Thank you, Chair and members of the committee, for the invitation.
My name is Ian L. Paterson. I'm the CEO of Plurilock, a Canadian cybersecurity company. For 10 years, I've built and patented systems that verify who people are and delivered cybersecurity for government agencies and businesses. I'm here as an operator with a practical view of why fraud works and what would slow it down.
I'll offer three recommendations to combat the fraud that's hurting everyday Canadians, but first I'll start with a story.
A grandfather gets a phone call. He hears his grandson's voice: He's been in a car accident and needs money right now. The grandfather drives to the bank, gets the funds and hands a money order to a stranger who showed up in person to collect it. Only later, when the family compared notes, did the truth come out. The grandson was fine. The voice was a deepfake. It was a fraud.
That's one story. I have many, as I think most Canadians do.
Canadians reported $704 million in losses to the anti-fraud centre in 2025, which was the worst year on record. The RCMP estimates that only 5% to 10% of fraud ever gets reported, which means the real cost to the Canadian economy runs into the billions.
What do we do? In cybersecurity, we talk about prevention as “left of boom” and response as “right of boom”.
First, on left of boom, prevention comes down to identity.
Fraud works because we still verify people with things that are easy to fake: phone numbers, text messages, passwords and, now, voices. Back in 2019, I wrote in The Globe and Mail that my video game provider had better security than my bank. Seven years later, not much has changed, and deepfakes and voice cloning are letting bad guys automate and scale their attacks.
The fix is stronger identity that everyday Canadians can trust. When your telco, your bank or your government reaches out, it should come over a channel that can't easily be spoofed, like a push notification from a smart phone app. When you sign into a service, it should be with credentials that can't easily be phished, like pass-keys, which no one could read over the phone to a criminal. When it's human to human, the answer is resilience. Criminals can fake a phone number and a familiar voice, so hang up, call back a number you know and ask about shared context like, “What did Aunt Bertha bring to Christmas dinner last year?”
Cheap habits beat expensive technology. That grandfather in the story wasn't careless. He did what all of us were taught to do: trust the voice on the line. That's what has to change, and it's fixable.
Government should go first. Every Canadian knows about the fake CRA calls. If the CRA and agencies like it used channels that can't easily be spoofed, they'd end one of the most common scams in the country and set the standard for everyone else.
Second, on right of boom, response comes down to coordination.
When the victim, the bank, the phone company and the criminal sit in different jurisdictions, the first question is always, who owns the file? Our police officers are some of the most mission-driven people I know, but too often the local police agency that ends up with the file doesn't have the training, tools or mandate to chase this kind of crime, and that police detachment has to weigh a $5,000 scam against an armed robbery down the street. The criminals count on that weakness and exploit it.
We have a start with the national cybercrime coordination centre, but its role is to support. The investigating still falls to individual officers. Canada needs a national response that leads these cases, not just supports them: one that cuts across jurisdictional boundaries and brings banks and telecoms to the table with privacy built in and a mandate to chase these crimes whatever the dollar amount.
Third, Canada cannot tackle these issues on its own. Some of the biggest operations originate outside the country. In the Indo-Pacific, scam compounds run at industrial scale, often staffed by trafficked workers targeting Canadians. We need to invest more in international assistance to help dismantle these networks at the source, before they reach Canadians.
Fraud is an identity problem, a coordination problem and a test of our resilience. Every day, Canadians are being electronically mugged by criminals who've turned this into an industry, one that runs on the seams in our system. Those seams are ours to close.
Thank you. I look forward to your questions.