-Consulting with Canadians -

Archived

Archived information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Canadian Consumer Initiative Submission in Response to Finance Canada's 2006 Review of Financial Sector Legislation:

The need for legislation governing electronic payments in Canada

Canadian Consumer Initiative

June 1st 2005


Table of Contents

Introduction

I - Electronic payments: the context

II - Principles for a reform

III - The changes to be made

In conclusion


Summary

The five consumer organizations member of the Canadian Consumer Initiative jointly recommend that Parliament enact legislation to ensure the implementation of an appropriate framework for electronic payments in Canada.

Electronic payments are becoming increasingly important in the Canadian economy. The trend will only accelerate in the coming years. These new types of transactions are beset by risks however. Operational risk is obvious, but other types of risk also arise. Unfortunately, the current legal framework contributes to risk, instead of mitigating it. It is archaic, arcane and set a "playing field" which is anything but level. Other jurisdictions have tackled legal issues surrounding electronic payments as far back as 1978: it is high time for Canada to adapt its legislation to the changing market.

A new legislation should not regulate all minutiae of electronic payments. Rather it should provide a principled framework. It should apply to the broadest range of payment technologies, strive for technological neutrality, ensure security and insist on accountability and transparency of practices. It should deal with issues such as the adaptation of the concept of legal tender to electronic payments, freedom of choice of payment solutions by consumers and risk allocation and mitigation. It should also provide for adequate dispute resolution and the action of an effective regulator, which should be the Financial Consumer Agency of Canada.

Establishing a modern, coherent framework for electronic payments in Canada is in the interest not only of consumers, but also of financial institutions, retailers and, more generally, all participants in the economy. Canada has an opportunity not only to bring our regulatory regime to par with its international partners, but to become a world leader in one of the most vital dimensions of economic life in the twenty first century.


Introduction

A - A brave new world

Electronic payments are now used more often by most Canadian consumers than notes and coins. Direct debit transactions are commonplace, even for trifling sums. Credit card operations are almost always electronic, and are increasingly performed without the need to physically present the card. Cheque imaging is around the corner. New services, such as stored-value cards or facilities offered by a provider such as PayPal, are being experimented or are actually gaining in popularity.

These developments come with a multiplication of actors. There are now deposit-taking institutions, card issuers, transaction acquirers, networks, switch operators and other intermediaries involved in the processing of run-of-the-mill payments. Some operate outside Canada. And while paying seems simple to the consumer, the systems in place in fact require complex technology which those processors choose, deploy and manage, and which most users do not understand.

Numerous issues therefore arise. They obviously have to do with risk allocation, security or redress. But they also have to do with matters such as currency and legal tender, freedom of choice, evidence or prudential regulation of payment processors. Yet there is currently no clear, adequate legal framework for electronic payments in Canada. In that area, we lag behind the United States, which adopted its first Electronic Fund Transfer Act in 1978, or the European Union, which has begun to regulate some electronic payment providers. In Canada, consumers, merchants and other parties must make do with an obsolete legislative framework, codes of conduct or rules which are too often observed in the breach and contractual provisions dictated by the strongest parties.

Markets can hardly be more efficient than the payment mechanisms on which they depend. The payment market's[1] efficiency itself is increasingly reduced by legal risk and informational asymmetry. The challenge is clear.

Electronic payments can make the economy more efficient. But consumer confidence is vital to their success, and thus to the economy in general. There is a risk that an inadequate legal framework for the most common electronic payment mechanisms will come to erode confidence in such systems. It is therefore important for Canada to act now, to ensure the implementation of a fair set of rules governing electronic payments.

B - The intervenor

The Canadian Consumer Initiative ("CCI") was created in 2001. It is composed of five (5) of Canada's most important consumer organizations,[2] which agree to unite their efforts regarding specific issues that are of great concern to Canadian consumers.

CCI determined in 2004 that issues surrounding electronic payments would count among its foremost priorities. It published a framework for a reform in this area in 2004, which forms the core of the present submission. CCI greets with great interest the decision by the Department of Finance to include issues regarding electronic payments among the topics singled out for consultation with a view to prepare for the five-year review of the Federal legislative framework for financial services.

C - The submission

This submission presents the common views of CCI members with regard to electronic payments. CCI members may choose to comment individually on other issues related to the five-year review of Federal legislation.

After reviewing the evolution of the electronic payment landscape in the last few years, the document identifies five overarching issues and proposes seven principles on which to base a new legislative framework for electronic payments in Canada. In Part III, more specific proposals will be considered regarding the contents of the future Electronic Payments Act.

Failure to comment on any issue pertaining to electronic payments in this paper should not be implied to signify either support or disagreement with any specific initiative, rule or proposal.

I - Electronic payments: the context

A - Payments innumerable?

There are literally countless payments being made in Canada each day. They range from a "loonie" for a coffee cup to a transfer of tens of millions of dollars through the Canadian Payments Association's ("CPA") Large Value Transfer System[3]. But payments are in fact becoming easier to tally, as electronic operations leave a measurable trace, and the latter's numbers are visibly ballooning.

In 2004, electronic items represented almost 76% of the volume of payments processed through the CPA's Automated Clearing and Settlement System (or "ACSS"), as against 65% in 2000 and 38% in 1995[4]. The proportion of electronic items therefore doubled in less than ten years.

In particular, Canadians used Interac Direct Payment at the point of sale more than 2.8 billion times in 2004, for a total value of over $140 billion; both volume and value have more than doubled since 1998[5]. The average transaction was for $45.79 in 2004[6]. According to Interac figures, cardholders now use direct payment more often than cash.[7]

There are now almost as many pre-authorized debits and credits from and to Canadian deposit accounts as there are "small" cheques going through the ACSS[8]. Consumers increasingly pay their accounts through websites. Electronic transactions have become so common that one financial institution reports that almost 90% of customer transactions are conducted through electronic channels, an increase of 16% from 2003[9]. And while transactions at the automatic banking machine ("ABM"), for instance, are now routine, they also illustrate some of the less visible changes occurring in the area of electronic payments.

While it may surprise many, the number of "shared cash dispensing transactions" has actually declined each year in Canada since 2001[10]. Two factors may help to explain this trend: first, consumers need less cash as they use direct payment and so do not need to obtain cash from ABMs as often, as they can actually withdraw money from their account through a merchant. Second, the significant increase in fees might have moved consumers towards using their own institution's bank machines more often, rather than ABMs from other institutions - an hypothesis belied in part by the fact that cash withdrawals at bank-owned ABMs, including "or-us" transactions, are also declining[11].

What is clear however is that despite the constant reduction in the number of ABM transactions, the number of machines has kept on growing in Canada. In fact and from 2001 to 2004, more than ten thousand new ABMs have been added to the Interac network[12]. The number of ABMs operated by deposit-taking financial institutions has been fairly stable however[13]. The implication is clear: easily one half of the ABMs currently deployed in Canada are operated by entities which are not regulated financial institutions. As an aside and with the number of transactions declining almost as fast as the number of ABMs is increasing, either the profitability of those operators or additional increases in transaction fees are likely to become a market issue in the next few years.

In another area, the number of credit card transactions in Canada has increased by 12% from 2003 to 2004[14]. What is of interest here however is that a large proportion of those payments are made without the cardholder providing his signature or even showing the card. In fact, some retailers go as far as providing their customers with radio devices that serve to authorize transactions instead of the card itself - and which may well be even easier to steal than the credit card itself[15]. Credit cards therefore become as easy to use as cash.

Such commodization of electronic payments is but a nascent trend. In Asia and the Middle East, the Visa network is now offering the Visa Mini[16]:

finance - image

We could not put it any better than Visa itself does:

Shopping with Visa is becoming a style statement across the Middle East with the launch of Visa Mini cards in many more markets.[...]
[...]
[...] To emphasize their stylishness, they can be worn as fashion accessories.[17]

With its pinhole, the Mini can indeed be worn on a necklace or as an earring, for example. The e-payment tool is thus always on hand, even more so than cash could currently be. The payment tool and clothing become intertwined. Since it is too small to be used in an ABM, Visa expects the Mini to replace cash at the point of sale.

The Visa Mini is but one step in a broader strategy by the network, which includes multi-function cards such as one experienced in Moscow since 2004, where two million "Social Cards" have been distributed. In addition to acting as normal credit cards, Moscow Social Cards (or "MSCs") bear a contactless interface allowing their use to pay the fare for taking the Metro or to obtain State benefits such as those granted to veterans or elderly people; they could also, eventually, be used as a full fledged identity card, emitted (privately) by a Visa member[18].

According to Visa, worldwide electronic payments using credit or debit cards amounted to five trillion dollars in 2003[19]. More meaningfully perhaps, Visa, which accounted for the processing of half of those payments, is of the view that there exists an undeniable and direct correlation between using cards for payment purposes and economic development[20]. Migration to electronic payments might procure savings on processing costs as significant as five percent (5%) of the world's gross national product[21]; as funds would be more accessible, consumers would spend more, accelerating the economy. Since savings would remain in the banking system so as to be available for electronic payments, banks could lend more. In sum, electronic payments (and their unavoidable providers, banks) are in Visa's view the path to worldwide prosperity.

When a stakeholder as large as the worldwide Visa network puts all its weight behind the replacement of cash by plastic and electrons, there can be little doubt the markets will be transformed. The writing is on the wall: cash will no longer be king. Whether that revolution will lead to an orderly system or chaos remains to be seen.

B - Risks innumerable?

The definitions in CPA Rule E2 refer to eight (8) different actors potentially involved in the processing of an electronic on-line payment item but there might in fact be as many as thirteen parties involved[22]. Of course (and justifiably so), networks (such as the Interac group[23]) offering such electronic on-line payment services intend their product to be highly user- friendly and "transparent" to the user - that is to say, the consumer will normally have no idea of the complexity of the transaction, nor will most merchants probably understand exactly the process either.

That is but an illustration of the way the electronic payment market has evolved in Canada in recent years. Undertakings specialized in payment processing now act as "acquirers" for most credit and debit card point of sale transactions or "white label" ABM cash withdrawals; they are unregulated and in most cases consumers are aware neither of their name and location or the part they play in moving their funds along. While stored-value cards do not yet seem to have gained a significant portion of the Canadian market, gift cards are getting a foothold in the United States and may well migrate north, yet nothing regulates the solvency oftheir issuers[24]. Payment intermediaries such as PayPal are not regulated in Canada. Vet all those unregulated actors may well dip into consumer accounts held by regulated institutions and might eventually undermine the latter's stability[25].

Consumers, retailers, intermediaries and even financial institutions are no longer quite sure they clearly understand what is happening as a payment is processed[26]. Operational and credit risks are increasingly difficult to assess - and mitigate. Reputational risk is therefore also at stake.

Unfortunately, the current legal framework contributes to the risk. Under the Currency Act[27], only the offer ofBank ofCanada notes or some types ofcoins constitutes legal tender and no other form of money is current. With notes and coins representing probably less than five per cent (5%) ofthe Canadian monetary mass, the rule is hopelessly archaic and provides no certainty ofpayment for most transactions[28].The Bills of Exchange Act, governing cheques, has not been significantly updated in a century[29].

The Canadian Code of Practice for Consumer Debit Card Services[30], which purports to safeguard consumers using ABMs or doing point-of-sale transactions, is unclear on a number of issues[31] and is most often observed in the breach. CPA rules impacting consumer interests[32] are unevenly known (to say the least) by financial institution frontline staff, let alone by consumers themselves, in addition, they formally apply only to payments which go through its clearing systems, and not to "onus" transactions[33]. Interac rules and requirements are for the most part not in the public domain[34]. As for the service agreements between providers and consumers, they are drafted by financial institutions and imposed on consumers; and there is scarce evidence that bankers are currently competing in the market on the generosity of their agreements' terms...

Legal uncertainty breeds risk. There can be little doubt that the Canadian payment industry is already waist-deep in legal risk and the tide has but started to rise. The fact that no catastrophic incident has yet occurred in Canada should not blind us to the necessity for a re-appraisal of our legal framework. It is unsettling, after all, to find that in some areas, Canada lags twenty years or more behind the United States regarding consumer protection in the payment sector and that the European Union is already attempting to tackle emerging issues.

C - Solutions innumerable?

United States federal legislation has covered transparency and liability issues surrounding most types of electronic payment since 1978, with the advent of the Electronic Fund Transfer Act[35]. The EFTA applies to

[...] any transfer of funds, other than a transaction originated by check, draft or similar paper instrument, which is initiated through an electronic terminal, telephonic instrument, or computer or magnetic tape so as to order, instruct or authorize a financial institution to debit or credit an account. Such term includes, but is not limited to, point-of-sale transfers, automated teller machine transactions, direct deposits or withdrawals of funds, and transfers initiated by telephone. [...][36]

While the definition appears to be remarkably broad (especially considering its age), it should be noted that the EFTA applies mostly to financial institutions per se and to operations on an account. The EFTA requires financial institutions to provide periodic statements. It requires pre-authorized debits to be authorized in writing, allows a consumer to withdraw a pre-authorized debit authorization on three-day notice and forbids a credit grantor to demand repayment through pre-authorized debits. Whenever a consumer believes a fund transfer covered by the legislation is incorrect, he has sixty (60) days to inform his financial institution, in which case the institution shall investigate promptly and refund the consumer on an interim basis. Consumer liability relating to a covered electronic fund transfer cannot exceed fifty dollars (50 USD) and it is incumbent on the financial institution to prove that the consumer has been negligent.

Considering financial institution practices in Canada, it would actually be quite interesting to document how their subsidiaries in the United States[37] are coping with those requirements; bankers on this side of the border may have some things to learn from their American brethren...

Since 1974, United States-based credit card issuers have been required to provide a charge-back mechanism when, inter alia, consumers point out billing errors or when goods bought with the card have not been delivered in accordance with the purchase agreement[38]. While we understand that some card issuers now provide such a mechanism on a voluntary basis in Canada, consumers do not enjoy the legal certainty and the level playing field provided to their counterparts in the United States.

Congress enacted the Expedited Fund Availability Act[39] in 1987. The Act provides for various fund availability deadlines after they are deposited. One can only regret that Canadian financial institutions, which take great pride in the efficiency of our clearing and settlement system (especially as compared to the United States'), often appear to be unable to make funds available to consumers as quickly in Canada as they would legally be required to in the United States. Again, it bears pointing out that United States subsidiaries of Canadian banks are currently required to comply with those provisions in the context of a clearing system which is notably more complex than Canada's.

As for the European Union, it has inter alia adopted a directive dealing with electronic money issuers[40]. While there is no charge-back requirement per se in European Union law, a limited joint liability regime applies in some cases to card issuers and national legislation occasionally provides remedies akin to charge-backs. Recommendations adopted by European authorities, while not binding on Member States, point for their part to limitation of consumer liability where transactions were not authorized, to liability capping and to the establishment of redress mechanisms. Practices in some European countries, such as those framed by the United Kingdom's Banking Code[41], are way ahead of what is in place in Canada.

In short, we are laggards. That will surely not be the place to be in the electronic payment environment, even in the near future. Even dominant industry players such as the Visa Association are publicly of the view that an appropriate legal framework is necessary for the development of electronic payments[42]. It is a prerequisite for the transition to the universal use of electronic payments which Visa aspires to, since it is an essential ingredient for the trust that needs to develop:

The toughest task facing banks worldwide is to persuade their customers to use cards for everything they need. There is no magic formula, but the combination of a broad acceptance network, education, tailored products, fair pricing and repeated marketing efforts can make a real difference [...].[43]

We therefore greet the current discussion on electronic payments, initiated by the Department of Finance, with great interest. We are of the view that for this market to develop soundly in Canada, it is urgent that legal risk be attenuated. We are convinced that such a result can be achieved without impairing innovation and appropriate competition (as the United States example shows). In order to achieve such results, the new Canadian law of electronic payments will need to be based on a small number of fundamental principles; combined, they should lead to efficient solutions to most of the overarching issues consumers are likely to face in the coming decades.

II - Principles for a reform

A - The need for legislation

Whenever a new market evolves, a tension appears between the will to allow for innovation and the necessity of mitigating the risks. The law, whatever forms it may take, walks a narrow path. It is not a matter of the quantity of law put in place however, nor of the kind of law[44]; it is a rather a matter of the effectiveness of such law. In order to be effective, law must be fair and be perceived to be fair; it must be reasonably simple, understandable by stakeholders and sufficiently known; and it must be reasonably flexible. In turn, fairness requires that stakeholders have a say in the creation of the law and that risk and benefits be adequately allocated.

It is therefore manifest that contracts alone cannot provide the legal framework required to support the development of electronic payments in Canada. Consumers - and customers in general - most often have no real power on the contents of agreements proposed by their financial institutions, and they play no part in contracts between acquirers and networks or service providers, for instance. Most of those contracts are not made public and the system is therefore anything but transparent. In addition, consumers lack the technical expertise to assess the level of risk associated with electronic payment mechanisms and suffer therefore from an immense informational asymmetry in this area. Nothing can realistically be expected to change those facts of life.

The Canadian experience with codes of practice in the financial sector is anything but exemplary. When compared with the United Kingdom experience, for instance, the process seems stultifying, the codes' ambit narrow in the extreme and the implementation inadequate[45]. In addition, voluntary codes are precisely that - voluntary, which cannot provide the level of legal certainty required with regard to a number of issues: the rules governing the validity of a payment in a modern economy should not be subject to the vagaries or whims of individual parties, especially when payor or payee may well be unaware that a specific party acts as an intermediary in the processing of their transaction.

We are therefore of the view that legislation is required, and indeed unavoidable. It is the only effective way to ensure that issues are publicly debated and to provide a level playing field for all by requiring universal compliance with the rules that will have been agreed upon. It is the only way to tackle issues related to national sovereignty, such as what can be used as money to perform a payment in Canada. It is the only way to provide a level of certainty and transparency that is sorely lacking.

Such legislation needs not to be unduly detailed. The United States' Electronic Fund Transfer Act shows that a well-crafted statute can endure for decades without stifling innovation while providing the basic safeguards consumers require in order to trust services and providers. Legislation should therefore focus on establishing a small number of principles that all must abide to.

B - Seven principles

1 - the framework

The design of a legal framework for electronic payments in Canada should be based on a small number of fundamental principles:

  • universality: the broadest range of payment technologies should be regulated;
  • neutrality: all technologies should be regulated by similar rules;
  • security: payment technologies should be secure;
  • accountability: risk should be supported by the party which creates it;
  • transparency: rules, roles and prices should be transparent to all parties;
  • liberty: payors should be allowed to choose the payment technology they prefer;
  • enforceability: parties should be able to ensure the framework is effectively enforced.

Of course, it is to be expected that all principles will not be fully applicable in all instances. For instance, a consumer would not be able to compel a merchant to accept a credit card payment if that merchant does not participate in a credit card network. In turn however, that consumer should not be compelled to pay through one specific process, to the exclusion of all others, as happens now with businesses that will take only preauthorized debits to the exclusion of cash or cheques, for example.

The design of a legal framework for electronic payments in Canada will also need to take into account the distribution of powers between Parliament and the provinces and territories. We are well aware of the complexities raised by our Constitution. We believe however that Parliament can and should play a leading role[46] and that cooperation with other authorities in this area can be effective and fruitful.

Before examining more closely a set of issues and specific solutions, it may be useful to provide more details on the scope we ascribe to those seven principles.

2 - universality

Electronic payment methods are proliferating at an impressive pace, as are providers. Fairness to all parties and clarity require that, insofar as possible, all providers bear similar regulatory burdens. A level playing field is important for competitors, and users of payment systems must be able to assume that their payment is entirely covered by adequate rules, whatever method they choose and notwithstanding the number of participants in the processing of the transaction.

We are currently nowhere near such a situation. Some electronic payment methods are covered in whole or part by rules established by the CPA, Interac or credit card networks, the legal status of which differs. Consumer liability regarding more than one billion debit card transactions annually is merely governed by a voluntary code of practice. Other methods, such as PayPal or stored-value cards, are essentially unregulated. The duties and liabilities of acquirers are also left at best to contracts. As a result, important players in the Canadian payment universe are privately beginning to worry that the rapid growth of unregulated payment methods and providers may increase risk not only to individual participants, but even to the regulated payment system as a whole.

As for consumers, the reality is that they cannot be expected to determine whether a specific payment mechanism is appropriately regulated or not, and if so how and by whom[47]. The most effective way to overcome such an informational challenge is to simply establish a regime where all payments are covered: all interested parties therefore know that they can rely on rules which mitigate the risks associated with transactions.

A century ago, payments were essentially performed in cash or through bills of exchange; with the adoption of the Bills of Exchange Act in 1890[48], a specific and modern legislative framework was provided at the time for practically all payments occurring in Canada. As payment methods have diversified, the law has lagged behind, yet legislation is the surest way to mitigate legal risk and ensure that all payment methods, whoever be their provider, are adequately covered by public and mandatory rules. Thus it is time for the legislator to catch up and re-establish a universal regime for payments in Canada.

3 - neutrality

However useful it may be, it is not sufficient to provide a universal regulatory framework for electronic payments. Insofar as possible, it should also be technology-neutral and therefore fairly uniform, whatever payment method may be used.

The current regime is a hodgepodge of rules with differing status, sources and contents. In case of an unauthorized transaction, for instance, the protection afforded to the consumer will vary significantly according to whether it was a credit card payment[49], a pre-authorized debit[50], a tele-cheque[51], a debit card payment[52], a payment covered by CPA Rule E-2[53], a payment through a mechanism such as PayPal[54] or a payment through web banking[55], to give only those examples.

It should not come as a surprise therefore that consumers are somewhat confused, but so are often retailers and bankers. The issue is not confined to remediation however, but extends to the success of the various payment methods, which may be chosen or avoided for reasons that should not need to be considered: more broadly, avoidable legal risk breeds growing inefficiency into the market.

Insofar as payors and payees are aware of legal differences between payment mechanisms, they may opt for a less than optimally efficient solution simply because it appears to lessen a specific type of risk to which they feel more vulnerable. For instance, a consumer making a payment on a website may be tempted to use a credit card to reduce her liability should the good not be delivered, but in so doing she provides to a possibly unknown retailer personal information which may be abused (i.e. a credit card number), she uses up credit and she imposes additional costs on the retailer. Other payment methods might be globally more efficient, but are avoided as the consumer focuses on one specific risk. As a result, unnecessary discrepancies in the legal framework distort the market.

On the other hand and where a payor is unaware of those differences, he may well opt for a payment method without appropriate knowledge of the risk he incurs. Imperfect information obviously makes for imperfect markets too.

If legal risk is to be evened out, it may be that rules governing specific payment methods will need to vary slightly. Credit and debit transactions, for instance, may require somewhat different solutions. The end result however should be that the level of risk incumbent on the various participants should not vary significantly according to the payment method used[56], while differentiation between specific regimes should be kept to a minimum. In order to achieve that result, it would seem that legislation should provide a framework defining the goals to be attained, while more specific rules might be articulated through regulation or, where appropriate, other types of norms[57].

4 - security

The need for a reasonably high level of security in the payment environment is so obvious we need not belabor the point. As a most fungible means of exchanging wealth, money has been surrounded since its creation by locks, guards and signatures or other modes of authentication. The migration to electronic payments requires however that new solutions be provided to the challenge of ensuring that the right people, and only them, have access to their funds.

The challenge of authentication remains whole. Current methods such as magnetic stripe cards and personal identification numbers are both vulnerable and poorly adapted to the consumer[58]. While asymmetric cryptography seemed promising a few years ago, a number of issues have since emerged that indicate it may not be the hoped-for panacea[59]. Biometric methods are not universal[60], false-positive or false-negative rates are often high and social acceptability is not yet established. We are simply not aware of any sure and user-friendly authentication method which could currently satisfy the requirements of financial institutions, payors and payees.

Electronic payments being dependent upon communications networks, security must also extend to those infrastructures. Both physical and logical security are imperative. The eventual expansion of payments through mobile phone will not simplify matters.

Vast stores of sensitive information are processed or kept by payment mechanism providers, from credit card numbers to purchase histories. The multiplication of intermediaries raises grave questions in that area, where the majority of the most egregious security breaches have happened in the last few years[61].

In short, security in the payment area is a multi-faceted issue. It is technologically complex and the multiplication of actors does nothing to simplify matters. Yet it is imperative that it be ensured and that all participants be held to a high level of responsibility, consonant with the level of risk they generate.

5 - accountability

Electronic payment mechanisms are designed and chosen by financial institutions and specialized providers. Institutions which offer them often tout their security as one of their strengths. Yet, through contracts or codes of practice, they seek to transfer as much of the potential liability for risk on consumers, who are for the most part powerless to mitigate risk.

Magnetic stripe cards provide the most disturbing example of that trend. The combination of magnetic card and personal identification number is inherently unsafe and poorly adapted to consumers, as the industry has known since its inception[62]. The structure of data on cards is in the public domain[63], as is the recipe for building a very simple homemade card reader[64]. Clearly, building or obtaining a card writer comes within the range of a number of criminal organizations' abilities, as is shown by the steady growth in card cloning in Canada or elsewhere[65].

Should consumers then be held liable for such a system's intrinsic faults? For instance, the requirement that personal identification numbers be memorized or hidden is ill-suited to the man or lady on the street[66]. When the concept implemented by financial institutions is itself defective, it is surely unfair to hold consumers liable for not being able to jump through all its hoops. Yet the Debit Code states for example that a cardholder "contributes to unauthorized use", and thus can be held liable for loss, whenever he fails to notify the card's issuer that "the PIN may have become known to someone other", which is likely to happen in most retail stores that haven't installed proper shielding mechanisms. It is extremely difficult for the average consumer to establish before a court of law that he or she has not contributed to unauthorized use under the terms of the Debit Code, especially are financial institutions remain fond of stating that their system is practically foolproof.

Liability should therefore be allocated taking fully into account the informational asymmetry between providers and consumers. Financial institutions may argue that such a rule would create a moral hazard and reward negligent customers; in fact, the current legal framework effectively rewards institutions that prefer to transfer liability on consumers through contract rather than implement secure payment mechanisms. The consequences of that moral hazard are far more significant for the Canadian economy.

6 - transparency

While CPA rules have been in the public domain for some years, their existence and importance remain largely unknown, even within the legal community. Interac rules are not in the public domain[67]. That "acquirers" exist and what they do remain mysteries for most Canadians. The structure of fees associated with automatic banking machine transactions is anything but clear for consumers. In short, the vast majority of users (including retailers) do not have a clear understanding of how electronic payments work, and therefore do not know very well what they should do to make them work better or how to react when problems happen.

Payment mechanism providers are not in essence different from other utilities: they offer a service that is practically essential to all users willing to pay a (reasonable) price. There are sound reasons why utilities have been regulated for over a century; transparency is one of them. The public should be able to know and debate how vital infrastructures work[68].

Markets should also be reasonably transparent. Consumers should also be able to understand what they pay for a service and to whom, if competition is to work and if abuse is to be avoided. Both regulation and proper market behaviour would therefore mandate much more transparency than we can now observe in the Canadian payment environment.

The two major hurdles to overcome are secrecy and communications. We can see no reason why the rules governing payment mechanisms should be kept secret[69]. The culture of secrecy is so entrenched in our banking industry however that it appears likely nothing but legislative requirements will suffice to overcome obfuscation

The communications challenge regarding the existence and contents of rules applicable to electronic payment mechanisms obviously cannot entirely be met through regulation, although a regulatory framework can set objectives to be met and mandate a minimum level of disclosure. More transparency regarding prices can also be required through legislation. Payment providers, retailers and regulators, with the support of other actors, including consumer organisations, should do much more however to communicate better, beyond any legislative requirement.

7 - liberty

The rule under our law is still that the creditor is free to choose the type of payment he will accept. It is being abused by retailers who will take only one type of payment, to the exclusion even of money that is current and legal tender. In fact, a bookstore in downtown Montréal indicates on its front door that it only accepts debit and credit card payments, to the exclusion of any other means. Sadly, it is not an isolated case.

The result of such business practices is that consumers without a card are left on the sidelines. Those with a card find themselves compelled to use a means of payment that may not suit them in the context of a specific transaction, if only because they are not keen on providing personal information to the retailer. And consumers find that notes properly issued by the Bank of Canada are useless in some stores, and perhaps eventually worthless in the market. Which they find odd, to say the least.

While it is understandable that retailers may wish to mitigate risk and control payment costs, leaving them free to choose unilaterally to disavow cash or to demand a specific type of payment is not conducive to the development of a fair, efficient and inclusive market. Consumers should have a say in how they wish to tender Canadian currency in order to discharge their obligations.

8 - enforceability

When cash was still the usual tool to provide payment, it was a rare instance indeed when the payment method in itself raised any dispute. Issues such as miscounting or counterfeiting were fairly easily solved. Things have gotten more complicated.

Payment is now intangible and tendered through intermediaries. Risk has increased; some rules have been put in place to mitigate that risk but they need to be bolstered. Better rules will not do the job however if they are not effectively enforced.

At least four conditions are required to ensure enforceability. Obviously, there must be rules that apply to a given problem. Those rules must be enforceable by the aggrieved party[70]. The rules must be known. And there must be an adequate mechanism to provide enforceability.

While courts are obviously competent to enforce the legal framework around electronic payments, they are most often ill-suited to consumer complaints in that area. Issues may be highly technical and the amounts at stake, while significant in a consumer's monthly budget, are usually too small to warrant the expenditures associated with the judiciary process.

As for the ombudsman schemes put in place by financial institutions over the last decade, they still fall short of consumer expectations. They are not broadly known and consumers show them limited trust, as they remain unconvinced of their independence and impartiality.

Current regulators do not have the means to properly enforce whatever rules there might be and, in most cases, would not provide consumer redress. In many cases, there simply aren't government regulators responsible for enforcing rules that may currently apply to electronic payments.

It is therefore essential that the responsibility to ensure the implementation of a new legal framework for electronic payments be allocated to a body provided with the required powers and resources. Since the creation of a new regulatory body could be controversial, it may be more effective to entrust the existing Financial Consumer Agency of Canada with the responsibility of enforcing the framework to be developed.

C - Some overarching issues

As the previous section has indicated, there are a number of important issues currently arising with electronic payments. The principles we have articulated provide guidance as to how they should be tackled. This section provides some examples of how our basic principles could lead to a coherent regulatory framework for electronic payments in Canada.

1 - Effectiveness of payments

Consumers need to be able to make payments in ways that are consonant with modern practices and that also effectively free them from their obligations.

In order to be a legal tender, an offer of payment currently has to be made in coins or notes as determined under s. 8 of the Currency Act. This antiquated regime should be replaced by one where an electronic payment offering adequate guarantees should also be deemed a legal tender. Inspiration could be found in section 1564 of the Québec Civil Code, which reads as follows:

1564. Where the debt consists of a sum of money, the debtor is released by paying the nominal amount due in money which is legal tender at the time of payment. He is also released by remitting the amount due by money order, by cheque made to the order of the creditor and certified by a financial institution carrying on business in Québec, or by any other instrument of payment offering the same guarantees to the creditor, or, if the creditor is in a position to accept it, by means of a credit card of transfer of funds to an account of the creditor in a financial institution.

The section's first paragraph essentially reiterates the well-known principle of nominalism. The legislature of Qu6bec could not redefine what constitutes legal tender, as that subject matter falls within exclusive federal jurisdiction. The section's second paragraph provides that other means of payment also release the debtor from his obligation, under specific conditions[71].

In addition, new rules should establish when an electronic payment becomes final or irrevocable. These solutions flow from the principles of universality, neutrality, transparency and liberty.

2 - Choice of payment solutions

Consumers need to be able to opt for the payment mechanism that they, consider the most appropriate in terms of effectiveness and cost.

As noted supra, the current rule is that the creditor can determine how he will be paid, notwithstanding the ability of the consumer to use such means or the cost and risk he so incurs. Improving on s. 1564 of the Québec Civil Code, the ability to choose should rather be provided to the payor. A new regime should also ensure that the consumer will be made aware of the costs and rules applying to a payment mechanism, so that he can make an enlightened choice. These solutions flow from the principles of universality, neutrality, transparency and liberty.

3 - Fund accessibility

Consumers need to be able to access their funds in an expedited manner, and not to have their savings appropriated without warning by their financial institution.

There are currently no rules governing fund availability and federally regulated deposit-taking institutions can establish the "freezing" periods they wish, as long as they post their policies. Deposit-taking institutions can also set off account balances against debts owed them or combine accounts without any warning to the consumer. A new regime should follow the example provided in the United States by the 1987 Expedited Funds Availability Act and establish mandatory fund availability rules; it should also provide a limitative framework for set-off, including prior notice. These solutions flow from the principles of universality, neutrality, transparency and enforceability.

4 - Risk allocation

Consumers need to be able to trust payment mechanisms and providers and they must not shoulder risk that they do not generate. Consumers should be made aware of risks specific to various payment methods.

Payment mechanisms currently deployed, such as those using magnetic stripes and personal identification numbers, are not very secure from a technological and practical standpoint. Stored-value cards raise issues such as the solvency of the issuer. Such risks are routinely passed on consumers through contractual arrangements or other mechanisms, even though consumers have not created those risks and are not equipped to understand or manage them adequately. There are currently no rules preventing payment providers in effect to use their customers as insurance for risks they have created. A new regime should limit consumer liability, following the example set in the United States in 1978 through the Electronic Fund Transfer Act. Sucha solution flows from the principles of universality, neutrality, accountability, security and transparency.

5 - Risk mitigation and recourse

Consumers need to be able to obtain effective redress when payments are mishandled or payment facilities are abused.

While there currently are redress mechanisms associated with some electronic payments, such as the 90-day recourse regarding pre-authorized debits under CPA Rule H-1 or charge-back policies implemented by credit card issuers, such mechanisms vary widely in scope, are not well-known and, as a practical matter, often remain dependent on the will of service providers. A new regime should establish mandatory, uniform rules governing redress. Such as solution flows from the principles of universality, neutrality, accountability, transparency and enforceability.

Those are only some of the issues that must be tackled. Others include the admissibility of the proof of payments, transborder flows of payment data, payment provider control and liability over transactions a consumer can do[72], escheat, counterfeiting, authentication, prudential regulation and pricing.

III - The changes to be made

A - A specific statute

In order to implement the required legislative changes, a new and distinct federal statute is probably required: while it might be possible to change the law through amendments to the current Canadian Payments Act, for instance, the latter would probably need a rather massive restructuring, such as the addition of a practically autonomous new part, which would essentially be a new statute in itself. For purposes of clarity, it may well be more efficient to adopt a new Act.

From a constitutional law standpoint, the new statute would be rooted in federal jurisdiction on cheques and bills of exchange as construed through the "living tree" metaphor[73] and on its jurisdictions regarding currency, legal tender and banking. It could also be justified on the basis of federal jurisdiction on commerce. We believe, however, that the Canadian government should also strive to cooperate with provinces and territories regarding the implementation of measures such as a charge-back scheme.

B - The outline of a statute

A new federal statute, which might be entitled for instance the Electronic Payments Act (or "EPA"), would need to tackle a variety of issues, a listing of which may provide a very preliminary outline of what an EPA might look like. In a purely illustrative fashion, the following paragraphs will describe a "strawman" EPA.

1 - Definitions and scope of EPA

The Act will obviously need to provide working definitions for a number of concepts. It should apply to "electronic payments" (broadly defined) performed in Canada and to at least some activities of electronic payment providers which happen in Canada in cases involving transborder transactions. Providers would include not only regulated financial institutions, but also inter alia networks and previously unregulated acquirers and other intermediaries.

2 - Regulator

Responsibility for enforcing EPA provisions should be granted to the Financial Consumer Agency of Canada ("FCAC"). Its powers should be broadened beyond the strict implementation of specific legislative provisions and "monitoring" of codes of practice so as to extend to full jurisdiction over the subject matter. Regulation of "designated payment systems" under part 2 of the Canadian Payments Act could be transfer in part or in whole to FCAC, as could the oversight of CPA rule-making activities.

3 - Security requirements

EPA should provide indications regarding authentication requirements and security standards which should be embedded both in the concept and execution of payment mechanisms, barring which providers would be held wholly liable for unauthorized payments. The regulator should be granted the power to prohibit the use of payment methods which do not meet basic requirements, as the CPA has indirectly done with tele-cheques.

4 - Solvency

EPA should impose appropriate solvency requirements[74] on any participant in payment processing which might become insolvent while holding or managing funds which ultimately belong to others. Issues such as escheat[75] should also be considered.

5 - Legal tender and choice

Either trough its provisions or by amending the Currency Act, EPA should modernize the law of legal tender and allow debtors to also discharge their debts using instruments other than notes and coins, and it should provide the debtor with more control over the payment method to be used in a given situation.

6 - Fund availability

In a context where payment processing is increasingly electronic and accelerated, there is no reason why funds should normally be kept on hold for periods as long as a week. Conversely and with consumers being invited to keep a growing proportion of their savings in accounts held by financial institutions, practices such as set-off and combination of accounts should be governed by rules that adequately protect the interests of all parties[76].

7 - Unwinding and finality

EPA should define a generic set of rules governing the reversal or unwinding of unauthorized payments, chargebacks, claim investigation and fund availability during such investigation. It should also establish rules as to when a payment is final and irreversible, barring claims such as it being unauthorized by the payor.

8 - Dispute resolution

While the Bank Act and other legislation requires the implementation of dispute resolution schemes, issues such as the length of the investigative process are left to the bankers' discretion. Requirements such as the need for a declaration signed under oath are sometimes imposed on consumers, even though they are essentially irrelevant[77] and in many cases impractical.

Undoubtedly other issues will also need to be considered. The foregoing simply serves to illustrate the breadth and urgency of the challenge.

In conclusion

Current solutions are inadequate. Legislation is archaic. CPA rules can only cover some of the issues. Codes of practice do not work. Uncertainty prevails and doubts are fed by each headline describing card cloning or identity theft. If electronic payments are to take their legitimate place in the economy, consumer confidence needs to be nurtured and risk needs to be managed, for the sake of all participants in payments and in the Canadian economy.

Establishing a coherent, modern framework is therefore in the interest not only of consumers, but also of merchants and payment service providers. Canada therefore has an opportunity not only to bring its regulatory regime to par with its international partners, but to become a world leader in one of the most vital dimensions of economic life in the 21st century.


NOTES:

1. For the payment function has itself become a market, where competitive services strive for consumers' and retailers' attention. [Return]

2. In alphabetical order, the Automobilists' Protection Association, the Consumers Council of Canada, Option consommateurs, the Public Interest Advocacy Centre ("PIAC") and Union des consommateurs. [Return]

3. The average payment processed through LVTS in 2004 was $7,591,599 but a number of individual payments over $25 million are processed practically every day. To calculate the average daily LVTS payment value, data was taken from Canadian Payments Association. LVTS Volume and Value Summary - 2004/ Rapport de paiements STPGV - 2004, at



pdf http://www.cdnpay.ca/publications/pdfs-publications/stats_lvts_2004.pdf. [Return]

4. Canadian Payments Association. Percentage of Paper versus Electronic Items Flowing through the ACSS, at www.cdnpay.ca/publications/aess-percent.asp. [Return]

5. Interac Association. Interac Direct Payment Transactions, Merchants, Terminals, $ Value and Users per Year, at www.interac.ca/en_n3_31-idpstats.html. [Return]

6. Average value determined by using 2004 Point of Sale data from Canadian Payments Association. Flow of Payment Items Through the National Clearings and Settlement System (ACSS), at www.cdnpay. ca/publications/acss-g99.asp. ACSS data exclude "on-us" transactions where the acquirer and consumer share the same financial institution, but that is unlikely to affect significantly the average payment value. Comparison of CPA and Interac figures seems to indicate that approximately 85% of Interac direct payment transactions go through the ACSS. [Return]

7. In 2004, 47% of ABM cardholders identified direct payment as the payment method they "use most", against 29% for cash and slightly more than 20% for credit cards: Interac Association. Payment Method Used Most Among ABM Cardholders. Five-year data presented at www.interac.ca/en-n3-31-idpstats.html. [Return]

8. Small cheques are defined for ACSS purposes as under $50,000; their average value in 2004 was in fact $972.42. There were close to 934 million pre-authorized credits (aka direct deposits) and pre-authorized debits going through the ACSS in 2004, as against 1.1 billion small cheques. Data from Canadian Payments Association, op. cit. [Return]

9. Fédération des caisses Desjardins du Québec. Rapport annuel 2004. Lévis, premier trimestre 2005, 160 p. P. 30. It is important to note, however, that around 25% of Canadian consumers "avoid using new technology for financial services whenever possible" (Environics Canada. Focus Canada - The Pulse of Canadian Public Opinion. Statistical Tables 2004-4. Ottawa, Environics Canada, 1st quarter 2005. Q. 54 g, p. 83, with a weighted subsample for that question of 1,472 respondents across the country) and that, therefore, there is still a vital need for brick and mortar branches. [Return]

10. They have gone from 375.3 million in 2001 to 294.7 in 2004, a rather significant reduction of 21.5%: Interac Association. Statistics - ABM stats. Chart titled Number of Shared Cash Dispensing Transactions and Number of ABMs per Year. Available at www.interac.ca/en_n3_31 abmstats.html. [Return]

11. Their number has gone from 783.7 million to 746.5 million from 2003 to 2004, a decrease of 4.7%: Canadian Bankers Association. Number of transactions at bank-owned ABMs. Available at



pdf www.cba.ca/en/content/stats/050329-2004%20ABM%2OTransactions-EN.pdf



. [Return]

12. The number has gone from 35,630 in 2001 to 46,178 as of September 2004, an increase of 29,6%: ibid. [Return]

13. The number of ABMs operated by the 8 largest banks in the country has gone from 16,806 in 2001 to 16,160 in 2004 (excluding "private label" ABMs owned by banks or subsidiaries): Canadian Bankers Association. Number of Bank-Owned ABMs in Canada. Data available on



pdf www.cba.ca/en/content/stats/050329-Bank-owned%20ABM%20stats-EN.pdf

. The number of Desjardins ABMs has gone in the same period from 2,839 to 2,922, an increase largely attributable however to acquisitions made by Desjardins over that period (source: Desjardins Annual Reports for 2001 and 2004). [Return]

14. Data on Visa and MasterCard cards only, from all Canadian issuers, including credit unions. Canadian Bankers Association. Credit Card Statistics - Visa and MasterCard. Net retail volume, i.e. excluding cash advances, has increased from $150.5 to $168.8 billion. Interestingly, the number of cards in circulation has increased by 6% in one year (to 53.4 million) while the number of cards reported stolen or lost has topped one million and the number of merchant outlets accepting credit cards has actually decreased somewhat. Data available on



pdf www.cba.ca/en/content/stats/050210-Credit%20cards-EN.pdf. [Return]

15. Imperial Oil's Speedpass and similar RFID devices offered by its competitors come to mind. [Return]

16. The Visa Mini is currently offered in Bahrain, Bangladesh, Jordan, Lebanon, Pakistan, Saudi Arabia and Sri Lanka. At 40by 66 mm, it is approximately half the size of a traditional credit card: New ways to pay, at http://corporate.visa.com/pd/consumer-new.jsp.[Return]

17. Small cards, big launches. in Visa Perspectives - CEMEA - Middle East. No. 3, 2004. P. 3. [Return]

18. MSC: a new way of life for Russians. in Visa. Vendor View. No. 1, 2004. P. 4. [Return]

19. Commonwealth Business Council and Visa International. Payment Solutions for Modernizing Economies. S.I., September 2004. 35 p. P. 2. The document can be downloaded from



pdf http://corporate.visa.com/md/dl/documents/downloads/me-white-paper.pdf p. 2. [Return]

20. Ibid. [Return]

21. Ibid., p. 6, notes 6 and 7 inter alia. [Return]

22. More precisely, the rule refers to functions, as one actor may play more than one part. In alphabetical order, s. 4 of the Rule lists the Acquirer, the Acquirer Fl, the Delivering Direct Clearer, the On-line Payment Service, the Open Communication Network, the Payee, the Payor and the Payor Fl. Not mentioned, because it remains outside the scope of the rule, is the Payee Fl, and the CPA should also be counted in (as should the Bank of Canada, where final settlement occurs). In addition, the three financial institutions (FI) directly involved might potentially all be indirect clearers through the ACSS, which might use the services of two other direct clearers (apart from the Delivering Direct Clearer). There are therefore potentially as many as thirteen (13) different participants in the processing, clearing and settlement of such a payment. Canadian Payments Association. Rule E2 - Exchange for the Purpose of Clearing and Settlement of Electronic On-Line Payment Items. [Return]

23. More specifically in this case, Acxsys Corporation, using the Interac brand. [Return]

24. Retailers also offer stored value cards used by their customers themselves: for instance, it is claimed that there are 5 billion USD currently stored on Starbucks cards: Where one Person Sees 'Huge Wave' of Opportunity. Credit Union Journal, vol. 9, no 18, p. 10, May 9, 2005. A company active both in the United States and Canada, InstaDial Technologies Corp, has recently launched a MasterCard stored-value debit card in the United States: InstaDial® announces the product launch of the InstaACCESS MasterCard® Card Program. Press release, April 18, 2005, available through www.instadial.com/news.asp. [Return]

25. While the value of transactions related to those intermediaries may currently seem small compared to the total value processed through the ACSS, for instance, it is likely to grow. In addition, should a significant number of unregulated intermediaries do their banking through one fairly small financial institution, the latter's stability may be at risk. [Return]

26. At least one representative from a large Canadian deposit-taking financial institution admitted in the context of a discussion on electronic payments that his institution was no longer sure it understood the framework surrounding some of the payment items it processes as well as it would like to. [Return]

27. R.S.C., c. C-52. [Return]

28. While LVTS transactions are irrevocable and ultimately guaranteed by the Bank of Canada, ACSS transactions become irrevocable for payment system purposes on settlement only, and some can still be reversed post-settlement under CPA Rule A-4, for instance. The status of credit card payments is not simpler, as clearing for Visa or MasterCard cards is provided (at least in part) by those networks under their own rules and issuers may apply charge-backs to some payments. [Return]

29. And one of the latest significant changes, establishing consumer bills and notes, does not appear to have been especially successful. [Return]

30. Hereinafter the "Debit Code". [Return]

31. Such as when precisely consumer liability may be engaged or as to its application to cards providing access both to a deposit account and credit facilities. [Return]

32. such as rules A4 (timeframe for cheque return - with indirect impact on holds), E2 (electronic on-line payment items), G8 (cashing of Government of Canada items by consumers without an account), H1 (pre-authorized debits) or H6 (bill payment). [Return]

33. "on-us" transactions being those where payor and payee use the same financial institution, thereby obviating the need for inter-institution clearing and settlement. Most often however parties do not know the identity of their counterparty's financial institution, have no say in the matter and therefore can neither know whether CPA rules would apply to a specific transaction, or not, or choose their counterparties accordingly. [Return]

34. And consumers could not claim their benefit, as they are private law rules to which consumers are not parties. [Return]

35. 15 USC §§ 1693 ss, hereinafter the "EFTA". Its provisions carne in force in 1979 and 1980. [Return]

36. EFTA, § 1693a (6). Specific exceptions are provided. [Return]

37. Examples such as RBC Centura Bank and Harris Bank (the latter controlled by the Bank of Montreal) come to mind. [Return]

38. 15 USC § 1666, as amended in 1980, and usually known as the "Fair Credit Billing Act". [Return]

39. 12 USC §§4001-4009. [Return]

40. Directive 2000/46/EC of the European Parliament and of the Council of 18 September 2000 on the taking up, pursuit of and prudential supervision of the business of electronic money institutions. Official Journal L 275, 27/10/2000 P. 0039-0043. [Return]

41. British Bankers' Association; Association for Payment Clearing Services; The Building Societies Association. The Banking Code. London, March 2005. The latest revision of the Code can be found at



www.bba.org.uk/content/1/c4/52/27/BankingCode2005.pdf. While we would not be ready to recommend the implementation of a similar framework in Canada, we can only note that the British banking industry's undertakings under the Code are significantly more substantial than what can be found in Canada. [Return]

pdf 42. Anne Cobb, president, Visa International, Central Europe-Middle East-Asia region, speaking at the Strategy®Channels conference, Dubai, February 7, 2005. [Return]

43. Helping to make the move to POS. in Visa Perspectives - CEMEA - Middle East. No. 3, 2004. P. 8. En p. 16, Visa recommends to its members that they be proactive towards retailers and even that they implement mystery shopping programs to ensure that retailers abide by best practices. [Return]

44. Such as contract, for instance, as opposed to legislation. [Return]

45. It is worthy of note that the UK Banking Code covers issues such as charges, contractual terms and conditions and advertising, in addition to electronic payments per se, that it is reviewed on an ongoing basis (the new Code came in force in March 2005; the previous one had come in force in 2003) and that an independent organisation has been established to monitor the Code's implementation, the Banking Code Standards Board, where users are represented. [Return]

46. On the basis, inter alia, of its jurisdictions over currency and coinage, legal tender, bills of exchange, banking (including "the issue of paper money", under subs. 91(15) of the Constitution Act, 1867) and trade. [Return]

47. For example, it would be interesting to poll the legal community to assess lawyers' knowledge of CPA rules H-1 or E-2; we will respectfully posit that a large proportion would be unable to advise their customers appropriately in case of difficulty because they simply do not know that the rules exist. We also regularly find that banking staff is not well informed of such rules or of the content of the Debit Code. Obviously the person in the street cannot be expected to know more about such rules than the legal or banking community. [Return]

48. S.C. 1890, c. 33. It is not irrelevant to note however that in Québec, bills of exchange, notes and cheques had been legislatively regulated since 1866 under sections 2279 to 2354 of the Civil Code of Lower-Canada. [Return]

49. In which case legislation caps liability at $50 and chargeback regimes voluntarily put in place by card issuers may even bring the liability to zero. [Return]

50. In which case a consumer has 90 days under CPA Rule H-1 to have the payment unwound directly by his or her financial institution. [Return]

51. In which case a consumer may have up to 180 days to have the payment unwound directly by his or her financial institution, according to a policy statement issued by the CPA on June 1st, 2003: Prohibition of Tele-cheques in the Clearing & Settlement System. However, rule A4 currently only provides for a 90-day return period. [Return]

52. In which case the provisions of the Debit Code should be applied, with the assorted difficulties associated with its application. [Return]

53. In which case the consumer banking agreement would apply or, if it is more forgiving, the Debit Code should apply mutatis mutandis, assuming the consumer's financial institution has undertaken to apply the Code in such cases and effectively does. [Return]

54. In which case nothing but the agreement between the consumer and PayPal and generic contract law rules will apply. [Return]

55. In which case, again, the contract and contract law will provide whatever recourse the consumer may have. [Return]

56. Unless, of course, the characteristics of a given method compel a totally different set of rules. [Return]

57. Recourse to other types of instruments may be contemplated as long as the legislative framework makes it clear that where those norms do not fulfill the aims of the legislation, the consumer enjoys complete protection. [Return]

58. As we shall develop in the next subsection. [Return]

59. In addition to the costs associated with implementing a public-key infrastructure, the fact remains that keys could be stolen, allowing for impersonation, and that generalized use of one key by a given consumer in its relationships with a number of providers does not solve current personal information management problems and might even make them more acute.. [Return]

60. That is, a proportion of the population is unable to identify itself through any given method, usually for health reasons. [Return]

61. Acquirers have fallen prey to hackers. More recently and on another front, it has been alleged that bank employees in the United States may have leaked personal information related to up to 100 000 accounts: Did bank employees sell account info? CNN/Money, May 23, 2005, at http://money.cnn.com/2005/05/23/news/fortune500/bank_infor/index.htm?cnn=yes. [Return]

62. Anderson, Ross. Why Cryptosystems fail. Cambridge, 1993. Mr. Anderson is a specialist on computer security issues. Available www.ftp.cl.cam.ac.uk/ftp/users/rjal4/wcf.pdf. It should be noted that chip cards are only marginally safer: Schneir, Bruce; Shostack, Adam. Breaking Up is Hard to Do: Modeling Security Threats for Smart Cards. USENIX Workshop on Smartcard Technology, May 1999. Available at www.counterpane.com/smart-card-threats.htmi. Bruce Schneir enjoys a world-class reputation on computer security and risk mitigation issues. [Return]

63. It is essentially articulated in standards and the hacker community had described it as early as 1992: Count Zero. Card-o-Rama: Magnetic Stripe Technology and Beyond or "A Day in the Life of a Flux Reversal, Phrack Inc., vol. 4, Issue 37, March 1st, 1992, available at over 100 websites including www.hackcanada.com/ice3/card/phrack37-6.txt. [Return]

64. Redbird. Magnetic Stripe Reading. 2600 Magazine, vol. 22, # 1, Spring 2005, p. 28. [Return]

65. It is in large part to try and fight cloning that card networks in Canada have decided to migrate to chip cards. In the meantime, consumers should not have to fight to avoid liability when they fall victims to the weaknesses of a system that providers have urged them to use. [Return]

66. As Anderson argues, op. cit., the system was created for military applications, not for use by untrained civilians. [Return]

67. With the coming exception of "Interac Online Customer Service Rules", an initiative which we dare to hope is the prelude to more openness. [Return]

68. The payment system is after all no less essential to our modern economy than roads, electricity or telecommunications, all of which are either provided or regulated by government. [Return]

69. Even rules having to do with security processes gain by being made public: under the Kerckhoff principle, first formulated in 1883 and well known in areas such as cryptography, the security of a system must not depend upon the secrecy surrounding its structure, as it cannot be guaranteed. Transparency facilitates the discovery of flaws and therefore reinforces the system in the long run. More transparency would also go a long way to reducing the informational asymmetry between financial institutions and consumers when the former claim that their systems are well-designed and tamper-proof. [Return]

70. Under the privity of contract doctrine at common law or its civil law equivalent (codified in Québec by s. 1440 of the Civil Code), none but parties to a contract can sue on its terms or be subjected to liability arising from its provisions. It is therefore less than likely that consumers could sue a financial institution under the terms of Interac rules or the Debit Code, unless they were explicitly referenced in a contract to which the consumer is party or courts come (under stringent conditions) to the conclusion that such rules or codes embody a trade usage or custom. [Return]

71. It bears remembering that, under s. 31 of the Canadian Payments Act, R.S.C., c. C-21, money orders, bank drafts and similar instruments hold the status of "priority payment instruments" and are paid from the estate of an insolvent financial institution in priority to other claims. [Return]

72. For instance, some payment providers will not transact with adult-content providers. [Return]

73. Edwards v. A-G. Can., [1930] A.C. 124, 136; Reference re Same-Sex Marriage, [2004] 3 S.C.R. 698, §§ 22-29. [Return]

74. or equivalent protection, such as granting security interests. [Return]

75. For instance, what happens from a legal and accounting standpoint to the value stored on a lost stored-value card? The issue is considered at Task Force on Stored-Value Cards. A Commercial Lawyer's Take on the Electronic Purse: An Analysis of Commercial Law Issues Associated with Stored-Value Cards and Electronic Money. [1997] 52 Business Lawyer 653, 722-726. [Return]

76. Including third party payees. [Return]

77. Under subsection 362(1)(a) of the Criminal Code, anyone who by a false pretence (which may be made orally) obtains something which may be stolen commits an indictable offence. [Return]