CIBC Internal Memo, re: Mondex, January 30, 1997

Canadian Imperial Bank of Commerce

January 30, 1997

CIBC's POSITION ON PRIVACY

It goes without saying that CIBC honours privacy of its customers in all its business dealings as do all Canadian banks. Regardless of whether we would or wouldn't hire a third party to collect merchant logs for research purposes, CIBC is confident that privacy would at all times be fully respected and honoured. We understand that this data collection exercise would not be a breach of privacy.

The Issue:

However, the issue is not whether or not we would actually be breaching consumers' privacy -- the issue is are we creating the perception that we are.

One of the fundamental tenets of the Mondex proposition is that it offers a high degree of privacy. This is what makes Mondex different from the competitors and what makes it the most ``cash-like''.

This is a powerful message and an ace for Mondex. By messing with this perception, we are jeopardizing our core proposition and diluting the power of our message. People will start to ask: are we really that private if we are collecting data for marketing purposes? What are we collecting and why?

Mondex International recognizes the importance of this message as do other global founders. To date, none of the other pilots/launches have collected data for reasons other than risk management. If Mondex Canada collects data for marketing purposes, it will be the only territory to do this -- this is not something we want to be a pioneer on; it's not the time to be setting these kinds of precedents.

Can't We Manage This Perception Through Effective Communications?

If given the opportunity to tell our story in full, we can explain that we are not doing anything that invades people's privacy.

However, headlines prevail and we may not have our ``day in court'' to tell our story in full. Given the current situation in Guelph with Mondex naysayers (University/CSA student protests, store vandalism, propaganda from P.J. types on the internet), it's a significant risk that if any of these groups discover that Mondex transactional data is being collected from merchant logs they would use and create every opportunity possible to stir negative headlines with ``Big Brother'' accusations.

``Mondex Not Private! Banks Collect Data on you -- Data You Thought Was Private''

``Banks' Claim That Mondex is Private Not True!''

Risk Versus Reward:

The risk of these headlines is very strong given the current Mondex/privacy related activism in Guelph. CIBC feels the reward to be gained from collecting this research data do not measure up to the risk. We believe there are other ways we can capture the information necessary to make informed business decisions for rollout. We accept that we are working within limitations of an ``unaccounted'' system and, therefore, are willing to find ways to deal with the limitations of this environment (as we do with cash).

CIBC will not be collecting information from the merchant logs and, if necessary, will clearly communicate this in our position on privacy (see attached key messages and Q&A on privacy for more detail on our position)

GUARANTEES:

These are the guarantees we can currently make to the public jointly on behalf of Mondex Canada:

1.

Retailers accepting Mondex do not have any access to bank information that would link individual names and identities to the card numbers stored in their POS (rolling audit of last 300 transactions).

Note: unless for future applications such as loyalty, cardholders must provide consent.

2.

The Banks do not know how or where individual cardholders spend their Mondex electronic cash. The Banks do not have access to any information that would provide details of individual cardholder transactions unless given to us by consent (e.g. for research or future loyalty programs) or on occasions where we must collect some information for risk management purposes.

3.

Risk management precautions are necessary from time to time to protect against fraud. Any information that is collected for risk management will not be used for any other purposes.

Here are two more guarantees the CIBC will be able to make and, if necessary, will make without the Royal Bank.

1.: Any information that is collected, period, will be strictly for risk management purposes.
2.: Cardholder information will not be sold, disclosed, or made available in any form to any party outside the bank unless the individual agrees (for research or loyalty programs in the future) or if the law requires this disclosure.

Here are some key messages we can convey jointly:

Mondex is an electronic cash payment card which has been designed to balance practicality, privacy, and prevention of fraud.
Mondex respects individual's privacy ( ... if pushed ... ``Mondex does not try to offer total anonymity.)
For security and practical reasons Mondex is designed with a rolling audit held on each individual card chip. This allows secure transactions between cards and allows third parties to resolve disputed or ``failed'' transactions. For consumer cards, the chip stores the last 10 transactions and only the individual cardholder will have access to this detailed information.
For merchants, the chip stores the last 300 transactions. The privacy of Mondex is provided by the fact that the merchant does not have any information that links an individual's identity to their Mondex card number. The only information captured on these chips is a sixteen digit card number, the date, and the value of the transaction.
Risk management systems are essential to alert the banks to potential fraud. Mondex may occasionally require some sampling of transactional data to prudently manage the Mondex value in circulation and protect against fraud.

Again ... if pressed, we are prepared to provide the last two key messages without Royal Bank:

Each Mondex transaction is carried out directly between the parties involved without reporting the transactions to a central computer. This makes Mondex an unaccounted system. The banks and any third party have no record of where and how individuals are spending their Mondex money.
CIBC will not be collecting any transactional data for marketing purposes.
Any information that is collected will be solely for risk management purposes and will not be used for any other purposes.

Potential Questions and Answers:

Q: Is Mondex as anonymous as cash?

A: Mondex is private but does not try to offer total anonymity. It offers more privacy than credit and debit because each transaction is carried out directly between the two parties involved (chip-to-chip) without reporting the transaction to a central computer. The banks have no record of how individual cardholders are spending their electronic cash.

There is a rolling audit of transactions that reside on each individual chip. For consumer cards, the chip stores details of the last 10 transactions and for Merchants, it's the last 300.

This information is not shared with any other third party unless consumers provide consent (either for research or future loyalty programs) ........... CIBC can say this and is prepared to say this without Royal Bank

The benefits of this rolling audit system is that it allows cardholders and merchants to reconcile transactions that are in dispute. This is something that is not possible with cash because cash is completely anonymous.

Q: What information is passed on to the merchant at the point of sale?

A: The merchant chip receives the date(?), amount, and card number only. Merchants do not have any information that links the details of the transactions to any individual cardholder. The chip on the consumer card, on the other hand, will identify the name or initials of the merchant so that the consumer has a record of where they spent their own money.

Q: Why is this information passed on?

A: To enable the cardholder to query a transaction. This is an advantage over cash and one that people have said they appreciate. With this information, a Mondex cardholder can verify that they did or did not pay or receive the correct amount for an item purchased. The information is exchanged between cards as a temporary record proving the transaction has taken place.

Q: Are tracking or collecting any information on Mondex transactions?

A: CIBC will not track nor have any access to information that relays how all individual cardholders are spending their electronic money. Mondex is an unaccounted system and offers cardholders privacy as to how and where they spend their money. On occasions, we will take a limited and random sample of data as we have an obligation to prudently manage the Mondex value in circulation. Any data collected will be strictly for risk management purposes and not for marketing.

Q: Are you tracking or collecting any information for marketing purposes?

A: Any data collected will be strictly for risk management purposes and not for marketing.

Q: Is this true for Royal Bank as well? Will they be collecting any data for marketing purposes?

A: You would have to speak with them.

Q: I heard Royal Bank is collecting transactional data for market research. Why isn't CIBC collecting this data too?

A: We didn't feel we require it.

Q: If a merchant asks for details on a customer using Mondex would the banks supply it?

A: Absolutely not. Banks are under a duty of confidentiality to their customers and would not breach that confidence unless obliged to do so by law. Irrespective of Mondex, banks are obliged not to disclose details of their customers' accounts to a third party. This is not a Mondex issue but a banking issue that is clearly understood by banks and merchants alike. This is the cornerstone of the bank/customer relationship.

In the future, Mondex will offer merchants and cardholders the opportunity to participate in loyalty programs. No information will be passed to a merchant without the signed consent of the cardholder agreeing to participate in the loyalty program.

---