Good afternoon, everyone. Thank you very much for the opportunity to address the committee.
My name is Terri O'Brien. I lead the risk management practice at Interac Corp.
For my opening remarks today, my goal is to provide insights and recommendations on cybersecurity from our unique position in the financial services landscape. Many of you know Interac already. Like millions of Canadians each day, you use our products and services to withdraw money and pay and transfer funds with security and convenience.
What you may not know is that Interac is 100% Canadian-owned and operated. What sets us apart is not only our Canadian roots, but the trust we have established with Canadians over our 35-year history. Last year, Canadians made 6.6 billion transactions, moving over $415 billion in value across our suite of products, including Interac debit and Interac e-Transfer.
Interac has been in the business of facilitating real-time payments between Canadians for decades, including our Interac e-Transfer product, which has been facilitating real-time payments since 2002. Of course, this includes real-time 24-7 fraud detection. With real-time payments comes the need for real-time security, prevention and detection capabilities, which we've built up over our history. Our real-time cyber and fraud capabilities help Canadians digitally transact with confidence across a variety of devices and platforms, including mobile devices. At the same time, we adhere to our core values that have been central to our history, including corporate responsibility, safety and soundness.
Security is a core element of everything we do, whether it's combatting fraud across our network or keeping the personal financial information of Canadians private. Therefore, cybersecurity is something we think about a lot.
As our economy and society have become increasingly digital, it is no secret that the pace of cybercrime has accelerated. As I'm sure you've heard in some testimony, and as we've read and seen in reports, around the world it has never been easier for people to access cybercrime goods and services. Fraud-as-a-service and cybercrime-as-a-service websites currently sell everything from credit card numbers to social media account credentials and denial-of-service attacks. All of that is available with a single click and for several hundred dollars.
In that regard, Interac was very pleased to see the government establish the Canadian Centre for Cyber Security last year and make new investments in cybersecurity in the most recent budget. We also support the creation of the centralized cybercrime unit under the RCMP.
Interac is in a unique position at the centre of the Canadian financial services landscape. We operate as a central payments and digital information exchange to facilitate the interoperability of payments and related information among our Canadian banks, credit unions, caisses populaires, payment processors, businesses and Canadian consumers. Because of this, we are in a unique position where we can detect cybercrime, including fraud and money laundering, as it moves throughout our system and between those institutions.
This is a unique role that Interac plays at the centre of the ecosystem. Whereas each financial institution can detect fraud and money laundering only within its own customer accounts, Interac can see the criminal activity across institutions.
In order to pick up on these patterns of criminal activity, we employ sophisticated tools that utilize machine learning and predictive behavioural modelling. When our systems detect high-risk or suspected fraudulent activity, actions are immediately taken, including suspending or blocking the transactions.
We also communicate directly with institutions across the financial system. We collaborate and share information to strengthen our collective resilience and security in the Canadian economy. A practical example of this for the committee is when we detect that financial criminals are utilizing many different accounts to target a specific bank, union or caisse populaire. In these circumstances, we alert the institution that is being targeted, while simultaneously working to block the activity and secure vulnerabilities at the various sending institutions.
Because cybercrime doesn't have business hours, neither do we. Our detection and prevention systems and staff operate 24-7, enabling us to counter cybercrime in near-real time.
We are constantly evolving our approach in order to keep Canadians safe when transacting over our networks. In 2018, our fraud risk mitigation practices prevented over $100 million in fraud losses, and we had over 4,300 malicious websites taken down.
We also work together today with the RCMP and local law enforcement to support and assist in their investigations of fraud and related criminal activity. Protecting Canadians' financial information amidst the changing payments landscape is a top priority for Interac.
Since the advent of mobile wallets, payments are now made through smart phones and other devices, as mobile payments are growing in popularity among Canadian consumers and businesses every day.
In order to secure the payments made via the Interac debit network on mobile devices, Interac became one of the first domestic debit networks globally to establish its own token service provider, or TSP. Our TSP ensures that personal identifiable information, including account numbers, is replaced with randomized information, or tokens, that is of no use to hackers or criminal activity.
Expanding the use of tokenization is one way we can enhance cybersecurity for the benefit of Canadians. Collaboration and coordination among private and public entities are also pivotal to addressing the volume of cyber-threats that exist today.
We see three specific areas of focus here that can greatly benefit Canadians. The first is information sharing with the new cybercrime unit in the RCMP. The second is a more targeted approach to detecting cybercriminals. The third is ongoing public education and awareness.
Interac believes there is an opportunity to reduce impediments that currently exist in order to enable more open sharing of known cyber-threats between Interac and the government through secure and trusted channels. This should include looking at legislative changes, as well as safe harbour provisions, to open up communication channels and address concerns around enforcement actions.
Second, when it comes to detecting cyber-threats, we see benefits in utilizing a more targeted approach as a key point of emphasis. The way threats are detected today is akin to a scattershot, in that all transactions must be scanned and analyzed with equal importance. A more efficient model would be one that focuses on lists of known cybercriminals and cyber-threats and those vectors and behaviours, utilizing information from government and law enforcement, as well as financial institutions and Interac.
Interac could play a pivotal role here, given our ability to detect criminal activity across our network and our connection to almost 300 financial institutions. Interac, at the centre of the ecosystem today, could represent a secure information exchange with the RCMP in the future, to allow both organizations to take a targeted approach in detecting and preventing crime, rather than scanning all transactions. We believe government can and should play a leadership role here by establishing and maintaining clear processes and lines of accountability.
Finally, at Interac we recognize there is a need to provide ongoing public information and education about cyber-threats and security best practices to support an increased knowledge of the current risks and how to keep Canadians safe. We regularly conduct proactive campaigns designed to educate and inform. We also participate in forums such as the Competition Bureau's public education working group to share our insights and results. We also collaborate actively with the RCMP and local law enforcement.
We look forward to further collaboration with the government on information sharing, targeted detection, and public education in the future.
To conclude, I would like to emphasize Interac's commitment to cybersecurity and our willingness to work together with the government, as we do today. We support recent initiatives and investments made by the federal government, and we believe that continued education and discussions like these can advance industry-wide solutions to help keep Canadians safe from cybercrime.
Thanks very much.