Evidence of meeting #46 for Industry and Technology in the 45th Parliament, 1st session. (The original version is on Parliament’s site, as are the minutes.) The winning word was scams.

A recording is available from Parliament.

On the agenda

Members speaking

Before the committee

Hines  Head of Fraud Product, Interac Corp.
Harroun  Vice-President, Compliance and Enforcement, Canadian Radio-television and Telecommunications Commission
Brun  Vice-President, Government Relations, Desjardins Group
Lapalme  Senior Director and Deputy Head, Fraud and Financial Crime Management and Supervision Unit, Desjardins Group
Hutton  Vice-President, Consumer, Analytics and Strategy, Canadian Radio-television and Telecommunications Commission

The Chair Liberal Ben Carr

I call the meeting to order.

Good afternoon, everyone.

We are continuing with our study on fraud. We'll conduct one more meeting after this one. That will take place on Thursday, as discussed at our meeting yesterday.

To start, I have a couple of housekeeping things.

For witnesses who are in the room with us, this is a little reminder that if you are relying on your translation piece and it's plugged in but not on your ear, place it on the sticker in front of you. That's to protect the health and well-being of our interpreters.

I can confirm that we carried out all the tests to verify that the audiovisual equipment is working properly.

Colleagues, my calendar says—it could be wrong, depending on what's going on in the House—that there's a possibility for us to have bells at the outset of the meeting. As you know, I require unanimous consent in order to work through the bells. I'll circle back to each member on the committee if and when that occurs. This is just a quick heads-up for you to please give that some thought. If I don't get unanimous consent, we'll have to pause for half an hour. That will be the decision we live with. I'll come back to that if and when it's necessary.

We have a number of witnesses with us today. First, from the Canadian Radio-television and Telecommunications Commission, the CRTC, we have Steven Harroun, vice-president, compliance and enforcement; and Scott Hutton, vice-president, consumer, analytics and strategy.

Gentlemen, welcome.

From Desjardins Group, we have Bernard Brun, vice-president, government relations; and Frédéric Lapalme, senior director and deputy head, fraud and financial crime management and supervision unit. They are joining us by video conference.

From Interac Corp, joining us in the room is Mark Hines, who is the head of fraud—not of fraud, but of fraud product.

It's probably an important distinction to make, Mr. Hines.

On that note, why don't I turn to you first?

Witnesses, you will have up to five minutes for an opening statement, following which we will turn to members around the table for a question and answer period.

Mr. Hines, I'll turn the floor over to you for up to five minutes, sir.

Mark Hines Head of Fraud Product, Interac Corp.

Good afternoon, and thank you, Mr. Chair and members of the committee.

As the chair said, my name is Mark Hines. I lead fraud product at Interac. Thank you very much for the invitation to take part in today's study.

I'd like to begin by acknowledging that we're gathered on the traditional unceded territory of the Anishinabe Algonquin nation and by recognizing the enduring presence of first nations, Inuit and Métis peoples.

Interac is a Canadian-owned payment and digital verification company. Nearly 300 financial institutions connect to our networks, and Canadians use our products more than 20 million times every day. We sit at the centre of how money moves in Canada, which gives us a unique system-wide view of fraud and of financial crime in particular. Our teams monitor the network around the clock, sharing signals with financial institutions so they can act on suspicious activity in real time.

I'd like to use my time today to explain what has changed about fraud, why it's harder to fight than it used to be and where the greatest opportunity lies for protecting Canadians.

Fraud and scams are serious and growing threats. Behind every scam is someone who has lost money and often their confidence with it. However, the nature of the threat has evolved. Historically, fraud defences were built around the sender because the main threat was unauthorized access to an account. Scams work differently because the genuine account holder is authorizing the payment. This moves the focus to the receiver side of the network and requires new capabilities and investment across the system. At the same time, AI has dramatically increased the velocity of scam attempts. It's not just that they're more sophisticated and convincing. They're now automated at scale and only need to catch someone off guard once to be successful.

The most important thing I want to get across to the committee is that this problem cuts across multiple industries and sectors. We at Interac are investing heavily, but taking the next step requires a coordinated approach.

Interac deploys anti-fraud and scam capabilities on e-transfer today, and we have invested heavily in being the first approved fraud provider on Canada's new real-time system. Unlike other jurisdictions, we will launch the RTR with fraud protections built in, with the goal of preventing the spike in scams that other countries have encountered. This means Canadians will have greater levels of protection from day one.

No single company or sector can solve this alone. Fraud does not start and end in the same place. It often begins with a phone call, a text or an online scam. By the time the money is moved, the institution completing that transaction often has the least visibility into how it began. The key metric is the time between detection and intervention. The faster a trusted signal reaches the right place, the more often an institution can act before the money is gone.

We see the government's work to develop a national anti-fraud strategy and establish a financial crimes agency as an important step. Enforcement matters, but enforcement acts after harm is done. It needs to be paired with the coordination that prevents harm in the first place—that prevents money from leaving Canadians' bank accounts.

That's why the single most effective step Canada can take is enabling better data sharing across sectors, including financial institutions, telecommunications providers, digital platforms and law enforcement. To be clear, it's not about pooling data in a single open utility. It's about targeted, risk-based signals that let institutions act on the right information at the right time. This is a prevention-first approach, which is where we believe the greatest opportunity lies for Canada.

Thank you. I look forward to your questions.

The Chair Liberal Ben Carr

Thank you very much, Mr. Hines.

I'm not sure who is speaking for the CRTC. Is it Mr. Harroun?

Okay. The floor is yours, sir.

Steven Harroun Vice-President, Compliance and Enforcement, Canadian Radio-television and Telecommunications Commission

Good afternoon.

Before I begin, I would like to acknowledge that we are gathered on the traditional unceded territory of the Algonquin Anishinabe people.

I am joined this afternoon by my colleague, Scott Hutton, vice-president, consumer, analytics and strategy.

Thank you for the opportunity to appear before you as part of this study on financial fraud and scams in Canada.

As you know, the CRTC is an independent quasi-judicial tribunal that regulates the Canadian communications sector in the public interest. We hold public consultations on telecommunications and broadcasting matters, and we make decisions based on the public record.

The CRTC is also part of a broader federal effort to address unwanted telephone calls, emails and text messages. In this context, we administer civil regulatory regimes. Because the CRTC does not have the mandate to assess or investigate conduct that may be criminal in nature, we encourage Canadians to report suspected fraud to the appropriate law enforcement authorities. In limited circumstances, we may share information with those authorities in accordance with applicable legal and privacy requirements.

Today, I'll touch on our civil roles under both the unsolicited telecommunications rules and Canada's anti‑spam legislation. Under these regimes, we help protect Canadians by setting clear rules, helping businesses follow the rules, addressing non‑compliance through enforcement and educating Canadians.

Regarding unwanted telephone calls, the Canadian Radio‑television and Telecommunications Commission administers the national do not call list. Canadians can enter their telephone number on the list for free. In recent years, we've put in place a robust strategy to prevent unwanted calls from reaching Canadians in the first place.

Since this is a complex and ever‑evolving challenge, there's no single solution. Instead, our approach combines both regulatory and technical measures.

For example, telecommunications service providers are required to block calls that display numbers that would not normally be dialed, such as 123-456-7890. Providers also offer call-filtering services, giving Canadians greater control over the communications they receive.

We are also taking action on caller ID spoofing, where the caller disguises their phone number from the person receiving the call. To address this, we required service providers to implement STIR/SHAKEN. This technology helps verify whether a call is actually coming from the number displayed on the caller ID screen, making it easier for Canadians to identify which calls can be trusted.

New technologies are also playing an increasing role. Artificial intelligence, for example, can be a useful tool. In 2021, the CRTC approved an application by a Canadian telecommunications service provider to implement an AI-based solution that can stop suspicious calls in the provider’s network before they ever reach Canadians. Billions of these calls have already been blocked to date.

Let me now turn to the CRTC’s role under Canada’s anti-spam legislation, or CASL. We work alongside the Competition Bureau and the Office of the Privacy Commissioner to promote and monitor compliance within CASL. We also raise awareness to help Canadians better protect themselves and reduce the effects of spam. We collaborate with partners and stakeholders in this effort.

In closing, the CRTC will continue to work within its mandate to help protect Canadians from unwanted calls, spam emails and text messages.

Thank you for the opportunity to appear before you. We are happy to take your questions.

The Chair Liberal Ben Carr

Thank you very much, Mr. Harroun.

The next witness is Mr. Brun.

The floor is yours for up to five minutes.

Bernard Brun Vice-President, Government Relations, Desjardins Group

Thank you, Mr. Chair.

Members of the Standing Committee on Industry and Technology, on behalf of the Desjardins Group, I would like to thank you for the invitation.

My name is Bernard Brun. I'm the vice‑president of government relations for the Desjardins Group. I'm here with my colleague, Frédéric Lapalme, senior director and deputy head of the fraud and financial crime management and supervision unit.

It's a privilege to contribute to your study on financial fraud and scams in Canada, a key concern for Desjardins. Remember that Desjardins currently has over $524 billion in assets and over 10 million members and clients across the country. We serve close to half a million businesses—ranging from small and medium‑sized businesses to large organizations—across all sectors of the Canadian economy. We're the largest co‑operative financial group in North America and the eighth‑largest financial group in the world.

Fraud is now one of the most widespread, sophisticated and damaging forms of economic crime in Canada and abroad. Fuelled by the digitalization of the economy, artificial intelligence—as my colleagues said earlier—and global access to digital platforms, the problem is evolving at such a rapid pace that public and private institutions can hardly keep up.

Fraud has become a low‑risk and highly profitable crime. Criminal networks now operate with greater capabilities, without geographic boundaries. They use digital technologies, cryptoassets and even artificial intelligence‑powered impersonation capabilities.

A number of structuring challenges are currently limiting the effectiveness of fraud prevention efforts. I'll list five of them. These challenges are the fragmentation of data and information‑sharing mechanisms; the increase in regulatory initiatives and compliance frameworks; the transnational nature of criminal operations; the consequences for victims; and the ability of fraudsters to adapt quickly and their growing use of artificial intelligence.

In this environment, every improvement in security quickly leads to the emergence of new workaround strategies. This dynamic creates an ongoing technological race. This places significant pressure on governments, but also on financial institutions and businesses. The impact goes far beyond monetary losses. Victims frequently report long‑lasting consequences, such as psychological distress, loss of trust in institutions, social isolation and compromised personal financial security.

As a Quebec‑chartered financial group, most of our oversight comes from the Quebec government and agencies. However, we operate across Canada. This gives us experience and insight into the importance of coordination and regulatory complementarity in achieving tangible results.

We're pleased to see the federal government's commitment to encouraging the various stakeholders to work together to combat financial fraud. The many stakeholders working to reduce incidents of fraud must be brought together. This specifically goes hand in hand with the work of the Canadian Anti‑Scam Coalition, of which Desjardins is an active member.

Last April, we submitted a brief to the Department of Finance in response to its consultation on the national anti‑fraud strategy. We would be happy to share this brief with the committee if it would help with your work.

In conclusion, if we had to prioritize a single action to effectively combat financial fraud and scams in Canada, we would first focus on facilitating a form of information sharing among regulated organizations in order to improve prevention and detection.

With this in mind, yesterday we saw the introduction of Bill C‑36. This bill seeks to strengthen privacy and to amend the Personal Information Protection and Electronic Documents Act. The text notably includes an exception to the consent requirement in order to make it possible to share information for the purposes of preventing, detecting and reducing fraudulent activities. In our view, this positive development should be pursued and carefully analyzed in order to align and coordinate efforts with the provincial legislative frameworks.

Thank you for your attention. My colleague and I would be happy to answer your questions.

The Chair Liberal Ben Carr

Thank you, Mr. Brun.

Colleagues, we're going to get into our first round of questioning.

Mr. Guglielmin, the floor is yours, sir, for six minutes.

3:45 p.m.

Conservative

Michael Guglielmin Conservative Vaughan—Woodbridge, ON

Thank you, Chair.

Thank you to the witnesses for their opening testimony today.

Mr. Hines, a recent survey done by Interac showed that 79% of Canadians believe AI is making scams more convincing and making it much easier for fraudsters to create these scams in the first place. How specifically would you say that AI has changed the landscape over the last two years?

3:45 p.m.

Head of Fraud Product, Interac Corp.

Mark Hines

I won't dwell on the sophistication point so much, because my guess is that the committee has heard a lot about that. What I would really emphasize is the velocity, which means not only the speed but also the volume of suspicious activity that hits both individual institutions and networks. What that means is that the likelihood that you'll catch somebody....

A busy parent opening the front door sees a link and clicks it without taking the extra 30 seconds. A grandmother who's worried sends money to a grandchild. It simply statistically increases the likelihood that these things are happening. That really is the other element that we don't focus on enough, in my opinion. I don't mean to underplay the sophistication element, because it's real, but that's the element we don't focus on quite enough.

3:50 p.m.

Conservative

Michael Guglielmin Conservative Vaughan—Woodbridge, ON

Are there any scams in particular, as you guys look forward, that you're concerned with more than others?

3:50 p.m.

Head of Fraud Product, Interac Corp.

Mark Hines

We break down the types of scams that we encounter on our network. I would say that by a country mile, the most prevalent kinds are investment scams. There's a range of scams, including romance scams and bank impersonation scams, but investment scams are by far and away the highest frequency that we see.

3:50 p.m.

Conservative

Michael Guglielmin Conservative Vaughan—Woodbridge, ON

Would you say that in Canada our fraud prevention systems across banks, payment systems, telecom platforms, etc., are keeping pace with this new sophistication and the velocity of scams, or do you see a gap there?

3:50 p.m.

Head of Fraud Product, Interac Corp.

Mark Hines

From my perspective, I see people investing large amounts of money to try to keep up. Our view, to really get the most out of that significant investment, is to have cross-sector data sharing. To use scams as an example, they will occur entirely outside of the network that we operate. We don't know where it started. We don't know the details around how it started. Our ability to react is limited.

If I may, I have one more detail that I think might be useful to the committee. With scams, often it's not the initial sending that you will catch. It's my account. It's when you see payments collecting at the other side that you begin to see a problem. Feedback loops that give you a greater insight to that other side of the network are the things that really would stop us pushing the money out in the first place.

3:50 p.m.

Conservative

Michael Guglielmin Conservative Vaughan—Woodbridge, ON

What type of investments is Interac making to help prevent some of these scams that are AI-generated?

3:50 p.m.

Head of Fraud Product, Interac Corp.

Mark Hines

We are in the middle of a three-year strategy cycle at Interac. We're investing a very large amount of money over those three years. The focus of those investments is in building the new system for the RTR. On e-transfer, when it migrates to the RTR clearing and settlement system, we will also significantly upgrade that system to have comparable controls.

It's a major institutional investment for us, at the moment.

3:50 p.m.

Conservative

Michael Guglielmin Conservative Vaughan—Woodbridge, ON

When you look out at the broader ecosystem, across banks and other platforms, would you say that every sector is moving along at the same pace or are some falling short?

3:50 p.m.

Head of Fraud Product, Interac Corp.

Mark Hines

I think there is variation, for sure. In particular, I think you see that financial institutions and payment networks of all types, not just ours, are investing, because that's where the monetary losses are happening at the moment. Again, to return to my point, broadening that spectre and requiring other parts of the ecosystem to have skin in the game in this fight is for us a key element.

3:50 p.m.

Conservative

Michael Guglielmin Conservative Vaughan—Woodbridge, ON

Thank you very much.

I have a few questions for Desjardins.

In 2019 data was stolen from your members. It was found circulating underground on criminal forums as recently as November 2025, more than six years after the breach. Are you guys actively monitoring for your members the stolen data on the dark web?

Frédéric Lapalme Senior Director and Deputy Head, Fraud and Financial Crime Management and Supervision Unit, Desjardins Group

Thank you for the question.

I won't go into the details of the 2019 incident, since Desjardins has commented on it publicly many times. That said, we invest hundreds of millions of dollars every year to combat fraud and ensure data security. Our security office has 1,800 security experts.

Regarding the data circulating on the dark web, we do indeed monitor this information for our members. We've introduced a number of protection systems since the incident. We've recently introduced certain protections related to the dark web. These protections have been added to our scope of coverage. We understand that our members and clients have concerns about the data found on the dark web. We're addressing these issues in a very targeted way.

3:50 p.m.

Conservative

Michael Guglielmin Conservative Vaughan—Woodbridge, ON

When you guys find data, what can be done with it? Can you have it removed from the dark web, or does monitoring it just mean that you're watching it spread?

3:50 p.m.

Senior Director and Deputy Head, Fraud and Financial Crime Management and Supervision Unit, Desjardins Group

Frédéric Lapalme

It's extremely difficult to remove data from the dark web, or even from the Internet. Once it's on the Internet, it's in the public sphere.

There's another point to consider. While the exact number may remain a matter of debate, hundreds or even thousands of data breaches have occurred. Unfortunately, in general, Canadians and Quebeckers have been victims of multiple data breaches on multiple occasions. This doesn't let Desjardins off the hook. I can assure you that we take this extremely seriously. However, the data is found at multiple levels.

This can be useful for fraud, especially for scams, in particular the fake official scams. In these scams, a fraudster pretends to be a police officer or an employee of a financial institution. The fact that these officials can access certain information helps build trust with the potential victim. When we answer the telephone and the person on the other end already knows a number of key details, it creates a sense of trust in the fake official. It gives the official a certain amount of credibility. That's my answer.

The Chair Liberal Ben Carr

Thank you, Mr. Guglielmin.

Mr. Ma, I understand you might be splitting your time with Madam O'Rourke. I'll let the two of you figure that out. Between you, there are six minutes.

The floor is yours.

Michael Ma Liberal Markham—Unionville, ON

Thank you.

Thank you, gentlemen, for being here today.

My first question is for the CRTC.

The government has announced the creation of a new financial crimes agency. What opportunities do you see for stronger coordination among telcos, regulators, law enforcement, financial institutions and this new agency in disrupting the fraud network?

3:55 p.m.

Vice-President, Compliance and Enforcement, Canadian Radio-television and Telecommunications Commission

Steven Harroun

As you heard from many witnesses over the course of this study, that collaboration is key. Even today, all of my colleagues suggested the same thing. I think the new Canadian financial crimes agency will be exactly where you can get TSPs, banks and others in the room to combat this activity.

That's the biggest challenge we see at the CRTC—making sure everyone is speaking to one another. Everyone, I would suggest, is doing their part to keep abreast. That collaboration is key.

Michael Ma Liberal Markham—Unionville, ON

Thank you.

Before I pass it on, my next question is for Interac.

Mr. Hines, you talked about the importance of data sharing. What sort of data are we looking at, and how timely is it? Quite often, these procedures are more afterthoughts than help in preventing fraud. I'd like to hear what you have in mind, in terms of that data sharing.