Evidence of meeting #43 for Industry and Technology in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was meta.

A recording is available from Parliament.

On the agenda

Members speaking

Before the committee

Shipley  Chief Executive Officer, Beauceron Security
Quaid  Executive Director, Canadian Cyber Threat Exchange
Camfield  Defence Lead, Security Policy, Meta Platforms Inc.
Curran  Director, Public Policy, Meta Canada, Meta Platforms Inc.
Giurietto  Head of Future Policy, Australian Banking Association Inc.
Pegley  Managing Director, Australian Financial Crimes Exchange Ltd.

The Chair Liberal Ben Carr

Good afternoon, everyone.

Unfortunately, because of the votes, we're running a bit behind this afternoon, but we're going to make up the time over the next few hours.

I hope you've had a good day thus far despite some interruptions with votes.

Witnesses, I apologize for keeping you waiting. That is simply the way things work in Parliament, although, seeing that the clock is at 4:29, we're actually starting right on time. I'm glad we're able to move forward.

Colleagues, this is our second meeting in relation to the study on fraud and scams in Canada.

Colleagues, I want to let you know that all of the audiovisual tests have been carried out and that everything is working.

This is just a reminder to witnesses that if you are using your earpiece and it's plugged in but not on your ear, please ensure you place it on the sticker in front of you. That's to protect the health and well-being of our interpreters.

With that, colleagues, we have four witnesses here in the room with us today. From Beauceron Security, we have David Shipley, who is the chief executive officer. From the Canadian Cyber Threat Exchange, we have Jennifer Quaid, the executive director. From Meta Platforms, we have Jon Camfield, defence lead, security policy; and Rachel Curran, director of public policy at Meta Canada.

Welcome to all of you.

Witnesses, you'll have up to five minutes each for introductory remarks. I understand that it will be Mr. Camfield speaking on Meta's behalf.

With that, Mr. Shipley, I'm going to give you the floor.

David Shipley Chief Executive Officer, Beauceron Security

Thank you, Mr. Chair. I appreciate the opportunity to testify before this committee again.

At Beauceron Security, we have helped educate more than one million individuals on how to spot and stop cyber-attacks and online scams. I've spent more than a decade studying how cybercriminals exploit human trust online. Their business is booming. Erin West, founder of the international anti-fraud effort Operation Shamrock, has called it the “scamdemic”.

Fraud rose once again in Canada in 2025, hitting more than $700 million in reported losses, but with losses likely ranging between $7 billion and $14 billion, as only 5% to 10% of fraud is reported. Fraud losses are up in Canada 326% since 2020. We're losing, and we're losing more than just money. It's shattering Canadian families, and it's leaving seniors destitute.

Let me be blunt about where this fight is being lost. If we think of the scam economy as a funnel and think of where each group sits, the online platforms that profit by selling scammers advertising sit near the top. One company's products stand above all others. The Independent recently quoted Lloyds in the U.K. as stating that two-thirds of their customer fraud cases start on Meta platforms. It's deeply ironic that Facebook bans real Canadian news content but happily runs fraudulent AI videos featuring deepfaked politicians promoting investment scams and pays fake accounts promoting Alberta separatism.

By Meta's own internal projections, reported by Reuters last November, the company expected to earn about $16 billion globally in a single year from scam and banned goods ads. That's roughly 10% of its global revenue. I'd love to know what the estimates are for the value and number of fraudulent ads targeting Canadians. Meta knows.

Both Silicon Valley's own county and a U.S. coalition are suing it for allegedly knowingly profiting off scam ads. The rot starts at the top. Everyone else pays the fraud tax while Meta makes billions.

Here is what I'm here to talk to the committee about and ask it to consider in its studies.

First, we have to make online platforms liable for scam ads that they profit from. If they fail to properly police their platforms, they foot the bills, not the banks and not Canadians. Make them accountable to federal agencies for reporting on fraud and their efforts to combat it.

Second, legislate a 24-hour cooling-off period for material, unusual transactions that a financial institution flags as suspicious. Customers can opt out, but if they do, they should give up reimbursement. This alone would massively protect people from romance and investment fraud, the two costliest categories. It would help break the emotional spell many can find themselves experiencing during this sophisticated scam.

Third, do not build a bank-only liability model. We have learned the hard way on this in cyber with ransomware. When insurance began paying out, the attacks exploded. If you put banks alone on the hook, fraud costs will only grow for everyday Canadians. The banks never pay these costs in the end. The costs will be passed on to your constituents in service charges and interest.

We need shared responsibilities among online platforms, banks and bank customers. Banks should provide and track fraud education with their customers. Without a feedback loop, fraud awareness programs are just noise. With one—and we've proven this in our work in employee education—it guides people to less risky behaviours. If a customer won't take 10 minutes to learn, that should factor into their reimbursement. That's shared responsibility.

Here's what our data has shown. In our work with employees, we've shown that those who do not think they play a role in protecting themselves or their organization click 37% more on scam emails than those who do. Those who are educated and motivated to protect themselves fall victim less and report more suspicious activity.

Fourth, properly resource the Canadian anti-fraud centre. They are unable to meet the call demand they are receiving, and their work is about more than just taking down the details. That group is a lifeline to someone who is despondent and contemplating harm because of fraud. Be clear in the funding for this agency so Canadians can understand how we're investing in fighting fraud. This is perhaps where fines on big tech companies profiting from fraud on the backs of Canadians could be directed.

I have one last request. I urge the committee to use all of the powers at its disposal to investigate whether Meta knowingly profited from fraud, as is alleged in the Reuters story. Canadians deserve to know the truth.

I thank you and welcome your questions.

The Chair Liberal Ben Carr

Thank you very much, Mr. Shipley.

Ms. Quaid, I'll turn the floor over to you now for up to five minutes.

Jennifer Quaid Executive Director, Canadian Cyber Threat Exchange

Thank you, Mr. Chair.

Thank you to all members here for the opportunity to appear today on behalf of the Canadian Cyber Threat Exchange and the Canadian anti-scam coalition.

The Canadian anti-scam coalition is Canada's largest coordinated effort to fight scams, bringing together leaders in financial services, telecommunications and technology, alongside government, regulators and law enforcement. We do it because fraud is no longer a nuisance. It is the defining financial crime of our era. Each year, it affects millions of Canadians, costs billions of dollars and erodes public trust in our systems. This is not a trend. It is a persistent and growing threat.

I want to talk about three ways Canada can begin to turn this tide.

First, we need a genuine whole-of-society approach. Financial institutions, telecommunications companies, digital platforms, regulators, law enforcement and government must actively collaborate with shared objectives, coordinated policies and a focus on upstream prevention. Scammers do not respect organizational boundaries. Their operations move through telecom networks, banking systems and social media platforms and into the phones of Canadians every single day. No single organization can stop them alone.

Other countries have recognized this. The U.K. built Stop Scams UK, Australia created the National Anti-Scam Centre, and Singapore unified banks and telcos within a single operational framework. Canada has the will and the talent to do the same. What we need is the architecture.

Second, fraud must be understood as part of a broader cybercrime and money-laundering ecosystem. The same infrastructure used to steal credentials is used to commit fraud. The same networks used to launder drug proceeds are used to move stolen funds offshore. We need a coordinated approach that connects FINTRAC, the Canadian anti-fraud centre, cyber-defence functions and the private sector, and treats fraud as the common thread throughout them.

Third, and perhaps most urgently, fighting fraud depends on timely information sharing. Today, a bank, a telecommunications provider and a digital platform may each identify the same scam activity, yet there is no effective mechanism to share that intelligence in real time. As a result, each organization sees only part of the picture, while fraudsters share information instantly and exploit the gaps created by siloed systems and outdated regulations.

The Canadian anti-scam coalition was created in part to address this challenge, but we need legislative and regulatory frameworks that enable responsible information sharing. Other countries have taken this step. Canada can too, and we have an opportunity to lead.

The threat we face is not coming from opportunistic amateurs. These are organized criminal networks using sophisticated technology and professional operational models. If our response remains fragmented, we will continue to be outmanoeuvred.

Prevention must be our primary objective. That means real-time transaction intervention, network-level disruption of scam infrastructure and meaningful public education that reaches vulnerable Canadians where they are and in ways they can understand.

Canada has the opportunity to build a world-class response. We have an engaged private sector. We have law enforcement that understands the threat and wants to do more. What we need now is a framework that breaks down silos, enables real collaboration, provides meaningful resources where they are needed and puts prevention at its centre. The Canadian anti-scam coalition and the Canadian Cyber Threat Exchange stand ready to help build that framework.

The Chair Liberal Ben Carr

Thank you very much, Ms. Quaid.

Mr. Camfield, I'll turn the floor to you for up to five minutes.

Jon Camfield Defence Lead, Security Policy, Meta Platforms Inc.

Thank you, Mr. Chair.

Good afternoon. Thanks to all of you for the opportunity to appear before the committee today. My name is Jon Camfield. I lead our global trust and safety policy work on fraud and scams. Joining me is my colleague Rachel Curran, director of public policy of Canada at Meta.

Meta takes the threat of fraud and scams seriously. Financially motivated criminal actors are among the most persistent and agile threats we face online today. These networks operate across platforms, exploit multiple sectors and often operate with impunity from jurisdictions with limited rule of law.

In 2025 alone, we enforced on over 10 million accounts linked to criminal scam centres, which are organized criminal organizations that traffic and exploit people to run scam operations at an industrial scale. There are hundreds of thousands of victims driving these scams. We invest significantly in detecting and removing fraudulent actors and content, and we maintain active partnerships with Canadian law enforcement, regulators and industry to combat fraud.

Our approach is multi-layered and outcomes-driven.

We have dedicated policies on fraud, scams and deceptive practices for all of our platforms—Facebook, Instagram, Threads, Messenger and WhatsApp—and also across all of them on ads. In 2025, we removed more than 159 million ads globally for violating these policies. We removed 92% of them proactively before they were reported to us. Overall, we achieved greater than a 50% reduction in scam ad reports across our platforms in the same time period.

In addition to policy enforcement, we're continuously strengthening efforts on our platforms to deter these scammers. Here are some examples. First, we are expanding advertiser verification, with a goal of 90% of our ads revenue coming from verified advertisers by the end of 2026, up from 70% at the end of 2025. Second, we deploy advanced AI tools to prevent scammers from misusing the images of public figures to bait people into fraudulent ads. Third, on Messenger, we are also rolling out on-device AI to detect scam patterns inside conversations and warn users in real time, even within end-to-end encrypted chats.

As the government develops Canada's first-ever anti-fraud strategy, it is imperative to remember that cross-sectoral collaboration is essential. No single company or sector can see the full fraud attack chain. A consumer may first encounter a scam on SMS or on social media, or they may be moved through a phone call or a fraudulent investment site and ultimately lose money through a crypto or bank transfer. Each sector has a limited view, with no one company or platform seeing that complete picture. Effective disruption therefore requires sharing intelligence across these boundaries.

That is why Meta invests heavily in cross-sector information sharing. Through the fraud intelligence reciprocal exchange, or FIRE, we exchange signals bidirectionally with financial institutions, enabling faster enforcement. Through the Global Signal Exchange, we share structured scam indicators—URLs for malicious websites, phone numbers and also ad accounts—with governments and industry across multiple jurisdictions around the world. Government entities are able to participate within GSE at no cost.

Here in Canada, Meta supports the stand against scams campaign alongside the Canadian Bankers Association. We maintain dedicated reporting channels with the Canadian anti-fraud centre, the RCMP, the Canadian Securities Administrators investment fraud task force and the Competition Bureau.

We participated in Operation Maple Disruption with Canadian law enforcement, securities regulators and financial institutions. Alongside Canada, Meta has similarly endorsed the UNODC's global public-private partnership framework against fraud. We're also founding signatories to the Industry Accord Against Online Scams and Fraud with Google, Amazon, Microsoft, OpenAI and many others.

As Parliament considers how best to protect Canadians from fraud, we encourage three actions. The first is a whole-of-ecosystem approach that brings all sectors of the fraud attack chain to the table from the outset: digital platforms, telecoms, financial institutions, fintech and law enforcement. The second is strong information-sharing frameworks with legal safe harbour protections so companies can collaborate in good faith without fear of liability under privacy or competition law. The final one is an outcomes-focused framework that measures results rather than mandating specific methods, allowing all of us to remain as agile as possible as fraud tactics evolve rapidly.

Thank you for your time today. We welcome questions.

The Chair Liberal Ben Carr

Thank you very much, Mr. Camfield.

Colleagues, we'll now move into our first round of questions.

Ms. Borrelli, the floor will be yours for six minutes.

4:40 p.m.

Conservative

Kathy Borrelli Conservative Windsor—Tecumseh—Lakeshore, ON

Thank you Chair.

My first question is for Mr. Shipley.

Mr. Shipley, seniors are often told to watch for warning signs, but the warning signs are becoming much harder to detect, with spoofed numbers, AI-generated voices, fake investment ads and impersonation scams. From your experience in cybersecurity education, what types of prevention actually work for older Canadians? More specifically, what should Canada be doing differently so that seniors are protected, since the sophistication of scams has evolved past a level of just red flags?

4:40 p.m.

Chief Executive Officer, Beauceron Security

David Shipley

The first thing we noticed in our research—and yes, you are correct—is that the technical indicators for being able to tell if something is a phishing email or a scam are incredibly difficult to see now, thanks in part to AI companies making tools that make it easier to make things look faster and slicker than ever.

The research we've done and that Toronto Metropolitan University has done has shown that teaching people about emotional intelligence helps—listening to their gut and thinking about why someone is trying to make them feel a certain way, whether it's giving them a rush or getting them excited about an opportunity. They are often preying on the loneliness epidemic in this country.

The biggest thing that can help our seniors right now is the 24-hour hold. I've talked to so many banks, and their teams know it's a scam, but a person has fallen in love. They think that someone they care about is in danger, and they need to act. If we had that hold—and it's important to understand it's opt-out only; everyone starts with the hold in place—we would stop so much of the most expensive fraud targeting our seniors.

4:45 p.m.

Conservative

Kathy Borrelli Conservative Windsor—Tecumseh—Lakeshore, ON

You've partially answered my follow-up question already, which is this: What would be the three most important pieces that would help seniors in a fraud prevention program?

4:45 p.m.

Chief Executive Officer, Beauceron Security

David Shipley

In my remarks, I've given footnotes to all of the stories I've referenced. Darren Taylor wrote a heartbreaking story in Orillia Matters on June 5 that I encourage you all to read, titled “Senior lost almost $1M in ‘increasingly common’ deepfake scam”. These are increasingly happening on the platforms, including Meta but not exclusive to Meta. They're portraying our Prime Minister and others. Premier Doug Ford was also portrayed, and a senior in the GTA lost $100,000.

We have to hold the platforms accountable to police them. If they cannot responsibly offer advertising, then they should stop.

4:45 p.m.

Conservative

Kathy Borrelli Conservative Windsor—Tecumseh—Lakeshore, ON

Should there be stronger rules around first-time transfers, crypto purchases, international wires or payments made after remote access software has been used?

4:45 p.m.

Chief Executive Officer, Beauceron Security

David Shipley

Yes, and there's so much we can do on that side, but remember that some of these attackers, once they develop long-term relationships, will coach people through a variety of controls and other things. As my colleague Jennifer from CCTX pointed out, it requires a whole-of-society effort to combat this, but all of those things will help.

4:45 p.m.

Conservative

Kathy Borrelli Conservative Windsor—Tecumseh—Lakeshore, ON

Ms. Quaid, I want to ask about what happens after a senior has already been scammed. In many cases, the victim reports the fraud, but the money has already moved through the system via crypto wallets, mule accounts or foreign channels. For the victim, the system can feel like it records the loss but does not move quickly enough to recover it.

What would Canada need to do to improve the speed of tracing, freezing and recovering stolen funds after a senior reports a scam?

4:45 p.m.

Executive Director, Canadian Cyber Threat Exchange

Jennifer Quaid

Sadly, evidence shows that seniors tend not to report when they have been the victim of a scam, more so than any other segment of society. Most of the senior reporting we see is from seniors who have lost less than others or who have seen a scam as opposed to having fallen victim to one. That, in and of itself, is a problem.

What can the system do? The system has to focus on prevention. No matter what we do, it will never be fast enough. It will never be good enough. AI and frontier AI are making it too hard for anyone to catch, not just seniors. If we're not focusing on prevention, we are simply continuing to play whack-a-mole.

4:45 p.m.

Conservative

Kathy Borrelli Conservative Windsor—Tecumseh—Lakeshore, ON

Thanks very much.

I'm good.

The Chair Liberal Ben Carr

Thank you very much, Ms. Borrelli.

Mr. Bains, I'll go to you. I understand you'll be splitting your time with Mr. Ntumba. I'll allow the two of you to work that out.

The floor is yours, sir.

Parm Bains Liberal Richmond East—Steveston, BC

Thank you, Mr. Chair.

Thank you to our witnesses for joining us today for this very important study.

I couldn't help but notice that many of the recommendations coming from Meta and Madam Quaid were very similar.

Mr. Shipley, you referenced the Reuters report. I'm going to talk a bit about that and then ask questions of the folks at Meta.

Meta projected that roughly 10% of its revenue in 2024 would come from ads tied to scams, banned goods or misleading content.

Mr. Camfield, you talked about removing over 159 million scam ads last year alone. These same documents indicate that Meta users were reportedly served 15 billion high-risk scams daily, often letting them run unless 95% fraud certainty was detected.

My question to you is this. For less certain violations, Meta instead charged higher ad rates to deter offenders who were effectively still profiting from the potential fraud. Why is Meta's threshold for confidently identifying a scam so high? Why is it 95%?

4:50 p.m.

Defence Lead, Security Policy, Meta Platforms Inc.

Jon Camfield

Let me speak a bit to the specific numbers there. The 10% was based on some internal research to identify the topline ceiling of potential violations. That included non-violating content that is often caught up in our systems. It included things that are not actually frauds and scams as well. That is a higher number than the reality.

The same document that was leaked and referenced in the Reuters article in 2024 pointed out that the actual number is likely in the 3% to 4% range. Again, that was in 2024. We reduced that by 50% in 2025, and we continue to work on that today.

On the angle of charging more, the ad auction system is incredibly complex. What it does is it reduces the value of a bid in an auction if we suspect but cannot prove that an ad is a scam.

This speaks to where we are on the scam attack chain. What we see is the very early stages of a scam, often with potentially innocent-looking ads, innocent-looking engagements or new friendships being formed. It is challenging—

Parm Bains Liberal Richmond East—Steveston, BC

I'll jump in because of the time.

How do you verify the legitimacy, then? Do you do a reverse process of some sort?

4:50 p.m.

Defence Lead, Security Policy, Meta Platforms Inc.

Jon Camfield

We have a couple of processes. One is through information sharing. One of our most valuable signals is banks saying, “Hey, these scam accounts are using these URLs, domains and identifiers. Can you look in your systems?” We take those, put them into our systems, fan out, and look for other signs of that. We're often able to turn up to 600 times more assets in our systems from any one seed that we receive from the banks. That is the most valuable piece of information.

Parm Bains Liberal Richmond East—Steveston, BC

Finally, before I cede the rest of my time to Mr. Ntumba, the advocacy group Consumer Federation of America filed a similar complaint alleging that Meta failed to block scam ads while charging advertisers more to display their content and rolled back efforts to reduce scams. What is your response to that claim?

Afterward, Mr. Ntumba will take the floor.

4:50 p.m.

Defence Lead, Security Policy, Meta Platforms Inc.

Jon Camfield

To directly answer that, we do not charge advertisers more. We reduce the value of the potential scammer—the suspected or possibly uncertain ad—in the auction system. That means in the long term we're making less money off the ad slot by letting other ads win the auction by penalizing that ad. It does not mean we're charging them more, and they cannot pay more to get a better ad slot. It just reduces the value of the auction they already bid into.

Parm Bains Liberal Richmond East—Steveston, BC

Thank you.

Bienvenu-Olivier Ntumba Liberal Mont-Saint-Bruno—L’Acadie, QC

Thank you.

Mr. Camfield, as you know, Meta is almost like a town, a nation, a community or a shopping plaza, with many homes and businesses and lots of people going around. Each person is responsible for setting the alarm at their home's front door. You're in charge of security for the whole place, the main entry. I know the banks' approach is to tell customers that if they have a bank card, they're responsible for it. At my home, I set the alarm and I lock the door with my key. I make sure my home is secure.

If people invade my country, I don't blame my neighbour. I blame the government for not keeping the country secure. That's kind of what Meta is like.

Why is fraud on the rise within Meta? I'm asking you this question because you're the ones responsible for keeping Meta secure.