Evidence of meeting #155 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was data.
A video is available from Parliament.
5:20 p.m.
Chief Information Security Officer, Toronto Dominion Bank
Again, I'm the technical security person for data and systems. I'd have to follow up with our product folks and product people.
5:20 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
Fair enough.
When I travel around the world, for example, and I use my credit card or my debit card in different places, does TD track where and what I'm doing with it for any purpose other than [Inaudible-Editor] the transaction?
5:20 p.m.
Chief Information Security Officer, Toronto Dominion Bank
No, only for fraud purposes.
5:20 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
Fraud purposes. There are no marketing purposes whatsoever at any stage of that?
5:25 p.m.
Chief Information Security Officer, Toronto Dominion Bank
Your transaction data and the point of sale transaction is what ends up within the systems within TD. Is that your question?
5:25 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
Let's say I go to the bank across the street here, and then I go to Saskatoon and then I go to Taipei. You now know that I'm travelling and you know roughly what I'm buying. Is that data used for anything other than security tracking?
5:25 p.m.
Chief Information Security Officer, Toronto Dominion Bank
Again, I'd have to defer to the product folks who do that type of target marketing.
5:25 p.m.
Chief Information Security Officer, Toronto Dominion Bank
In my professional opinion they still have some value—that's “something you know”—but the value of that credential is dramatically decreasing year over year.
5:25 p.m.
Chief Information Security Officer, Toronto Dominion Bank
The alternative is various forms of biometrics. You still want some form of something you know, or something you have, along with the biometrics themselves. That's really the “something you are” in the scheme they refer to as “multifactor authentication”.
I think if you look at the thumbprint readers today and at some of the facial recognition technologies in the marketplace, they're becoming far more robust. In most cases they're a more powerful authenticator than a customer's username and password.
5:25 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
That's fair. If your biometrics are compromised, is there anything you can do?
5:25 p.m.
Chief Information Security Officer, Toronto Dominion Bank
We bind a biometric to a user, so we can then suspend that and re-enrol the user. We don't retain your entire.... With a thumbprint, for example, none of these devices actually retain your entire thumbprint. They all have their own proprietary algorithm of points that they take, and they actually retain that data only. Schemes vary from device to device.
5:25 p.m.
Chief Information Security Officer, Toronto Dominion Bank
Your thumb is safe.
5:25 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
The thumb has to have temperature to it, too. It has to have blood flowing, so that's another whole issue.
5:25 p.m.
Conservative
5:25 p.m.
Some hon. members
Oh, oh!
5:25 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
On a slightly lighter note, in Monday's meeting the topic of Y2K came up briefly—I don't remember why—and I didn't have a chance to come back to it. Is TD Y2K38-ready?
5:25 p.m.
Chief Information Security Officer, Toronto Dominion Bank
We haven't performed a robust assessment on that yet.
5:25 p.m.
Liberal
