Evidence of meeting #165 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was data.
A video is available from Parliament.
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
I have a more lighthearted question to start with.
Do you know that at the bottom of the screen, it says, “SCF Superman”?
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
Yes, it does. That's my conference room.
4:55 p.m.
Voices
Oh, oh!
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
Okay. I'm just wondering, because that's televised, so everyone is going to see that.
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
Yes. That's a joke, so you're just fine.
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
You mentioned that you don't trade data. Is there no interaction of any data, besides transaction data, between PayPal and any other company, for any reason? Would that be correct?
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
We don't sell or rent data. There are certain fraud detection and other methods that we use. There are certainly integrations with merchants where we require certain data types. We don't sell or rent our customer data. The customer data footprint is not exchanged with third parties for marketing purposes, unless it's opted in on the PayPal platform by our customers.
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
What data, besides transaction history data, does PayPal collect from its own customers, for some marketing purposes?
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
I'm sorry, Mr. Graham, I'm not in the marketing department, so I'm not sure which data elements the marketing department uses. Again, we don't rent or sell that data outside of the platform. I'm not sure what we use onside of the platform, and into our platform, from a marketing perspective. Do you mean if they source other data, in other words, or data that's collected from PayPal customers?
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
I'm just trying to get to the bottom of it. Mr. Picard and I just came out of three days of the grand committee on privacy, and we've discussed the avatars companies create, and this type of thing, so it's obviously top of mind for us and I'm trying to understand the level of information PayPal has on its users. Is it just: This person has sent this much money, and that's all we know about him, or is there a great deal more information retained by PayPal about their users?
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
Certainly from a financial perspective, and in regard to some of the prior questions around any money-laundering detection and fraud prevention, we need to collect more data around transaction details, usage of the platform and device information, to comply with local law enforcement and regulators that require us to maintain knowledge of customers.
From a know-your-customer, KYC, perspective, the transaction history and the usage of certain customer computers and devices are bits of information we use to detect fraud. Those are, again, not used for marketing purposes. We wouldn't market you because you have connected a certain device type to us, if, for example, we use that for fraud prevention. Again, to my knowledge, that's not information we would have in our marketing team's purview, to expand on or share outside of that function.
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
A couple of years ago, there was a lot of ink spilled over a class action lawsuit against PayPal for accepting donations to charities that weren't members of PayPal, and it was eventually referred to binding arbitration. By any chance, do you know the status of that suit?
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
I don't. I recall reading about it, but I don't recall the status of that suit.
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
Then it wouldn't be in your purview to discuss why PayPal would accept donations for clients they don't have.
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
I'm not in that space; I'm in the cybersecurity space.
As I understood, though, it was one of those situations where, as we accept for charities, whether we validate that the charity is a valid one was a concern in that case. I don't recall if it was outside that scope, because it wasn't in my purview.
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
In the time I have left, can you give us a bit of a taste of the evolution of PayPal cybersecurity?
You've been around since 1998, and an awful lot has changed in that time. Do you have some key moments that you'd like to tell us about?
4:55 p.m.
Senior Director, Information Security, PayPal, Inc.
Certainly.
PayPal was part of eBay until just five years ago, and at that point, eBay had encountered some cyber-events. We were part of a program that learned from those. We've emerged into the leading digital payments platform that has evolved into a global leader in this space.
We've certainly invested a lot in knowing the industry partners and working with government and working with public and law enforcement agencies to make sure that we understand the climate of each of the regions that we do business in. We've invested quite a bit in our fraud platforms to understand more about what types of criminals are trying to defraud customers. Of course, we've remained true to protecting customers data and standing behind them with our buyer protection program and safe practices in protecting consumers in all those situations.
4:55 p.m.
Liberal
David Graham Liberal Laurentides—Labelle, QC
Thank you for having come, because I know a lot of other companies in this sector haven't come to visit us. I really appreciate people taking the time to come and discuss these issues with us.
5 p.m.
NDP
The Vice-Chair NDP Matthew Dubé
Thank you, and I will echo those sentiments.
Mr. Johnson, thank you very much, not only for your time but also for your patience, as we were a bit delayed in getting started.
Thank you very much, colleagues.
Given the time and the fact that we have to go to vote, it serves no purpose for us to come back later. So I thank you for indulging me as Mr. McKay's temporary replacement, and add that our meeting is adjourned.
The meeting is adjourned.