Industry Committee on Nov. 16th, 2011

If we had a magic formula, we'd be using it. The average small business has been trying to make payments to suppliers at the end of the month, get paid by clients at the end of the month, and all the time manage their costs. It's not that different from a typical consumer trying to pay the mortgage and the power bill, pay for the groceries, and send the kids to school, all at the same time.

We've been successful in delivering a host of valuable payment solutions in the consumer space for a long time. We're beginning to ask how we can take what we do well in the consumer world, where I think we are a recognized leader on a global scale, and apply it in the business arena, particularly at the small-business end of the spectrum.

I think government has done quite a bit of good work in this area. Canada has surprised many other jurisdictions in moving forward with a voluntary code of conduct.

I must admit,

we wanted the code to be involuntary, not voluntary, but we also saw that it was achieving the goals.

I'm not sure I could speak about caps. The one thing I would remind the committee is that there is a task force for the payment system review and this brought everyone together.

It included small businesses, large businesses and

different stakeholders, and they have prepared recommendations that are worthy of this committee, of your attention in government. They deal with Canada falling behind in some issues on mobile payments. They talk about small business and how we can help them pay their bills electronically versus with cheques.

I think all of those, including what's happening in the payment system, are addressed in a serious way in this paper. I would recommend that we look at that report. I think that will answer many of those questions.

The CANARIE network is funded by a combination of federal funding, provincial funding, and user fees that we charge. The majority of the user fees come from the institutions that we connect. So mostly it's from the universities, and to a lesser extent, from a monetary perspective, colleges, government laboratories, and K-12 schools.

Every university and the vast majority of the colleges--but not every college--are members of the CANARIE network, yes. It's connected to the CANARIE network.

That's a great question. The answer is absolutely it has. When CANARIE was started in 1993 the commercial Internet was just getting started and CANARIE actually acted as a test bed for the development of new technologies that were ultimately deployed in the commercial Internet in a production network. Over the last 18 years CANARIE's network has become more of a production network in support of research and education. But what we've recently done is allocated a portion of our network for this kind of experimentation, to continue the evolution of next-generation technologies and the commercialization of those technologies in the commercial Internet.

Is this something you'd like to talk about?

My colleague, Mr. Revell.

Sure, I can cut in on that.

In terms of security, the current generation of technology is basically chip and PIN. That's a standard of security. And the question is how do we actually extend chip and PIN functionality through all the other channels? When we talk about mobile payments and the state of the art, we talk about NFC, near field communications, and being able to do payments off your phone, etc. In behind it is the same type of state-of-the-art security of chip and PIN.

Maybe Dave could help me out here, but the main focus is what the banks have been building over time. And it's where we are now, and we want to extend that. It's called defence in depth. That's the strategy, and it's a layered approach on security. What it is, you have both the front end and the back end.

You can ramp up the front end, and they're getting progressively more sophisticated, based on the risk--that is, the assessment. You could have simple identification in a password or you could ramp that up. You could have machine tagging, for instance. If an online request came in and it's not from the machine that you normally use, that prompts a series of questions, questions about what you know or what you have. If they, in turn, then assess that there is risk beyond that, they might introduce things like tokens, a separate little piece of hardware that adds an additional multi-factor security. So there's a lot of front-end stuff.

The back-end stuff.... You've seen this yourself, and this gets progressively more sophisticated every day. If somehow a bad guy can actually penetrate that and try to commit a fraud, you have what they call heuristic systems that check your behaviour. If your behaviour is out of sync, they will send up a flag, geographical flags, transaction limits. These are all very dynamic and they're moving. The idea is to try to get that security throughout the system as well.

Thank you, Ms. LeBlanc.

Actually, you already mentioned the obstacles. Usually, the problem has to do with money, especially a lack thereof. The budgets that small and medium-sized businesses have at their disposal are limited, especially in retail. We are talking about a margin of 3% or less. In grocery stores, it is around 1%. So there is very little money in the bank, so to speak, to invest in new technologies that have a very high level of risk attached.

The second challenge is what is known as economies of scale. It costs businesses that are a lot smaller a lot more.

The third obstacle has to do with labour. It is hard to find people who want to work for a small business, especially in the area of technology. Most university graduates want to work for big international companies.

Those are the three biggest challenges that small merchants face today.

With regard to adoption of ICT technologies, information and communication technologies, in small and medium-sized companies, one of the big barriers is lack of sophistication in understanding the technologies themselves. Larger organizations will have dedicated departments with chief information officers who can help the organizations identify and adopt new technologies. Smaller organizations tend to employ more generalists, who don't have the sophistication in understanding the technology. Canada lags behind many other OECD countries, including the U.S., in the use of ICT technologies in our businesses.

That gap has been widening over the last few years. CANARIE has taken a step to try to help smaller companies understand newer technologies like cloud computing by allowing companies to use the CANARIE network and CANARIE facilities and to learn from CANARIE experts so that they can adopt these technologies more readily in their business.