Industry Committee on Nov. 2nd, 2011

Evidence of meeting #12 for Industry, Science and Technology in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cards.

A recording is available from Parliament.

On the agenda

The E-Commerce Market in Canada

MPs speaking

David Sweet
Cheryl Gallant
Glenn Thibeault
John Carmichael
Geoff Regan
Phil McColeman
Brian Masse
Peter Braid
Hélène LeBlanc
Lee Richardson
Denis Blanchette
Mike Lake

Also speaking

Michael Bradley  Head of Products, Visa Canada Corporation
Kenneth Engelhart  Senior Vice-President, Regulatory, Rogers Communications Inc.
David Robinson  Vice-President, Emerging Business, Rogers Communications Inc.
Don Lebeuf  Vice-President and Head, Customer Delivery, MasterCard Canada
Doug Kreviazuk  Vice-President, Policy and Public Affairs, Canadian Payments Association

5:25 p.m.

Conservative

The Chair Conservative David Sweet

Lastly, you were talking about standards for retailers online as far as storage of credit card information, specifically for repurchasing. Is it the way they store it now, or are they not allowed to do that at all any more?

5:25 p.m.

Vice-President and Head, Customer Delivery, MasterCard Canada

Don Lebeuf

It's a matter of what data they should and shouldn't be storing after a transaction. Once a transaction happens there are certain pieces of data that the merchant no longer needs and shouldn't store going forward. That's embedded in the standards.

There are also requirements to have their website scanned by independent third parties to ensure there's no breaching or ability to breach their websites. It's also the physical security of their premises to ensure they are not storing card data they really don't need to store that has been provided to the acquirers, the merchants.

Most recently MasterCard has worked with the CFIB on a document to make it simpler for small businesses to understand the needs and requirements of PCI. Certainly major retailers have very large IT departments that can handle this stuff. We have to make it simpler and easier to understand for small business. We've been working with CFIB on that.

5:30 p.m.

Conservative

The Chair Conservative David Sweet

Effectively, for a merchant who has a website and a loyal customer who wants to repurchase all the time, this does not limit him from storing information to repurchase all the time. It's simply to be compliant with the PCI standards in how they store it so it's safe.

5:30 p.m.

Vice-President and Head, Customer Delivery, MasterCard Canada

Don Lebeuf

They can't store all of the card information to complete another transaction. That would violate the PCI code. They cannot store data that could be replicated by someone who hacked in to create a counterfeit card. You can keep some information for record-keeping and tax purposes and charge-back adjudication. You don't need all of the data that goes with the transaction, so they shouldn't be keeping anything that can be used to counterfeit a card.

5:30 p.m.

Conservative

The Chair Conservative David Sweet

It effectively limits automatic repurchases.

5:30 p.m.

Vice-President and Head, Customer Delivery, MasterCard Canada

Don Lebeuf

It does.

5:30 p.m.

Conservative

The Chair Conservative David Sweet

Thank you very much.

Thank you to the witnesses for the time you've invested here. I know the committee is grateful.

We're adjourned.