Public Safety Committee on May 29th, 2019

Yes, I'm sorry. I understand your question now, Mr. Picard.

Yes. The origin of the money.... From an anti-money laundering, AML, perspective, we have an anti-money laundering department and a strong division and investment in detecting money-laundering activities. We treat those activities very seriously by tracing the money trail from the point of origin, funding source and the original deposit method, and we support law enforcement efforts in fighting any money-laundering operations or fraud schemes that are detected or reported on the platform.

We actually do validation of the data source or the money source at its origin, and in certain circumstances, prepaid has limits supplied on how much money we will allow to be deposited and what money can be withdrawn within a period of time or spent within certain websites. Our risk and fraud platforms do have very granular rules that detect certain financial instruments that are used based on the risk level. If there is an AML or a money-laundering method that we've written into our fraud patterns for that use case, like prepaid, as an example, we place limits and certain criteria to restrict losses and to minimize risk in that case.

We do. We perform behavioural analysis, and we have some artificial intelligence methods running in our risk platforms that are learning and baselining behaviours and payment patterns across the platform.

We do provide methods of withdrawing money in certain regions of the world, depending on where the money was sourced, of course. It can be withdrawn through different methods. We have a partnership, as an example, with Walmart that allows for cash withdrawals. With Walgreens and with local retailers, we've opened partnerships that allow for deposit and withdrawal of cash in local currency. Through our integration with the Zoom platform, we also allow for global remittance or transfer across borders of different transactions and withdrawal of money through different methods at retailers as well. The money can also be deposited or withdrawn in cash by certain methods.

I believe it depends on the risk rules. That's not my area of expertise, so I don't know the specifics, but there are limits depending on the age of the account, whether your account has been verified with identification and whether we've verified the account holder's history. There are other methods of raising that limit based on knowledge and know-your-customer indicators on trusting the account holder.

I'm not certain about that. I'm not in the fraud or AML department, but I know that we do report through FinCEN and other networks in the U.S. that I'm familiar with with respect to certain criteria. I'm not familiar with our reporting through the fraud pattern notification with Canada, though. We can certainly find out.

Sure.

We do verify device telemetry. We look for information about the device, the computer you're using, based on geolocation, on some other fraud detection patterns, to try to verify the authenticity of the user on the account. The account holder, of course, has to have the credentials to perform that payment or that transaction.

Generally speaking, the cyber-attack footprint has become much more complex and advanced. Cybercriminals have become much more of an economy unto themselves, and have layered their tools, their data, their methods of attack in a very sophisticated way, and in a very coordinated way in many cases.

Criminals are creating tools, and both executing and renting access to those tools. Distributed denial-of-service attacks, or DDoS attacks, have become much more significant and advanced over the years. The cyber-landscape in threats and emerging trends in that area have definitely become more complex, and have increased in scale dramatically in recent years.

Is that enough time?