2%, and 19 of Canada’s 25 largest retailers accept or plan to accept NFC payment functionality.
Indeed, Canada is poised to pioneer the mobile payments industry, providing a unique opportunity to drive the global agenda for an entire sector. The advantages of such first-mover status would be widespread. Canadian consumers and retailers would benefit from the immediate efficiency of mobile payment options, and Canadian developers would have the opportunity to export their knowledge and technology worldwide.
Considering the substantial benefits inherent in Canada’s position as a world leader in mobile payments, there would be significant consequences to unnecessarily suppressing deployment. The CWTA has noted some reticence from stakeholders, largely based on misguided beliefs about the nature of mobile payments, particularly with respect to potential fees and security issues. Neither concern is based on the reality of mobile payments.
As I mentioned, the top priority of all CWTA members is the growth, expansion, and use of Canada’s digital infrastructure. The increased ubiquity and utility of mobile devices is motivating Canada’s wireless service providers to offer mobile payment options. Global experience has demonstrated that attempts by wireless service providers to extract a cut of mobile payment transactions only stall the rollout and delay the overall benefits of mobile payments.
In fact, from a technological standpoint, the NFC payment terminals are unaware if a payment is from a contactless card or an NFC-enabled mobile device, so no additional fee could be assigned to proximity payments made from mobile devices. Similarly, wireless service providers have no record of what payment transactions their subscribers have made from wireless devices.
Proximity payments from mobile devices are also secure. Mobile payment options build on the existing security of contactless cards by requiring the active initiation of the NFC functionality from both the payment terminal and the mobile device. Because the payment is coming from a hand-held computer, issuers can customize security features for each mobile payment option.
The mobile payment ecosystem only truly works when a critical mass of consumers has access to the majority of existing payment options on a wide variety of devices and from most wireless service providers.
Sure thing.
It is in industry's best interests to ensure that this happens. CWTA respectfully submits that the government should ensure that market conditions currently supporting the broad deployment of mobile payments remain in place in Canada.
Thanks.
Thank you, Mr. Chairman, and thank you also for inviting Flow Inc. to the committee.
Flow is a Toronto-based company that develops technology to enable people to purchase with cash online and be rewarded for doing so. Flow is not a bank. It is not a digital wallet. Flow is an independent closed-loop system compatible with Interac. Today, I'll outline how mobile payments can serve as the foundation of a business model in a closed-loop system and how Flow adds value to all constituents of the payment ecosystem.
Flow is unique and different from any other existing or emerging payment system. At Flow we believe that an emerging payment system should move beyond the mobile or digital wallet. Wallet solutions are siloed into two categories as you know: namely, hardware solutions like those provided by the credit card companies and banks; and software or cloud solutions like PayPal and Google. Presently, there are no emerging solutions that bring these sectors together into one cohesive ecosystem. Doing so is part of our goal.
In its recent research report on mobile payments, Morgan Stanley acknowledged the importance of an ecosystem approach. This approach outlines the criteria to successfully accomplish this. These criteria include the following: universal acceptance, reduction of transaction friction, protection of consumers' interests and security, driving sales with targeted marketing, and lowering merchants' cost of acceptance.
Consistent with this approach, Flow uses payments as the foundation of a new business model to achieve these five goals. The Flow system encompasses a whole value chain, but it starts with payments and flows from there. We start with mobile payments sitting at the intersection of both hardware and cloud-based technologies and we move forward from this starting point. Flow begins with a mobile application that enables people to search, shop, purchase, pay, and receive loyalty rewards. This, in turn, then enables a number of other relationships and transactions.
Once you get into the Flow stream, there are a number of other things you can do. The circular stream keeps feeding itself. Along its path it does several things. You get into it by funding it and using it to carry out transactions such as peer-to-peer or retail.
One of the things that it does, in this stream, is to give both merchants and consumers a less expensive and more secure payment alternative, providing not just an additional payment choice for consumers and merchants but also an excellent payment choice. I'm sure that we collectively agree that we need to encourage Canadian choice and Canadian solutions. We need to empower Canadian companies to compete, innovate, and succeed in the global marketplace.
We already know that increasing efficiencies in the payments space are driving costs down. In the next evolutionary phase of emerging payment systems, we need to help merchants and consumers to also benefit from these increased efficiencies. At Flow, we not only provide a method of effecting payments in an efficient manner but also add value for Canadian consumers and merchants. Flow adds value by providing a consolidated loyalty program, and this resonates with Canadians. Indeed, loyalty is a primary motivator, and this is why Canadians have so many disparate loyalty programs.
A solution like Flow gives smaller merchants the tools that larger merchants already have and the ability to present products and services to those consumers looking for them. Flow takes it to the next evolutionary stage. Rather than focusing on how one completes the payment, we need to focus on adding value for the merchant and consumer. It is security, convenience, and loyalty that add value and resonate with buyers and sellers. Existing systems are great, but not a great deal. Flow puts the merchant back into the picture.
Other emerging technologies are aimed at serving FI and consumer needs at the expense of the merchant, but at Flow, we believe we can all engage in and benefit from what we refer to as fair trade.
Good afternoon, Mr. Chair, members of the committee. We certainly thank you for this opportunity.
We've always appreciated and respected the collaboration between Interac and the members of this committee to help advance the needs of merchants and consumers, as well as to ensure that we have a healthy, competitive, and very innovative payments marketplace in Canada.
Interac is Canada's leading payment brand. Our organization operates a low-cost and world-class debit system that is embraced by Canadians. Our brand is chosen an average of 12 million times daily to pay and exchange money. We securely connect people to their money at the ABM, at retailers across Canada and the U.S., and online through web-based services, Interac online for online e-commerce purchases, and Interac e-transfer for person-to-person payments, which has growing business use as a cheque replacement solution, particularly among smaller businesses.
In addition, Interac Flash, the secure, contactless enhancement of Interac Debit, is in widespread use at retailers across Canada, and provides the platform for mobile NFC proximity payments. We are also a leader in the prevention and detection of fraud, and consumers are fully protected for fraudulent transactions with our zero-liability policy.
We are experts in debit products, the products that allow customers to securely access the funds they have in their bank accounts. Canadians love using our products, and getting these payment solutions accessible through mobile channels is a given for us. In fact, last year we successfully completed the first NFC mobile debit transactions in Canada, and among the first globally from a domestic debit network. As you heard in recent testimony from RBC, the RBC wallet, powered by RBC Secure Cloud, is enabled with Interac Flash, so RBC customers can use the RBC wallet to make payments anywhere Interac Flash is accepted.
In addition, our leading Interact e-transfer P2P solution is also widely offered through financial institutions' mobile banking platforms. We are actively working with financial institutions to support their mobile implementations, and ensuring that customers will have the choice to use debit to pay with their mobile device, whether their financial institution chooses NFC SIM-based solution or a cloud-based solution.
Ultimately, we will continue to innovate and go where there is consumer and merchant need and where it makes sense.
Canada has a highly competitive and innovative payments environment, and additional competition is constantly emerging. Curiously, on February 15, in testimony before this committee, one of our competitors claimed that government has sought to limit competition within Canada's debit system, which has resulted in a lack of innovation. I think you can see that this is not the case. We are and will remain an active and innovative player in the arena.
I would also add that financial institutions have always been free to offer different competitive debit products with different features and functionality to their clients. The government's code of conduct for the credit and debit card industry in Canada does nothing to change that fact. Other payment networks are free to sell their domestic point-of-sale value proposition to financial institutions and merchants alike, as companies like American Express and Discover have done to build their respective businesses in Canada. By developing the code of conduct, the government clearly recognized the need for stronger checks and balances to address the obfuscation and other tactics that have potential to create an unhealthy competitive environment. We firmly believe that the code of conduct and underlying public policy objectives should be maintained for all emerging payment technologies, including mobile, and should be considered a foundation for future efforts.
We believe that a successful, open mobile payment solution, one that can manage and present multiple payment applications, and other applications such as loyalty and coupons, must be one where consumers can clearly and transparently choose the secure payment methods they're using and accepting. Payment schemes and application issuers should not dictate these terms. While payment delivery technologies will evolve, this should not alter the right of merchants to make informed and conscious choices about the payment solutions they wish to accept.
In summary, we are focused on bringing innovations to the payments marketplace, and believe that new products and enhancements should derive a tangible value to end users. With this forward-looking focus, it is our view that the regulatory framework should continue to evolve and alleviate competitive inequities where they exist, and allow a smooth path for payments innovation.
Thank you. I look forward to your questions.
Thank you very much for your presentation.
We will begin members' questions with Mr. Thibeault, please. You have five minutes.
Thank you, Mr. Chair.
Thank you, witnesses, for being here today.
I'd like to start off with Ms. Hubberstey. To start, what is the cost of accepting a payment through Interac Flash?
We set the wholesale rate. The wholesale rate for Interac Debit or Interac Flash is currently 0.6362 of a penny. So it's under a penny a transaction. Acquirers then, depending on the contract with the merchant, set the price. On average it's around a five to six cents per transaction flat fee regardless of the ticket price.
So for a $100 purchase that's considerably cheaper than accepting a payment via any type of credit card?
Looking at the credit card costs—you're studying those too—I would say it's one of the lowest cost options, often lower cost than cash.
Excellent, thank you.
So I guess because Interac offers a convenient and cost-effective means for accepting a payment, throughout the study we have heard from merchant groups and others that Interac's mobile payment application, Interac Flash, is not yet available through the apps of all financial institutions, even when they are able to offer mobile credit card payments for all major credit cards. Would you be able to answer how many financial institutions allow Interac Flash to operate in their mobile wallets?
I'll start with card-based Interac. We have three financial institutions who are offering Interac Flash on cards, larger FIs, and we have credit unions as well. So that's the basis on which we've developed the mobile solution.
I will say that we're working with a number of financial institutions to ensure that we can have that Flash functionality enabled on phones. As I mentioned in my opening remarks, we did our first transactions with RBC and McDonald's on a BlackBerry device in March of last year. So it is coming and I would say, stay tuned.
I think it will be much like we've seen with debit when it first came out. This will be an evolution. Whether you'll see it widespread at one time, I think you'll see announcements as we did with Flash itself where RBC and Scotiabank were the two Interac Flash issuers on cards, followed by TD, other credit unions, Sunova Credit Union and others. I think you'll see that same evolution in the mobile area.
In terms of business to business payments, we've been hearing about some concerns and some hope for some action on this. Does Interac offer an online solution for businesses looking to transfer payments?
Interac e-transfer is the P2P solution. That's how it started. It is taking off. It started at Interac about six years ago and I think there were about 40 financial institutions offering it. Today there are over 200. It is near ubiquitous. We're seeing a lot of particularly smaller businesses using it for a P2B, sometimes a B2B solution for transferring funds. We've seen financial institutions really gravitating towards the product where some of them are offering it and extending it out to their business clients. We're seeing a good change there and we continue to look at options to enhance the functionality, particularly for the small business sector.
Much like Interac Debit and Flash we set a wholesale rate and then the financial institutions then price it to their clients. I would say it's incredibly competitive. RBC, for example, has just repriced their packages for Interac e-transfer. Some packages offer free unlimited.
My question is for Mr. Maduri at BlackBerry.
As parliamentarians if we lose our phones we have a great IT department here and they can send what they term a kill pill to our phones to ensure that none of the data gets into the wrong hands. So for a consumer who loses their smartphone, their BlackBerry, that's equipped with a mobile wallet, is there something similar that they can trigger to erase or wipe personal information from their smartphones? If so, is there a cost to this for consumers?
There's no cost to the consumer and there is.... In fact, that's a service that we're launching through EnStream. So for EnStream, which is a joint venture consisting of Bell, Rogers, and Telus, we actually operate that platform. That will allow you to number one, have your card provisioned securely whether it's an Interac debit card or a credit card over the air into any device, not just a BlackBerry, and thereafter manage the entire life cycle including the example you just gave.
So that's an example of us actually taking what we're really good at, managing devices, but managing payment credentials on a device securely. The only thing that's different, but not really if you follow our company lately, is that we've taken that from just being a BlackBerry device to any type of device. It's no different from BBM going to other types of devices and our enterprise server being able to manage any other type of device. So the answer is yes, and Canada is our first deployment.
Thank you, Mr. Thibeault.
EnStream did present, Mr. Maduri, to the committee earlier on the study.
We'll go to Mr. Saxton for your five-minute round please.
Thank you, Chair, and thanks to our witnesses for being here today.
My first question is for Ms. ter Haar at Flow Inc.
I liked what you had to say in your opening statement but I still don't fully understand what Flow Inc. does. Can you give us an example of a transaction to help us understand it?
Yes. I'll also be giving a demo after the official meeting so that you can actually see how it works and what happens.
It really sits at the intersection of mobile payments, a marketplace, and a loyalty and rewards system. If you're looking for a washing machine, you would search “washing machine”—you would just say that—and you would see all the different merchants who have different types of offers presented that are matched with a loyalty reward. You could purchase a washing machine at Lowe's and earn 300 Flow reward dollars, which you could then spend, dollar for dollar, at any other Flow merchant.
You could pay with that application right then and there for the washing machine and have it delivered to your house, or pick it up in-store. You would be notified as to whether the washing machine was ready, or you could even just scan the bar code at the store and make the mobile payment there.
Yes; it's a combination. You can conceive of it as a combination between PayPal, eBay, and Google, all mixed into one.
Voices: Oh, oh!
I look forward to your presentation. Thank you.
This next question is for Blackberry.
We're all familiar with BBM; but BBM money, how will that work?
The way it works is that essentially—we're not involved in the financial transaction directly, so we don't want to get into a regulated industry—we're leveraging that channel as a method to initiate the transfer. Indonesia is where we launched it first. I think last week one of our presidents mentioned that we'll be expanding that globally.
Let's say you're in a conversation with your child at university, you ask how it's going, and they say, “I'm okay, but I ran out of money.” Instead of having to log out, go to your banking application, and send them a message, you could actually do it from the messaging application. The idea is that if you use BBM—and now that it works on iPhone, Android, and Windows, it's not limited—your child could be on an iPhone, you could be on an Android device, and you could be speaking back and forth.
So if your child says, “Hey, Mom, can you send me some money?”, you could click on the menu and see an option. Instead of sending a picture or sending an emoticon, you could actually send money. It would reach into your account—in the case of Indonesia, it's PermataBank—get the amount of funds, enter a pin code, and then send it to your child. They would get a confirmation that they'd received the money, and they could reply back, “Thank you”.
The idea is that we're trying to keep this concept of keeping the flowing going—no pun there—instead of your perhaps saying you'll do something, leaving the conversation, and then, chances are, forgetting to do it. We're trying to do it “in-band”, as we call it, rather than “out of band”.
So we're going to take that concept.... I can't really comment on it, but it's doing well enough that we want to expand it. We're seeing people use that person to person, friend to friend—i.e.,“Let's split the bill”—and also consumer to business. As a small-business person, you might want to pay your bill that way. Or maybe you went to a yoga instructor and they don't accept cheques or cash; you could actually BBM them money.
Yes. In fact we're working with a number of financial institutions that are using email or using Facebook, and now they're going to deploy it on the same service, as an option, on BBM. We could work with Interac and you could do an e-transfer, but instead of email, through BBM.
Okay, got it.
Finally, to the Canadian Wireless Telecommunications Association, more and more people are using their smartphones for financial transactions. What can we do as a government to help ensure the security of these users?
Thank you.
I think in large part the framework is already in place. These devices are really just replicating the contactless functionality of the credit cards. In many ways they're actually more secure than the cards. So in large part, the framework that's already there is strong enough.
From a wireless standpoint, the wireless community has no insight into what's going on. It's just a flow-through kind of relationship.
Yes, and actually in a number of cases reduced risk, because you can require.... Instead of just putting the card near the terminal, the person might have to actually enter in a code on their phone. Similarly, you send the credential remotely to the phone. The card doesn't sit in someone's mailbox for a couple of days, that kind of thing.
Thank you very much, Mr. Chair.
Mr. Maduri, we often hear through the Privacy Commissioner about people consenting to their information being used, and one thing the Privacy Commissioner has said is that we instead have smaller consent forms—like, get to the point of where your information will be disclosed. Often a lot of these consent forms are long-worded, lawyered-up consent forms.
Have you worked with the Privacy Commissioner of Canada to—
I haven't worked with the Privacy Commissioner, but I am familiar with EULAs and user-licensing agreements being too big. Many times it's not necessarily due to us, it may be a third party that has built an app. It may be a bank that's built an application. A loyalty company may be doing it all for a right, and we can't necessarily control what they do. So if they want to offer a service to an end user, it's their EULA to allow the customer to disclose their location. As an example, a customer could say, “I'm close to this restaurant, send me an offer.” It's entirely up to them.
In terms of how we can address it, I'm not sure there's much we can do as a device manufacturer, other than bigger, clearer screens so people can read it. I don't think we can do much more than that.
It's not my area of expertise. I know we've come across it. We've heard complaints regarding third-party applications. It's an area under review. The privacy people at BlackBerry could get back to you, if you're interested.
Thank you.
Caroline, one of the things that I guess is more common, or you tell me if it is, is mobile payment disputes. How many disputes do you see? Do you have any statistics on how often there are mobile payment disputes?
Any dispute would be handled through the financial institution's complaint handling process, and all the financial institutions have pretty robust complaint handling procedures. So if there are any issues, those would be handled through that channel.
No, we're still in the rollout stage in mobile. If you're looking at fraudulent transactions, a couple of years ago the Canadian Code of Practice for Consumer Debit Card Services, which is overseen by the Financial Consumer Agency.... That's a voluntary code, although the financial institutions, and we as a network, subscribe to it. We embedded that into our rule framework so that anybody who's issuing a Interac Debit or Interac Flash would have to subscribe to that code. There are clear specifications on how to handle a dispute if there are fraudulent or disputed transactions.
The Financial Consumer Agency of Canada monitors those, so if it escalates to a certain level—level 2—those are reported to the FCAC for oversight, as well there are ombudsman and third-party dispute resolution processes as part of the FI's complaint handling.
Mr. Eby, in a brief you provided to the committee, you had concerns over unforeseen fees that would be an issue with the mobile payment. Could you elaborate a little on that, on where you see that going in the future?
We didn't have concerns. We had heard that concern from the business community and things like that. There was a lot of belief that when mobiles came and the payments were coming out, that the wireless industry was in it because they wanted to get a cut of the per transaction fee. That is not the case, and that model, I believe, was briefly tried in the United States where wireless companies wanted a piece of the interchange, and it just stalls the rollout. The real benefit is having more people using these options.
As I said, it's just like a dumb-pipe relationship. It's a flow through, especially with the secure element on the SIM, where your credit card information resides on the SIM card inside the phone. You don't even have to be connected to the wireless network to make a payment. It's the same as a contactless card. So the wireless provider doesn't know that the payment came from the phone. It could have come from the same credit card that you would have used. So there's no opportunity to build in a fee. If a financial institution made an agreement with a wireless company to give them a per transaction fee, it would have to be based on some kind of algorithm or prediction on how many payments were from mobile. But it wouldn't be an increased fee for retailers or consumers.
Thank you, Mr. Chairman, and welcome to our witnesses.
This has been probably one of the most interesting and fascinating studies we've done at committee—much more fun than all that budget stuff, which I'm sure we're going to get into.
I'm searching for some clear-cut parameters on how much the government interferes with or regulates the system that's out there now. Mr. Eby, you stated the need to secure software, to continue to drive the mobile payments agenda, and the need for a regulatory process.
We have a payment system that evolved with the technology. It started out—a lot of it—as social technology that then became for handling personal information and even personal banking, and now is moving to business. But it hasn't moved into the business world in a major way yet. How do we manage that? What's your recommendation? I would think there's some danger in stifling innovation. At the same time, should there be a regulatory regime that just has parameters, for example, that you have to have secure software, that you have to protect the consumer's interest, that the consumer has to be cognizant of the banking rules and regulations, or does it go to the other direction? Is it front end or back end?
It's a great question.
I think a lot of the regulations that could cover most of this stuff already exist. We submitted to the mobile addendum proceedings by finance over a year ago. We welcome them and the idea of bringing mobile into the credit and debit card code of conduct, just to make sure it's captured, because you're really just replicating debit and credit cards with mobile phones. The terminology needed to be changed to make sure one was not exempt versus the other. That was a very light-handed way to make sure this is included and to make sure you use technology that captures all types of payment options.
On the other side, in terms of personal information we have good privacy frameworks in place as well. That's already there. We have new anti-spam legislation, in terms of businesses taking this information and reaching back out to people. I don't know that special mobile payments regulation is needed. I think we can just look at how things can be addressed through the existing frameworks.
Would it be fair to say that we already have some great examples in place? The Interac example is one of them, where you have a relatively inexpensive payment system or platform. There shouldn't be an added fee just for having a card present or not.
Mr. Gaetz, you talked in the Mobile Payments Forum. In this forum in 2012, there were some key findings. Again, it was about how government can facilitate an expanding market, and have some regulation that doesn't stifle that expanding market.
How do you see government regulation? Or do you see it as government interference?
Thank you for the question.
As has been mentioned, the frameworks, rules, and standards are largely in place. In the case of the Canadian Payments Association, those are firmly established. They've been modified over time. They've been modified with an eye to newer payment technologies, so they're in place.
I think part of the issue and challenge for governments—and all of us—is that you can't just put something in place and leave it, you have to monitor it in some way. Things are evolving so quickly, and part of it is that we don't know what we don't know. That's one of the big issues, security and cyber-security. So at the Canadian Payments Association, because what we do and need to do every day—20 hours a day, open settlement, open markets—we have to run all the time. We're concerned about things like cyber-security risk. Again, we have frameworks, standards, approaches to mitigate that risk, but we can't just rest on what we have. We have to keep up.
Thank you, Chair.
Thank you, all the witnesses, for being here.
I'd like to start, if I could, please, with Mr. Eby of the Canadian Wireless Telecommunications Association, and in doing so, pick up on something Mr. Keddy and Mr. Andrews asked you about, the issue of fees and regulation.
I'd like to say, sir, that one of the concerns that members of the Canadian Federation of Independent Business and small merchants in my riding of Victoria constantly bring up is a fear that mobile payment systems will result in higher credit card or debit card fees for merchants.
Some people in the mobile payment sector have appeared before this committee and they've indicated that telecommunications companies don't plan—at least at this stage—on adding or increasing fees along the chain of payments because of the mobile payment technology, presumably because of the very strong concerns that have been expressed by the people I mentioned.
As the CWTA, can you briefly confirm that your members have no intention of increasing or adding fees that will result in higher costs for merchants who accept mobile payments?
I could speak broad-based.
It's not that type of idea. Fees, or even making exclusive agreements with certain credit cards being only available on certain phones is not anything that anyone has ever told me they're after. Everybody wants everything available.
I think Caroline said it best, the wireless companies want it set up so if there is a dispute, it goes to the bank, it goes to the credit card company. It doesn't come to them. It's easier to just be out of it.
I think you put it well when you used the expression a “dumb-pipe relationship” just a while ago, which was very poignant.
If that's the case, would you be in favour—building on Mr. Keddy's question again—of some sort of regulation? Do you see it as stifling regulation? Or if that's your position and that's going to be the position, why wouldn't we put it down in regulatory form to give comfort to those merchants that I deal with every day, who certainly have that fear?
Would the telecoms be willing to start that?
That's nothing that we've discussed, so I couldn't answer that question. We typically think where regulation is not necessary, we don't need to put one in place. So that would be my answer now. It's not something we've ever brought up as to whether that would be something we would support or not.
My next question is to Ms. Hubberstey of the Interac organization.
It seems that MasterCard and Interac are competing for business, encouraging consumers to use their product instead of Interac. Many businesses are concerned that the new Visa and MasterCard debit products could eventually transform the debit market in a way that would make it more like a credit card market. That would certainly look like MasterCard debit offering more points or bells and whistles than Interac would, and that product offering would be paid by the growing fees that merchants are charged for using their network, not by the users of the premium cards.
Is it a concern of yours that these Visa and MasterCard debit cards could take that form, and hence lead to higher fees charged to merchants, instead of the lower fees that are typically associated with Interac?
I'll start by saying that we've always advocated for a strong, competitive marketplace, so we're not opposed to competition. Bring it on. We think we have a great value proposition to offer all of the stakeholders: issuers, acquirers, merchants, and consumers.
We understand the pain point of the merchant community, rising costs, in terms of payment acceptance. That's why we work very closely with the merchant community, because we are their low-cost option. That is the importance of having a strong domestic debit network in Canada. We've been talking for a number of years now to committees such as this and to the Department of Finance about things that can be done to ensure that there is a healthy, level, competitive playing field in Canada.
What we do is we're a mitigating force. By having our prices low, we drive prices low.
That's very nice, but if we have these new debit products that are created by MasterCard and Visa, and I get bells and whistles and trips to Spain and all of that, and you're left there in the dust, isn't this going to be a problem?
Well, what the government did with the code of conduct that I mentioned in my opening comments, is it gave merchants some degree of power. One of the few jurisdictions in the world where the honour all cards rule.... You may have heard of that. If you accept a—
What the code says is that if you accept a credit product, you don't have to accept a debit product. So it split that, which gives merchants some power to say no to an acquirer network that comes knocking at the door saying “accept our other debit product”. So that's a power they can exercise.
There are no rules today that prevent an FI from offering a competitive debit product, none whatsoever. What the code did was say that they couldn't use certain tactics to obfuscate choice, to make it unclear. At the end of the day, they're not two competing products for the same transaction type on a card if an issuer decides to issue what is called a co-batch card.
So there are steps the government has taken to help merchants in that regard.
Thank you, Chair.
Thank you to our witnesses for being here.
I'd like to start with Mr. Gaetz. I have just a couple of questions for you. You were talking about the emergence of online and mobile payments being a relatively recent phenomenon. The numbers represent a small share of your payment volumes.
Do you have the ratios of those payment volumes, where they stand today, and what the change has been over the last couple of years that you could share with the committee?
I have sort of top-of-mind volumes that I would have for e-wallet and electronic person-to-person. This is actually 2012, so it's a year back, but it's 0.1% of all of the value of the transactions.
Now this is the Canadian Payments Association picture, which is the big slice of pie, so it's very small. I think the growth number, though, was quite large, and I would be happy to get that for the committee.
If you could provide that to the committee, that would be great.
Then you talk about the security and cyber-risk, that this new threat must be well understood and better managed to protect the integrity of Canada's payment system.
What's your definition of “well understood and better managed”?
Well, it's back to that we don't necessarily know what we don't know. I'll speak of our operator role. We operate the main wholesale system and a retail system for clearing and settling between financial institutions. We do a lot to protect those from whatever risks we see, but certainly there are the security and cyber-risks.
You hardly pick up a paper each week without hearing of another either event or threat, and all of us who run aspects of the payment system know how many attempts we see to infiltrate systems every day.
So my comment was a general one. But there's a common understanding in the industry that it's a big issue that we have to—
Okay. I have a follow-up question on that one, and this will be for maybe you and Ms. ter Haar on this one.
You are relatively new. I'm not sure how old your company is. I'm just looking at your website here. But when you look at the security and maintaining security, it must be a real challenge for you to actually get the people and the resources and the expertise it takes to actually stay ahead of this stuff.
So what kind of challenges is that providing for your organizations? As well, just as a sideline question, Ms. ter Haar, what are your transaction fees for your services?
Our transaction fee is 1% of the transaction for those transactions above $50. We also have an advertising fee, which is 1%.
That applies to a purchase that was advertised within the Flow system. So if a merchant advertises in the Flow system, with that purchase, the advertising fee applies.
With regard to staying ahead of the security concerns and the challenges represented there, I think it's a very exciting time. There's a lot of opportunity. What we're doing is very unique and different from security authentication protocol—how you authenticate the payment, how you authenticate the user. We're doing some really exciting research and development with regard to that, and I think it's a very exciting time as we understand how to make that more secure.
Are there any other comments from any of the other panellists about getting the resources and the expertise to stay ahead of this? Obviously, it seems to me, the hackers seem to be able to stay ahead of us all the time.
In terms of contactless payments, we've undergone certification. So MasterCard, Visa, and even Interac have a rigorous process to go through that.
So from a device side, whether it's us or Samsung or anyone else, they go through a horrendous—I won't go any further—process to make sure that the device can't be hacked for contactless.
As a company that also provides its back office to companies like EnStream, we haven't announced yet, but we just received Visa certification. It's just as rigorous, and PCI certification, to go through that. We're all about security. We run government email systems and whatnot, and we're very impressed by what we've seen to date. It hasn't been an easy process. It has taken us months and months to go through that. So what we're seeing in contactless, we're quite impressed.
In terms of what you're hearing in the news of the breaches and stuff like that, I'm not saying they don't happen in Canada, but a lot of them are in markets where I don't think they're as advanced as what we've done in Canada, where we offer chip and PIN.
If you look at the U.S. market with Target, there are some things that are basic in the Canadian market or the U.K. market. If you notice, a lot of the major things—Neiman Marcus—are all happening in the U.S., where they still haven't moved forward with chip and PIN.
So I'm not going to say we're not going to be attacked or whatever, but I think we've done a good job in Canada on the payment side. I think the networks have all done a good job in terms of certifying each piece of the value chain.
Thank you, Mr. Chair. I'm pleased to be back here, although it's temporary.
I'd like to say to you folks that I started working on mainframes for Bell in 1979. I don't know how in the world you keep up with what's happening now. Those were the days even before Windows.
You're going to hear from the government side about regulation and the problems with interference. I believe the law is for the protection of the people, so I come from that angle.
Mr. Gaetz, if I pronounce your name right—that's the guy with all of the money too, by the way. You're the chair of a task force and you recently made some recommendations to the minister in terms of actions that the government could take to become a leader in the adoption of digital payments. To your knowledge have any of these recommendations been acted on?
Yes, we made some recommendations and we're following closely the work that we understand is going on in the area of the reduction of cheque issuance in the government and also the move to electronic invoicing.
We believe that this is a really important initiative and a place where government can actually be out in front leading. We as an association are very supportive of it and supportive in a practical way. We've offered our help and assistance, as have many of our member financial institutions. So there's a lot of support for this.
Your report talks about the absence of a healthy competitive market in terms of Canada's payment systems.
Can you comment on the lack of competition and whether the credit card companies and major financial institutions are engaged in anti-competitive practices?
I can't comment on that, and I think your reference is not from the recommendations that we made because I wouldn't have been saying anything about the lack of competition.
Well, that's helpful.
What are the advantages of using Flow versus the more traditional payment methods? Does Flow offer business-to-business services?
Yes. It depends on the perspective because we're populating an ecosystem with both merchants and buyers and sellers. There is a different value proposition for both.
From the merchant side there are increased sales, decreased cost of sale, and a new stream of revenue that Flow offers. On the consumer side it changes a little bit. There's the difference between emerging markets and developed markets and how the consumer sees those value propositions, but in some I can say it's saving time and money. It's the loyalty, it's the value added, it's convenience, it's security, all of that value added rolled up into one.
Mr. Gaetz talked about the comparison of Canada to 27 other countries, even Peru and Romania.
How do you see the movement of Flow on the world stage?
I see it as a global expansion. There are many jurisdictions that are already cash-based. Our system is a cash-based system, so there's a lot of reception for an online mobile methodology to accept cash and to pay with cash, not just to accept cash. In Asia you see a lot of e-commerce. There's a very well-developed market there. We see that global expansion starting in Canada and moving out.
I'd like to go to Mr. Maduri. We hear all of the time about BlackBerry's security and how it's pre-eminent. How much interaction is there between BlackBerry and places like Flow or other places like that? Obviously for everybody involved, security is a mainstay of what you're trying to accomplish. But how many silos are we confronted with?
We're very involved, actually. We spoke earlier that my company is operating the carrier joint venture infrastructure that allows you to put a payment card over the air and store it in the phone. For some banks—only one's been made public—we also run their infrastructure as well.
So Desjardins is publicly announced. For Desjardins bank we manage what they call the over-the-air personalization, which is taking a Visa or a MasterCard or what they call an Interac applet and putting it in the phone, and then afterwards taking your number and putting it in the phone. So we work closely with all of the banks, all of the carriers, and for some of the banks we run it for them, and I just mentioned one. You'll see announcements in the next month or two of other major banks that are using our infrastructure.
I still don't quite understand this, and I have a few quick questions. Obviously, your customers are hooked into the bank.
So if you sign onto your program, you have to give some information, and once you're hooked up, you can now surf and find any.... Or do you provide merchants that are part of your program to your clientele?
Say, for instance, I decided to join your organization. How would I know which merchants were part of this as well?
You could do that in two ways. You could see at point of sale whether they accepted Flow as a payment methodology. You could also do that through your mobile application, so you would see very clearly whether they were listed as a merchant, and I can show you in the demonstration. You can do that in a number of ways by geolocating on a map or by the offers that they list or by searching, just saying the name of the merchant that you're searching for, and that would populate or not populate from a merchant perspective.
One of the concerns—not the concerns—when we had the Visa and the MasterCard people here was that this is a free market system and we're just looking for competition. So you actually are providing another method of payment that would compete against whatever, as well as the major cards, correct?
Yes. You can look at it in two ways, compete or collaborate. We like to work collaboratively with all constituents in the payment ecosystem, so it really depends on how you choose to work together or how you choose to compete. It can cut both ways.
Good for you, and congratulations.
I wanted to maybe speak to Ms. Hubberstey as well.
I think we have to make a clarification, and I think you would agree with this as well. The Interac system really isn't the same thing as a card system. In your case, the funds go directly from the purchaser to the bank, then to the merchant. There is no holding cell, for instance, as there would be in a charge system, so you're able to do this at a reduced rate. Would that be accurate?
It is. It's a real-time good funds model. So when a customer goes to a terminal, they put the card in the terminal and do the transaction. The transaction goes through our network to the issuer and then comes back through there. So the issuer sees every transaction and it's approved by that issuer, so—
I use it as well. I must confess that I'm somewhat trapped by the trappings of a card.
We do a lot of discussion in regard to the cost of the credit cards. Would you agree that it's really not the same thing? The cards are offering something a little bit different. Because, frankly, if I use a charge card and if I don't have the money, I have the option of paying the interest for it whereas that's not the case with the Interac.
The pricing structure for my competitors' credit products as well as their debit products is different, and I can't speak to how they price them and how the issuers then price them. I can speak to how we price ours. At the end of the day there is one fee, a low-cost switch fee—0.6362 to a penny—and then the inquirer marks it up to the merchant, depending on the contract. A higher volume may be two cents. As I said, on average, it's about five cents.
For the value proposition in there, it is more difficult to build in something like a rewards program, although there are rewards programs that increasingly sell on debit and Interac. I'm going to sound like a Royal Bank commercial, but Royal Bank with Shoppers Drug Mart have a product that offers rewards for Interac debit, Bank of Montreal with air miles, and Scene with Scotiabank as well. So there is some value in there for issuers.
Just very quickly, this is a question to everybody. I'm always looking for something new and I've always wondered why we talk about the phone seeming to be the place where the cards are going. Are we approaching a time where you'll be able to shop online and just have an app that would receive your credit card from your phone?
Thank you very much, Mr. Chair.
I have a lot of questions, but I am very limited in my time, so I have to be very strategic about this. I'll go with Ms. Hubberstey first.
We, as legislators, are charged with the implementation of public policy. We operate on this continuum of options that we have, from voluntary at one end of the spectrum to legislation at the other end of the spectrum. The code of conduct is clearly voluntary. Credit card companies say it restricts; you're saying it encourages competition. Could you speak about that and about why you differ in that way?
The code of conduct is really a pragmatic solution to, I think, a lot of market problems that were happening a few years ago, from disclosure by merchants to being able to understand their contracts to.... I talked earlier about the honour all cards rule between credit and debit. The way my competitors were entering into the debit marketplace was really by riding Interac's ubiquity. They put their product on the card with the financial institution logo on the front. We'd actually be facilitating the transaction, but it would look like one of their transactions.
So they would flood the market. Merchants would think they had to adopt it, and all of a sudden, they would enforce their rules. Basically each network says that you can't have competing credit products sitting on a card, so you'd never see a joint Visa and MasterCard card, but they have rules that allow them to sit on a domestic debit network. Once they reach acceptance, they kick you off the card. It's tantamount to Starbucks saying the only way it could come into Canada would be to sell coffee through Tim Hortons.
So there's nothing in the code today that restricts a bank from issuing a competitor's debit product. There are co-badged cards in the market. RBC offers a virtual debit card product, which is separate. So that's happening. It happened before the code and after it. The code dealt with some of the negative market practices that were happening and that were restricting consumer and merchant choice and being transparent about it.
If we move down the continuum, we're at voluntary code of conduct right now and we move towards not so voluntary but more of a legislative regime, in your opinion, how will that affect the competitive environment?
I believe there's actually a step in between, and I think that would work, especially with mobile. I think we've all sort of alluded to it. There is a draft mobile addendum that sits with the code of conduct, which would, hopefully, address some of the issues within the mobile environment. Again, it's technology agnostic. You don't have to prescribe technology, but you can say things like, as a consumer, I should be able to set the default to whatever application I want on my phone. I should be able to move between applications. The application should be clear and clearly branded. That's the type of thing that can be covered in the mobile code.
Mr. Eby, clearly we must be doing something right. You had indicated earlier that here in Canada we have one of the most advanced mobile payment regimes in the world.
So clearly we've been doing something right up until now. If we were to restrict that competitive environment by introducing more regulation into the marketplace—as the NDP wants us to do—how would that affect the competitive environment? In particular, how would that affect companies like Flow, and discourage them from getting into the marketplace with their kinds of solutions?
Sure. You want the whole thing to build, so more players can get involved and have more opportunity to be first movers here in Canada. I know EnStream was here, and companies like that have an opportunity now to go and provide these managed services and these back-end services in other countries, because they can show they're working here in Canada and working on a mass—
So in your information, you would have a regulation at the moment to fit the sort of environment that we have?
On an annual basis, there's probably about $45 trillion of value that passes through our systems each year.
There's a significant amount of taxation that accrues from that to the Government of Canada, I would say.
No. It is a cost to the members, and it is a way to ensure that under any condition, including a financial crisis, we can clear and settle safely and risk free.
Thanks, Chair.
My first question is for Mr. Maduri. This may have come up, but I wanted to just confirm and give you a chance to plug my favourite technology, BlackBerry. Security and strength, you said, were some of the watchwords of BlackBerry, and you think this technology lets you leverage that very efficiently, if I understood your remarks. Is this technology something that BlackBerry has factored into its business plan as a key contributor going forward?
Yes, it definitely is. To put it plainly, we're taking our expertise and ability to manage devices to actually managing, as Kurt mentioned earlier, something called a secure element on devices. That's where you store credit cards. If you've heard of mobile device management, secure element management is an extension of that.
For us, I concur with you in that I think there's a great opportunity. If we can get this working here as a commercial success, I know that other countries will look toward us. We've already had requests to manage back ends in other countries, so we're leveraging our smarts here, and we're hoping that once it's a commercial success, we can showcase it and take it elsewhere.
I hope so. I hope it works. It's a great idea.
Next I'll go to you, Mr. Gaetz and the Canadian Payments Association. In your opening remarks, you used the expression “risk exposures”. In your written presentation, you made the following statement when you talked about some of the challenges, “Stability and confidence in the overall payments system are paramount. Risk in payment systems must be properly identified and managed to protect the economy and its users.”
Could you elaborate a little on what kinds of risks you're talking about? Are you speaking solely about cyber-risks? If not, what else are you thinking of?
No, I'm also speaking of settlement and liquidity risks. Given our vantage point from where we sit in the payment ecosystem, I like to say that we sit at the apex. Some people say we're the plumbing, but I would say that it's pretty sophisticated plumbing. Let me stay with the apex analogy.
In order to ensure that there is no risk in any circumstance, including a failure of a financial institution, no risk of knock-on effect through the daily and weekly settlement of these large values that are flowing every single day, we have systems that have built-in risk mitigations, and multiple layers of those risk mitigations, which include pledging of collateral and valuing collateral. On any day, we have to make sure that we're fully risk-proofed from a liquidity and settlement standpoint. That's also what I'm referring to.
Yes.
I guess just for the record, Mr. Chairman, I want a clarification.
In your written remarks, you talk about the exponential growth in the digital payments technology, but then you say, “with 90 percent of consumer spending in Canada done using non-cash payment methods”. Is that 90% of the volume or is it 90% of the transactions that are taking place in the economy?
Right. These are referring to two different things. When I'm talking about the 90%, I'm talking about the fact that cards are not a new technology, but 90% of the consumer payment value in Canada is—
Volume of transactions.... I'm thinking of people who go to the store and use their cash to buy something that's under one dollar, two dollars, or three dollars. It's hard for me to believe that if you take the number of transactions in the economy, 90% of them would be cashless.
Well, if you just stay with cash for a minute, if you look at the volume of cash transactions...and of course you have to estimate it. The way you estimate it is that you go to the great statistics from Interac and you make some assumptions that most of the cash that is taken out of an ATM is spent in a transaction. On a volume basis, cash probably makes up 40% of the transactions, but on a value basis, it's tiny. It's probably 10%.
I understand...on a value basis. That's what I'm trying to nail down.
I think this is relevant to the digital payments technology in the study of this committee because some of the technologies will allow us to now use, very seamlessly, our smartphones to do things that in the past we would have done by taking out a couple of dollars and putting them on the counter.
Are you saying 90% of the volume of transactions, the money value, is cashless, or are you saying 90% of all the transactions that occur?
My reference was to value. But I'd be happy actually, if the committee would like, to write a short note that gives you the transaction volume value statistic.
If you can submit that to the clerk, we'll ensure all the members get it. Thank you.
Mr. Gaetz, I wanted to follow up with you on your opening statement. You stated, “Payment methods are increasingly complex and they can create [potential] risk exposures for participants and users. Today we see...new non-traditional and unregulated players in the payments space...[which] need to be carefully considered.”
Who would you describe as these types of suppliers? Who are you referring to?
It was a general comment. Traditionally, financial institutions have been at the core of the payment system and the payment method. Today, there are new players. We have one interesting new player at the table here, but you could actually put the PayPals in that category as well. You certainly would put a bitcoin in that category.
Do we need to do something from a regulatory and/or legislative point of view to deal with the PayPals and the Flows?
My earlier point was that the frameworks and the rules and standards are largely in place. The question is, can we monitor and can we understand really the new products that are coming up? Until we understand how creative people can be, it's hard to say you need to do more.
In the last session we talked about the code applying to mobile payments, the voluntary code, and we also talked about the payments advisory committee also looking at standardization practices. In your view, with those two groups, is that sufficient at this point in terms of covering these players?
Okay. I wanted to move onto the protection of consumer data and privacy.
Mr. Maduri, in response to Mr. Thibeault, and he said it very well, because I have actually been one of those MPs who has lost his BlackBerry phone, and they send the kill pill.... It's stored in the cloud, so it's much safer in that aspect, that it's not actually on a device, especially if you have someone who misplaces that device. But obviously you have concerns with respect to information that's stored in the cloud.
I've stored a lot of my data in the Dropbox cloud service, but the House of Commons IT have said that if something is very personal or private, or if there's a communication from a constituent to myself or to another department that's very personal or private, not to keep that data in the cloud technology. I think Dropbox would strenuously object to that and pronounce that they're secure.
This is a question to you, and to anyone on the panel. Do you have any remarks with respect to security concerns about storing this data in cloud technology?
From what we've seen, from a security and privacy perspective, we haven't seen any concern to date. Again, our security experts have walked through not all the cloud-based solutions but the ones we have been involved in and we feel fairly sure that there's not a security issue.
In terms of privacy, it's ultimately up to the owner. If it's a bank-issued wallet, whether they use that data for whatever purpose.... But we're not using it, we don't have access to it, and it is secure in terms of the systems we've seen and evaluated.
I have a few comments with respect to the privacy end of things. I lump personal data protection as part of what we are going to refer to today as privacy.
I think there's a lot of exciting—and SecureKey, I believe, alluded to this in its testimony last week with regard to enabling users to leverage their own personal data, to operate within a trust framework so that they specify how their data can be used, in what way, and who can use it for what purposes. Giving users greater control over that is something that our company is really excited to be working on, and enabling people to have more of a say in how that operates. So it's not just about the end-user licence and not just about agreeing, but about having more autonomy about how that personal data is used.
Just very briefly, our products access people's money in their bank accounts. Security is paramount to us so that people feel confident they can use these products and solutions. So our governance framework and our policies that I alluded to earlier, our certification, all of it, any solution, would have to meet the highest standard.
One thing that's important to remember when you hear about the options that might be based on location-based technology and things like that is that digital payments and use of personal information to offer you services are mutually exclusive. It's not that because you use MasterCard on your phone, you're also giving up your privacy. It means there are options. Consumers will be able to choose from a privacy standpoint what they want to do to access more services like Flow, or what else.
Can you expand on that, just briefly, for 30 seconds, in terms of what information they will voluntarily give up?
Just replicating the card isn't going to be enough to get it going. There have to be things like loyalty programs—they know when you've entered the store, so they can send you offers. But these, again, will be mutually exclusive. It will be up to the consumer to opt into these things. We have a privacy framework, and that should be able to handle when people agree to give up their data, or what their data is going to be used for and how it's going to be used and aggregated.
Just very briefly, with respect to privacy and security, does the code of conduct or any of the regulatory framework need to be upgraded to deal with these concerns?
Everybody is nodding in agreement, then?
Okay, thank you.
We'll now go to Mr. Andrews for your five-minute round.
Just to follow up on that conversation you were having with the chair about privacy and what information you give up, because it was also....
Caroline, you can jump in here as well.
When you say that the devil is in the defaults, and what those defaults are, I know Ms. Cavoukian and the privacy commission in Ontario have spoken a lot about the defaults and how a consumer will be able to regulate those defaults on their privacy.
How do you see that?
I don't know that it's an issue specific to digital payments. I think it's covered under the broad privacy framework in the privacy laws that we have, and have already. If it's going to be approached that way, the same as if you are using a website and you're clicking on things, and what you're giving up.... My point is that the privacy laws that cover all of that activity can apply to digital payments. There's no requirement for anything specific or targeted.
What I would say is that when we look at solutions, we certainly look at solutions with privacy-minded security, and I'll give a couple of examples. Interac Online, which is our online e-commerce solution, is actually done through web banking. The merchant actually doesn't get any personal financial information.
Protecting the money in the bank account is different than having a credit card where you can dispute a transaction for a period of time. It's the same for the card today that you have in your wallet. That number on the front of your card is an identifier. It's not an account number. You cannot do any transactions called “card not present” transactions with that information. It's just an identifier, and we use that for Interac Flash as well.
I'm also on the privacy and ethics committee. We did a study on big data, trying to digest here in Canada the accumulation of data on customers and how do consumers actually have a knowledge of what is being consumed. We talked about loyalty programs and that kind of stuff.
Is how much information is being collected on customers a concern when it comes to mobile payments?
I don't believe so. In most cases, the wireless companies—certainly with the agreements that are made now—aren't collecting anything. They don't know that you're making payments from your phone. It's standard information on transactions that the financial institutions or the credit companies would have right now, just for making card transactions. It's no different.
We wouldn't know if you paid with your card or your phone. We don't see that data. It doesn't exist.
Caroline, what about when it comes to south of the border and what the privacy laws and that are down there? How does Interac go, internationally and between our two countries?
It depends on the product. Our international product would be our cross border debit, where you could use your card in the States. A number of financial institutions offer that feature. You would be using your card, today, as a “mag stripe” transaction, at a point of sale terminal. But again, that information is just an identifier, just a number; it's not identified to you as a person. It's a series of numbers to be able to facilitate the transaction.
Mr. Maduri, Caroline talked about small businesses doing more business-to-business mobile payments. Do you agree with that, and do you see where business-to-business payments are going? Are more businesses going to avail themselves of that, or is it mainly in the small to medium-sized businesses?
I see a big opportunity in small business, again, using this as a terminal to accept a debit card, a credit card, or a BBM payment. That's a massive opportunity, right? And you're seeing it. There's a company in the U.S. called Square. I think there's a company in Vancouver called Payfirma. We believe there's going to be a lot of that.
A lot of the discussion here is about wallets and the consumer side. But on the merchant side too, they're going to be leveraging this to accept payments, so we're big believers in that.
I have one last question.
Mr. Gaetz, the committee heard last week that the Canadian payment system must be upgraded to carry more information.
What would that entail?
Thank you for that question. I was looking for an opportunity to say something about this.
One of the initiatives that we have launched and are working hard on is to adopt a global payment standard for Canada. We're starting with our core systems. That will then roll out to our members, and we really would expect that to roll out over time to the rest of the Canadian economy.
The idea is to have some standard information flow with the payment. We're working on a scheme to have a small set of mandatory information. When I say “mandatory”, I mean we'd be saying that all our members should adopt that standard set of information. The expectation is then that could start to be used by large and small business, but small and medium-sized business could start to use it to link into their invoicing systems and their accounts payable and accounts receivable systems in a way that they can't today.
So we think this is very important.
Thanks, Chair.
I'll share my time with Mr. Keddy.
My first question is for Mr. Eby.
Are you aware of any recorded instances of fraud using mobile payment services to date?
I couldn't say that. I'm just not aware of any, at least not for the types of payments that I'm talking about, which are through actual financial institutions. I believe I've seen stories about the Starbucks' bar code scanning thing. I think there have been fraud issues with things like that, but not ones that are done through actual banks and in partnership with wireless carriers or device-makers.
Yes, and it's an app. There's no relationship between Starbucks and the device-maker or the wireless provider at all.
Okay, thanks.
Mr. Maduri, your company is international. You operate in different countries. Can you tell me what other countries are doing with regard to mobile payments? Where do we stand as far as the technology and the usage are concerned?
That's a perfect question.
The first comment, and maybe it will answer the rest of it—and I'll keep it to 30 seconds—is that we're far more advanced than anyone. If you go to MasterCard's website, they rank us number two in the world for mobile payments. Singapore is number one. Last year, actually, I was a keynote, and I went to Singapore, met with all the banks and the carriers, and they're nowhere near us. In terms of commercial deployments, acceptance, no one's using it. Australia is another country that's nowhere near it. I've done a lot of work in the U.K., and Turkey, and in the U.S., a tremendous amount of work. In terms of contactless payments we're by far the furthest.
At the same time, I'll tell you something else that I think you need to know. I think we're in the early stages. In terms of being aware of an instance of fraud or whatever, there are not many transactions.
We're the furthest ahead when it comes to contactless payments. In other areas we're probably behind. If you go to Africa, people are using text messaging—for example, in Kenya—to pay and transfer money. In Indonesia, we're doing that.
But in terms of contactless payments, by far this is it. Ask MasterCard, Visa, the banks. They all know this is the market where we'll make it or break it in terms of this new area.
Thank you, Mr. Chairman.
I don't think I'll take quite that long.
I'm still struggling a bit with the regulatory regime. I just went in and read the code of conduct that we brought in through the Department of Finance. Again, it's a balancing act between stifling innovation and having a regulatory regime that allows everything to work properly. The comment was made—and I forget who made it, it may have been Flow—not to restrict merchants' or consumers' choices. However, it would seem to me that in order to have a regulatory regime, by the very fact that you have one, there is some restriction of choice.
My question to the panel is whether the code of conduct is sufficient. Is it a living thing that needs to be constantly updated, or is it too restrictive?
It should be a living document. As I said earlier it's a pragmatic solution. I think it's done well. The FCAC oversees it and has made some adjustments in clarification from time to time. We certainly firmly believe it should be extended to the mobile environment. A draft mobile addendum has been circulated, as for any emerging technology. It doesn't have to be technology-specific. It sets principles about how the market can unfold in choice and transparency in particular.
I think it's important to make it sufficient but living, and the reason is that an example was mentioned about setting defaults on it and not being able to do that. From a usability point of view it would be good to review that in the future, because if it takes x steps to pay with a phone—unlock, do this, select a card—it's going to be a lot easier to use the card you have in your wallet. I think it's sufficient but living, and review some aspects like that.
Okay. That's it.
All right, thank you. Thank you, Mr. Keddy. I want to thank all our witnesses for being here this afternoon and responding to our questions. It's been another very interesting session. I understand, colleagues, we will adjourn and then, for members, there will be at least one presentation of the new technology at the back of the room.
The meeting is adjourned.
Publication Explorer
Publication Explorer