Good morning. My name is Jennifer Frook, and I'm the director of the fraud management office at Scotiabank. In my role I am responsible for the assessment of fraud and the reporting of fraud risk across the global Scotiabank group. This includes the proactive identification of fraud prevention practices and technologies to mitigate the bank's exposure to fraud loss. A large part of our ability to prevent fraud and protect our customers depends on our work with other stakeholders. I am also the current chair of the CBA's fraud specialists group.
I appreciate the opportunity to speak to this committee about an issue we all take very seriously, one that has a direct impact on our customers, our industry, and on the economy. This is a critical issue for the bank, given how important customer confidentiality and security is to banking. Without the trust of our customers that their information and identity is secure, we cannot perform our role.
To address the committee's interest in identity theft, I will focus my opening remarks on the following points related to fraud and identity theft: training and education, prevention, detection and mitigation, and last, collaboration.
An important part of preventing fraud is ensuring our staff has the proper training required to protect our customers from identity theft and other forms of fraud. Scotiabank has rigorous training programs in place for our employees, with customer-facing roles such as those in our branches, contact centres, and bank card security operations. Employees are required to go through a comprehensive onboarding training program, as well as to take annual refresher courses. Equally important is empowering our customers with the information and awareness necessary to help them protect their information and ensure that any time they are faced with a security concern, they know exactly what to do.
In terms of fraud prevention, we have instituted a number of security measures to help ensure the integrity of our customers' information. Several examples of that follow.
In Canada, 100% of retail credit cards and active debit cards, as well as all Scotiabank ABMs, have been converted to chip technology to support enhanced security against lost, stolen, and counterfeit card fraud.
Our debit cards are equipped with Interac Flash technology, which uses secure chip processing technology to protect customers against various skimming and counterfeit fraud. Many of our retail credit cards are equipped with a similar Visa payWave functionality. Scotia InfoAlerts are e-mail and/or text messages that provide an additional layer of protection and help our customers monitor activity on their accounts.
We also offer customers free software, as my colleagues have alluded to, at their institutions, to help them protect their information. We have partnered with McAfee, and offer all Scotia online customers 12 free months of McAfee AntiVirus, which helps customers protect their machines against viruses online and network threats. We also offer free Trusteer Rapport software, which helps to protect against malicious software, or malware.
In every channel and for every product we offer, there are a number of fraud controls in place to detect suspicious activity. These controls are multi-layered and dynamic. All of this is aimed at letting the true customer in and keeping the fraudster out.
We are also continuously testing our technologies and systems as well as repeatedly monitoring and reviewing our customer activities for any unusual or suspicious behaviour that could be fraudulent.
Naturally, despite our best efforts, our customers' credentials and other personal identification information is compromised and can be stolen. When banks are made aware of such compromises, we take appropriate measures to protect the customer and mitigate losses, such as notifying the customer that their card and/or account was compromised, blocking the stolen credential, and replacing it, when possible, with a new one, such as replacing a compromised credit card or resetting the customer's online or mobile log-in password.
We monitor account activity for fraudulent or suspicious transactions. We update customer profiles to include notes that this customer has been the victim of an identity theft, so that front-line employees are able to ensure enhanced know-your-customer policies are performed when authenticating customers on their account. Of course, we indemnify the customer for his or her loss, and make the customer whole.
Banks also collaborate and voluntarily report to the Privacy Commissioner any material or systemic breaches of personal information.
Identity theft is evolving, fast moving, and ever changing. We do our best to ensure that we are keeping on top of it by tracking and assessing the fraud associated with it and constantly developing new protective measures.
I should also say that since the act of identity theft nearly always takes place outside of the banking environment and is beyond our control, we need to work with other stakeholders to manage it. We provide information on our own internal tracking of fraud to a number of institutions and stakeholders, such as Visa, American Express, Interac, law enforcement agencies, and the CBA. These groups also compile information from other financial institutions and provide industry metrics and benchmarks from which we can measure our own mitigation of various types of fraud, many of which were enabled by some sort of theft of a customer's personal information. For example, the CBA fraud specialists group has a mandate to work together on fraud prevention and share information and best practices.
Allow me to conclude there, and to simply say, once again, that as a bank we are committed to doing our best to ensure the safety of our customers personal and financial information.
I look forward to your questions. Thank you.