File No. CT 2005 006 COMPETITION TRIBUNAL IN THE MATTER OF the Competition Act, R.S.C. 1985, c. C 34, as amended;
IN THE MATTER OF an application by B Filer Inc, B. Filer Inc. doing business as GP A Y GuaranteedPayment and NPay Inc. for an order pursuant to section 103 .1 granting leave to make application under sections 75 and 77 of the Competition Act;
AND IN THE MATTER OF an application by B Filer Inc., B Filer Inc. doing business as GP A Y GuaranteedPayment and NPay Inc. for an interim order pursuant to section 104 of the Competition Act.
BETWEEN: B FILER INC., B FILER INC. doing business as GPAY GUARANTEEDPAYMENT and NPAY INC.
Applicants and THE BANK OF NOVA SCOTIA Respondent AFFIDAVIT OF ALEX TODD (Sworn November 25, 2005)
I, ALEX TODD, of the City Of Toronto, in the Province of Ontario, MAKE OATH AND SAY:
1. I have worked as a Managing IT Security and Trust Consultant with international expertise in technology, financial and government environments.
2. I have over twenty years experience in Information Technology innovation and management and particular expertise in public-key infrastructures (PKI) and trust enablement.
-2-3. I have spoken and commented at information technology seminars and conferences and have authored articles on the issues of internet security and establishing trust in Internet-based transactions.
4. I was a managing consultant for IBM Global Services Canada, involved in a project that is establishing Canada's first trusted infrastructure for electronic payments. In that role, I was exclusively engaged by security technology vendors as their advocate inside IBM.
5. I have been involved in many financial institution e-commerce projects, helping to define and deploy secure business solutions. In this regard, I led a Canadian Financial Institution to develop a secure electronic business transactions solution and associated IT architecture.
6. Attached hereto and marked as Exhibit "A" is a copy of my Curriculum Vitae. 7. I was asked to provide my opinion as to the Applicants' computer and internet security. 8. For the purposes of preparing this Affidavit, I have reviewed the following documentation submitted to the Competition Tribunal:
(a) Affidavit of Raymond Grace affirmed June 15, 2005, and the Exhibits attached thereto;
(b) Second Affidavit of Raymond Grace affirmed September 1, 2005, and the Exhibits attached thereto;
(c) Affidavit of Joseph Iuso, affirmed August 29, 2005, and the Exhibits attached thereto;
(d) Affidavit of Robert Rosatelli, sworn July 12, 2005, and the Exhibits attached thereto;
(e) Affidavit of David Metcalfe, sworn July 12, 2005, and the Exhibits attached thereto;
(f) Responding Affidavit of Robert Rosatelli, sworn September 21, 2005, and the Exhibits attached thereto;
9. Based on my review of the above-noted documentation, I believe that the following is a brief summary of the facts that are relevant to my opinion on the issues that I have been asked to
- 3 -consider. The source of my information and belief with respect to the following factual issues is derived from the materials reviewed.
10. The Applicants, together with UseMyBank, operate a joint venture business enterprise which facilitates the transfer of money from banking customers accounts to third parties.
11. If a banking customer wishes to transfer money to a third party through the services of the Applicants and UseMyBank, the banking customer must enter the customer's bank card number and internet password. The Applicants and UseMyBank would take the customer's bank card number and password and would enter them into the customer's bank account and effect a transfer of money from the customer's bank accounts to the Applicants' account at The Bank of Nova Scotia ("Scotiabank") by way of e-mail money transfer, ifthe customer is not a Scotiabank customer. The Applicants could also affect transfers of money from Scotiabank customers' accounts by entering into the banking customers' accounts and transferring money to GPay as a Scotiabank bill payee and these funds would later be released from Scotiabank's suspension accounts to the Applicants' accounts at Scotiabank.
12. Mr. Grace asserts that the confidential customer information that is entered into the computer is sent to the Applicants' software programme by way of encrypted code which is then effectively "relayed" or "bounced back" - "again in the same secure browser session" - to the customer's bank. This is not true. Industry standard technology will not allow the same encrypted session to be "relayed" or "bounced" back as attested to by Mr. Grace. Rather, the customer's confidential information is decrypted then re-encrypted by an automated process. In other words, there are at least two independent and discreet encrypted sessions, separated by at least one unencrypted state.
13. In a similar vein, Joseph Iuso claims that a hacker cannot break into the Applicants' session because of the "default nature of the secure session". This is not true. In fact, the greatest vulnerability to the customer is when the customer's confidential information resides with the Applicant, between the two encrypted sessions.
14. Even if a customer's confidential card number and password are not intentionally saved or stored by the Applicants, it is likely that the Applicants' system automatically stores the
-4-confidential information (as most computer systems do, simply in order to function), or does not take the extra step to explicitly remove any residual information from all storage devices and audit logs. This can be true even if the information is "scrubbed" as suggested by Mr. Grace.
15. In any event, it is clear from the UseMyBank web site that the Applicants do store the customer's user ID and password information and reuse it for different purposes. Attached and marked as Exhibit ''B" to my affidavit is a screen print ofUseMyBank's "Privacy Practices Summary".
16. This is confirmed by the following description of the ways in which the customer's user ID and password information is used:
"We use this information to ... market things to you in the future (other than by telemarketing), build a profile of your habits, interests or activities to treat you as an individual, build individual profiles for ongoing research, analysis and reporting, .... "
Attached and marked as Exhibit "C" to my Affidavit is a screen print ofUseMyBank's "Privacy Policy Statement".
17. Most incredibly, the web site warns that the customer's UserID and Password "may be disclosed only to our staffa nd to our immediate agents. " This contradicts the assertions made by Mr. Grace regarding disclosure of this information.
18. It is odd that the information regarding the disclosure and use of a customer's confidential information is contained on the web page entitled "Security" and specifically, "Our Privacy Policy Statement". Having reviewed the practices described in this policy, I fail to see how these practices protect the customer's private information.
19. In addition to collecting a customer's User ID and Password, the web site states that the Applicants may:
"build a pseudononymous profile of your online habits, interests and activities when you use our Site. This profile will not reveal or be linked to your personal identity. We compile these profiles from "real world" contact information (e.g., street address, phone/fax), email addresses, privately-issued unique identifiers (e.g., UserIDs and passwords), data relating to a specific purchase, user
- 5 navigation and browsing patterns, and we use these profiles for the purposes described below. .. ".
20. If this is the case, the Applicants may store all kinds of personally identifiable information together (such as physical address, telephone number and e-mail address) in one pseudonym, which in that aggregate can identify the individual, including User IDs and passwords that the Applicants deny in their affidavits.
21. The Applicants claim that although the user ID and password, name, address and phone number (i.e. "real world contact information") will be collected, this will not reveal a customer's identity or be linked to the customer personally. This claim makes little sense as first, the information is personal information and is, by definition, linked to the customer. Second, the Applicants use this information to gain access to private banking information about the customer.
22. With respect to a customer's name, street address and telephone number, the web site confirms that this information may be disclosed "only to our staffa nd to our immediate agents, sellers, and billers."
23. For the reasons stated above, and contrary to the assertions of Mr. Grace and Mr. Iuso, the bank customer's confidential information is vulnerable to being breached by both a hacker or someone who has broad access rights within the Applicants' organization. The incentive to gain access to large sums of money renders a customer's confidential information vulnerable to security breaches. Computer security is a substantial problem in financial services where the incentive to breach security is so great.
24. For this reason, it is important that a financial services organization have good internal controls. Internal controls prevent unauthorized access to information and separation of duties prevents the abuse of sensitive information. Inadequate internal controls could jeopardise the security of the system, which could reveal a customer's confidential information to those who would exploit it. The potential repercussions of a security breach for a bank customer, although obvious, can be devastating. The breach could result in all of the customer's funds being removed from any and all of their accounts.
- 6 -25. There are several indications that the Applicants' internal controls may be substandard, thereby increasing the risk of a security breach of customers' confidential information. The fact that the Applicants allowed their IPS Certification certificate to expire is one such indication. A certification authority is the starting point and most critical point in the chain of trust on the part of the online consumer. It is used to identify the UseMyBank website as being authentic and therefore that the encrypted communication channel that is established with that web site delivers the encrypted information only to that web site. The fact that the Applicants allowed their digital certificate to expire is an indication that the Applicants prioritize other considerations ahead of the trust of their online customers.
26. The UseMyBank, NPAY and GPAY web sites are also telling. These web sites are poorly constructed, and although they do not contain much information, they contain spelling mistakes, incorrect punctuation and generally poor content. The poor construction and content of these sites is also an indication of deficient internal controls. Attached and marked as Exhibits "D", "E" and "F" to my Affidavit are screen prints of the UseMyBank, NPAY and GPA Y web sites.
27. There are several examples of deficient quality controls. According to the UseMyBank website:
"UseMyBank endorses the Canadian Code of Practice for Consumer Debit Card Services and is committed to maintaining and/or exceeding the level of customer protection for all its clients. Note: this is a voluntary code. 11 The link to the Code does not work. Attached hereto and marked as Exhibit "G" is a copy of UseMyBank's Terms and Conditions of Use.
28. Similarly, UseMyBank's "Notices" provision claims that" the following legal agreement details the users responsibilities and obligations along with UseMyBank/NPA Y with its facilitation of online bill payments or email money transfer from accounts of these Transaction Providers and by using this service you agree to be bound by same." This is the last item on the web page, yet there is no legal agreement that follows.
- 7 -29. Finally, under "Description of Use'\ the web site states: "All rules and regulation governing the transferring of funds is provided by NPA Y (NP A Y Inc. which is the corporation that has Biller account with the Transaction Providers).Transaction Providers may prohibit the disclosure of Login Information or deny liability to the user if Login Information is disclosed. It is the users responsibility to review their agreements with the Transaction Providers to determine whether disclosure is permitted, what the consequences of such disclosure are and what liability will be in connection with such disclosure."
30. This particular clause is noteworthy for two reasons. First, the Applicants acknowledge that they require disclosure of a customer's ID and Password and this disclosure may be prohibited by a Transaction Provider.
31. Second, the reference and link to the NP A Y web site for "all rules and regulations governing transactions" discredits the Applicants' entire system because there are no rules on the site being linked and the site is a shoddy single web page that lacks any apparent credibility and trustworthiness.
32. In his affidavit sworn July 12, 2005, Robert Rosatelli describes how Mr. Grace had stored sensitive information about how frauds can be committed on his computer, in ways that could be accessed by fraud perpetrators. Mr. Grace was advised by his lawyer to delete the information from his computer. The fact that Mr. Grace had to be told to remove this information from his computer, where it was available to be accessed by sophisticated hackers or persons within his organization, suggests that computer security was clearly not good enough for his sensitive information. If this is the case, this calls into question the adequacy of the security for customer information as well.
33. Both Mr. Grace and Mr. Iuso claim that the Applicants verify the customer's name, address, telephone number and IP address as listed by their Bank to the same information the customer has provided to the Applicants in order to ensure there has been no breach of security. Unless the Applicants are able to scan the customer's banking information once they gain access to the customer's account, I do not understand how the Applicants can validate the contact information against bank records. If this is in fact the case, and the Applicants can view the name
- 8 of the bank customer, their address and phone number, this gives rise to grave concerns about the security of the Applicants' services. The verification process itself would impose extreme requirements on their internal controls to limit access to and use of other confidential customer information.
34. Mr. Grace asserts that once the Applicants access the online account, they observe or watch the transactions to ensure that the customer's bank debits the customer's account for the specified amount. In observing the transaction, the Applicants have, or allow, disclosure of a great deal of an online customer's confidential information. In this respect, Mr. Grace clearly contradicts himself when he asserts that "none of the Applicants' employees or contractors ever come into actual knowledge of any confidential information of the Customer."
35. In fact, the information available to the Applicants as they monitor the transaction could include all information contained on the customer's online banking site. While the information on any individual online banking site varies, this would typically include the customer's account information for all the customer's accounts, account balances, credit card account numbers and balances, loan and credit line and mortgage accounts and balances. In other words, an alarmingly large degree of confidential information is available to be viewed and potentially abused. The Applicants' access to this information exposes the online customer to the risk of identity theft. The consequences of identity theft are devastating. Identity theft allows an impostor to not only gain access to the customer's money, but also to obtain additional credit and incur new debts in the customer's name. It can take years for the victim of identity fraud to recover their assets and restore their credit rating.
36. Based on the material I have reviewed, I have not seen any indication that customers of the Applicants would be able to fully appreciate the degree to which their confidential information, both personal and financial is exposed to the Applicants when the Applicants affect a transfer out of their online accounts.
37. Mr. Grace's claim that the Applicants' system is "much more secure than that of Scotiabank" is not substantiated and is certainly an overgeneralization. The fact that the Applicants may have a good authentication process to verify the identity of the customer does not necessarily equate with good security. Authentication is only one aspect of security. The fact
-9-that the Applicant's optimize authentication may come at a cost to the Applicants' overall security. Improved authentication, while it improves one aspect of security, does not necessarily improve overall security and may, in fact introduce new vulnerabilities, such as a breach of confidentiality. The Applicants' ability to view customer accounts and account balances in the course of verifying a transaction is an example of how increased authentication may come at the expense of other security objectives, such as confidentiality.
38. In this regard, the web pages relating to "security" relate solely to privacy protection. This indicates that the Applicants do not have a professional level of understanding regarding the subjects of privacy and security; how they are distinct and where they are related.
39. The following statement regarding "security" appears on the web site: "We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures implemented by our Site reduce the likelihood of security problems to a level appropriate to the type of data involved."
40. This whole statement is unprofessional. A security professional knows that the term security refers to Confidentiality, Integrity and Availability. Persons trained in security use appropriate language from standards organizations that would include terms such as "reasonable assurance" and "internal controls".
41. It is particularly telling that the Use My Bank website contains not a single security or security policy web page dealing with security issues.
42. In my opinion, the greatest security risk of the Applicants arises from the reliance on payments transacted outside a coordinated governance system. This is a fundamental difference between the Applicants on the one hand, and Scotiabank, on the other. Whereas Scotiabank is a member of the Canadian Payments Association and Interac, the Applicants operate outside a similar system of rules and regulations that engenders trust. These governance systems require their members to abide by rules, audits and standards which govern entire transactions from end to end. GPay and Npay are ungoverned and belong, therefore, to a distrusted settlement system.
- 10 -43. These governance systems define and assign roles, responsibilities, hand-offs, checks and balances, accountabilities, standards and protocols between all stakeholders involved in a payment transaction. This establishes and ensures trust in the validity of each transaction. A well-governed payments system can help to protect all parties from any other party behaving opportunistically.
44. Record levels of resources are now being applied to information security. Despite the resources, there are more security losses and breaches recorded every year. In this environment especially, ensuring trust in the transactions entered into by online customers is extremely important.
45. Recent studies have shown that security and privacy are among the greatest concerns of internet consumers. In particular, internet consumers worry about the fraudulent use of their bank accounts or credit cards and access to their private information.
46. If Scotiabank treats a payment intermediation service the same as any other corporate banking customer, it will likely not institute sufficient controls to ensure the integrity of the transaction. This, in tum, will put all parties involved in the transaction at risk of loss or damage.
47. In my opinion, the fact that the Applicants are unregulated in this respect represents a great long term security risk to both the bank and its customers.
SWORN before me ) ;' ' ) .. i/ at the City of Toronto ) r;)' ) ..--ALEX TODD this 25th da of November, 2005. ) ) ) ) ) A Gimm· sioner for taking Affidavits /
ALEX TODD 16 Rosewell Avenue 416-487-1497 Toronto, Ontario AlexTodd@rogers.com M4R 127 http://members.rogers.com/alextodd PROFESSIONAL PROFILE A forward thinking, sought after Managing Security and Trust Solutions Consultant and subject matter expert, with international experience in Technology, Financial and Government environments.
• Known for innovative strategic leadership and expertise in public-key infrastruct e (PKI) and trust enablement; • Frequent speaker and commentator at information technology seminars and conferences, and author of published thought-leadership papers and courses; • Motivated by challenge, change, vision for new frontiers and acting as trusted advisor ml to clients, including C-level executives, needing to translate their business objectives ~ 1 into technology-assisted solutions; and • Accomplished at achieving extraordinary business results and stimulating new growth ~ l opportunities through analysis of markets, industry trends, economic conditions and ~ j formation of synergistic business alliances. CAREER HIGHLIGHTS IBM Global Services (IGS) Canada Managing Consultant
Responsible for developing trust, PK/, authentication and electronic signature solutions business opportunities and managing consulting engagements. Acted as Enterprise of the Future Lead for Trust-enabling Services, a global /GS initiative by IBM Distinguished Engineers to recommend a future services strategy for /GS with a two to five years horizon.
• Aligned the trust enablement vision fore-business to IBM's newly defined Business on Demand strategy;
• Exclusively engaged by security technology vendors as their "advocate" inside IBM; • Won and managed first ever Canadian annuity contract for an "on demand" PKl-based security technology solution, worth $1.2m over 5 years;
• Spearheaded winning of a $400K "on demand" ASP security and privacy assurance engagement with a Canadian provincial healthcare organization;
• Secured two retainer-based engagements for ongoing consulting work; and • Formulated IBM's PKI strategy for the entire financial services sector in Canada. 2000-2001 Senior Trust Solutions Consultant
Responsible for incubating the Global Trust Acceleration Center, within the PK/ Center of Competency, bringing new points of view to clients worldwide to assist them in pursuing innovative new business models supported by industry-specific trust-enabling solutions (primarily in healthcare, financial services, distribution and public sectors.) Provided subject matter expertise and support to IBM's marketing, sales and engagement delivery teams.
......._,,....,...._ ; S 1 ,... l 6 j ~i ii:li 2002-2003
Alex Todd
• Created a vision for Trusted e-Business and formulated the industry's first, comprehensive Trust-enabling Services Framework and demonstrated how it maximized value for a-marketplace, e-government, consumer packaged goods and financial services industry initiatives;
• Applied the Trust-enabling Services Framework that defines the services required to establish and ensure trust in electronic information being relied upon throughout the lifecycle of a business transaction to the trust enablement needs of 828 e-marketplaces, healthcare (HIPAA), financial services (payments, fraud and Basel II) and governing bodies;
• Delivered $5 million in PKI business worldwide and opened the doors to numerous opportunities for both the Security & Privacy and other practices throughout IGS;
• Expanded existing client engagements by introducing additional security and trust services that span IGS business units;
• Added value to Account Executive sales calls by delivering a Trusted e-Business message that resonates with C-level executives, outside the IT organization;
• Developed and delivered more than 20 original, thought leadership presentations on PKI and trust for both internal and external audiences, which opened new business opportunities; and
• Influenced IBM's global marketing message for Security and Privacy by including trust value statements targeted at line-of-business executives.
IT Security Consultant - PKI
Responsible for deliver consulting services to clients on PK/ requirements, IT security assessments and design, and privacy policy development. Accountable for all business consulting activities that included the development of the business strategy, requirements and value assessment, legal liability analysis, governance materials, legal framework (including: by-Jaws, system operating rules, certificate practice statements, certificate policies and contracts), and compliance criteria for the Canadian Payments Association (CPA) PK/ engagement. Managed and conducted IT security controls assessment projects, based on the BS7799 Code of Practice for Information Security Management, for government and financial services organizations in Canada and the United States. • Successfully devised and executed a novel, winning strategy for securing the Canadian Payments Association root CA PKI engagement by assembling and managing an international consortium of external legal experts. This was the largest security engagement in the history of the Security & Privacy practice in Canada and the third largest IGS security and privacy engagement in the world.
Cebra Inc. (a Bank of Montreal/Harris Bank company} 1998-1999 Product Line Manager
Accountable for maximizing the value proposition of a suite of business-to-business electronic commerce products, which required inventing cost effective, paradigm shifting solutions.
• Realigned product development efforts towards strategic components of the product offering. Diversinet Corp. (a PKI technology company) 1997 -1997 Executive Vice President
Responsible for managing an international research and development effort for a PK/ management software product. Built and managed a product management team, developed a market strategy, supervised a remote software development office in Israel, contributed to corporate governance initiatives, protected corporate assets from foreign interests and represented the company in domestic and international markets.
• Successfully repatriated corporate intellectual property assets and saved the company from losing its core business assets to foreign interests.
2
1999-2000
.. Alex Todd 3 Director of Strategic Marketing
PKl-based Internet security market and technology assessment and recommendations on product requirements and market positioning. Acquired an in-depth knowledge of public-key cryptography applications for encrypted communication via e-mail, access control. and digital signatures, as well as issues related to certificate management and establishing trust in public keys.
• Repositioned and refocused product development efforts toward the company's core competencies.
Phase Ill Computing Inc. 1990-1996 Entrepreneur
Designed and developed two software products, called President's Planner and Partner's Planner, and strategically positioned and sold them via a variety of direct selling initiatives, including CompuSeNe. • Invented a proprietary, natural-language expert system that interprets the meaning of statements entered in English, within the context of a personal information manager; and
• Awarded "a big Chaos Manor Orchid" by Jerry Pournelle, BYTE Magazine, April 1993; • Secured premium price points, the highest market penetration and acceptance and unrivaled customer satisfaction.
Quarterdeck Office Systems 1989-1990 Canadian Branch Manager
Lotus Development Canada Corporation 1986-1988 Reseller Channel Marketing
EDUCATION AND PROFESSIONAL DEVELOPMENT Bachelor of Commerce, University of Toronto, 1981 IBM Courses: • Architecting Secure Solutions, 2001; • Speaking with Impact, 2001; • Project Management, 2000; • IT Process Model, 2000; • Professional Consulting Workshop, 1999; • Security Consulting Methodology, 1999; and • PKI Deployment Methodology, 1999. AUTHORSHIP AND SPEAKING ENGAGEMENTS • "Innovative Trust-enabling Services", whitepaper for IBM Global Services' Enterprise of the Future initiative, 2003;
• Interviewed for "Trust: Opening up the opportunities of e-business", by IBM's Peter Andrews for Executive Tek Report, 2002, available at http://www-1.ibm.com/services/insights/etr trust.html;
• "Trusting Information - Not the Source", presentation sponsored by The Canadian Information Processing Society (CIPS) and IBM in 2002;
• "Trusting Information Beyond - Public Keys", RSA Security Conference, San Jose, February 2002;
Alex Todd 4 • "e-Trust: Establishing consumer confidence in online commercial transactions", Electronic Security & Privacy 2001, 2001;
• "Beyond PKI: Toward a Comprehensive Trust Model for Emerging B2B a-Markets, Entrust SecureSummit 2001;
• Member of the Editorial Advisory Board for CyberSecurity Advisor, published by Aspen Publishing • "Trust: The business case for privacy in B2B a-marketplaces", Zero-Knowledge Privacy by Design Conference, 2000;
• "Trust: The foundation for value in 82B a-Marketplaces", Ventro Leadership Forum, 2000; • "Beyond PKI: Toward a comprehensive trust model for 828 e-Marketplaces", SecureWorld 2000; • "Public Key Infrastructures (PKls): Securing transactions in an evolving PKI environment", e-Security 2000;
• "A PKI Primer: What every good corporate lawyer should know about today's most advanced approach to security on the Net", Netlaw 2000;
• "Business Solutions Enabled by PKI - How to identify a killer application for PKI", financial institution presentation, 1999; and
• "Trust: The equity of the digital economy", white paper, 1998.
UseMyBank- Instant online debit payments ... made easy! - -o- - -- -~J!:rctf.·g;f-':'~~~'~,.; Instant online debit payments ... made easy MEMBER LOGIN Forget Your Password?
Security '· ~ - -:_,-~·- -~;_ .;_ _ ·:{r~·;;~ 0·· :_) ·· Pritl~~*~K? Privacy Practices Summary 'Maroat:etF/;;; What Do We Collect or • . . <~\.__:_~-~ Hospit~P:,~ ,,., Disclose? Why Do We Collect or Disclose this Information? -__ , .· foundation . our ·1ision .. .to corir r f i uei: ~~· - D jcollect?I Disclose? Co ght · Remqu:leestte ~ Shiute; CCusotnotmenizt e Ithmep rSoivtee MaTrekleet-ing MOarktheetirn g IOnfsftearnst TaPrrgoefitlien g IPRro&fDile l HSoisctoiaryl Try UseMyBank now and make a donation yp~~:~t DDD0D8DDDD00 y~~;~:il 000000000000 Govtj~sued DOODODOOOODO Attention Sellers! ~s::!~~~d 000000000000 Pur~~~s 000000000000 F~~~I 0DD0DDDDDDD0 Co~~~~~~on00000DOOOOD0 $ :,ff: [J[]DtJD[JDDDDtJD Start Increasing Profits Today! ";:.~::t0DD0DDDDDDD0 ":~:!~k·nnnnnnnnnnnn
https://www.usemybank.com/PrivacyBotSecuritySummary .asp
11/25/2005
UseMyBank- Instant online debit payments ... made easy! ~ -e- - -~ -What they are saying I Data IL_JI II ILJI IL_JI II ILJI ILJL .J p~~~~~:s DDDDDDDDDDDD Thank you so much and I y~~:i.~~~2 think this service will be of SDDDDDDDDDDD D great help to many people who either don't want to use a credit card or don't have y~~.:~~~~, DDDDDDDDDDDD one ....W arren Your Health-Related Information D 01 D DDDDDDDDD IOI ··-----~---- ID Cookies Used? Children's Site? -.........,.~ Pawenm'b;J U=wyit<ml• UseMyBank Services, Inc. 7B Pleasant Blvd., Suite 1183, Toronto, Ontario M4T 1K2 Canada ipsCA I Client Support: email: suoport@usemybank.com I Seeun~d Tel: 1-866-672-2265 Sales/Business Development: PrivacyB ot- email: sales@usemybank.com Tel: 1-888-706-2265 or local Toronto(GTA) at 416-727-3806. Cllct to V.!!i tNs ~ Media Relations: Targeted Messages.(Bradley Moseley-Williams) J;li!33iill1 email: bmw@TaraetedMessaaes.com ~ i~ Tel: 416-785-7056. TESTED DAILY 25-NOV All other inquiries: Last update: Sep. 29, 2005 - V2.9.7 email: info@usemybank.com. © 2002-2005 UseMyBank Services, Inc. All rights reserved. Tel: 1-888-706-2265 or local Toronto(GTA) at 416-727-3806. All trademarks used or referred on this site are the property of the respective companies and/or owners.
https://www.usemybank.com/PrivacyBotSecuritySummary .asp
11/25/2005
Us~MyHank- lnstant onlme debit payments ... maae easy!
F·. u. .t o~lti~~; Forget Your Password?
Security OUR PRIVACY POLICY STATEMENT Your privacy is important, so we'd like to explain what information we collect when you visit UseMyBank (http://www.usemybank.com), why we collect it and how it is used. We'd also like to explain your options to access and control your information, our data security practices and other matters. This Policy is governed by our Terms and Conditions of Use. A summary chart can be found by clicking here. 1. THE PRIVACYBOTTRUSTMARK We have registered with PrivacyBot.com, an independent privacy seal program. We display the PrivacyBot Trustmark to show our commitment to good privacy practices. Click the Trustmark to see our standing with PrivacyBot. 2. SPECIAL NOTE ABOUT CHILDREN Try UseMyBank right now and This Site is not intended for children, especially children under 13. Children may make a donation use this Site only with the direct supervision of their parent. 3. WHAT INFORMATION DO WE COLLECT FROM YOU? WHY? We May Profile Users Pseudononymously. We may build a pseudononymous profile of your online habits, interests and activities when you use our Site. This profile will not reveal or be linked to your personal identity. We compile these profiles from "real world" contact information (e.g., street address, phone/fax), email addresses, privately-issued unique identifiers (e.g., UserlDs and passwords), data relating to a specific purchase, user navigation and browsing patterns, and we use these profiles for the purposes described below (please scroll down to each topic for details).
We May Collect Information Needed to Contact You Later: If we collect personal contact information (as described below), you may later have us https://www.usemybank.com/PrivacyBotSecurity.asp 11/25/2005
Gt ~ ~ • :;i 0 ~ iii" 0 ::; QI ; < CT :: : ; : <I> 0 r 0 ..... ~- <I> r ::i !D r s · :
Us~MyBank- Instant online debit payments ... made easy!
modify or remove it from our system, but you may not access the information yourself. You may choose simply not to provide personal contact information by opting-out at the point of collection.
We May Collect Your Name, Address and Phone Number. When you use our Site, we may request your name, street address, telephone number or other "real world" contact information.
This information does not inherently reveal and will not be linked to you personally. We use this information to complete and support the immediate activity requested, administer and run the Site, improve the Site for everyone, market things to you in the future {other than by telemarketing}, build a profile of your habits, interests or activities to treat you as an individual, build individual profiles for ongoing research, analysis and reporting, comply with laws requiring preservation of social histories, and to comply with any requirements of law. This information may be disclosed only to our staff and to our immediate agents, sellers, and billers.
We May Collect Your Email Address. We may request your email address, or other information needed to contact you online. This information does not necessarily reveal who you are and we will not link it to your personal identity. We use it to complete and support the immediate activity requested, administer and run the Site, improve the Site for everyone, market things to you in the future (other than by telemarketing), build a profile of your habits, interests or activities to treat you as an individual, build individual profiles for ongoing research, analysis and reporting, comply with laws requiring preservation of social histories, and to comply with any requirements of law. This information may be disclosed only to our staff and to our immediate agents, sellers, and billers.
We May Collect Other Kinds of Information from You: When you use our Site, we may collect personal information about you described below. You may later have us modify or remove the information, but you may not access the information yourself. You may choose simply not to provide actively gathered information by opting-out at the point of collection.
You May be Prompted for a UserlD and Password. We may ask you to enter a web site ID, password or other identifier. This information will not reveal your identity or be linked to you personally. We use this information to complete and support the immediate activity requested, administer and run the Site, improve the Site for everyone, market things to you in the future (other than by telemarketing), build a profile of your habits, interests or activities to treat you as an individual, build individual profiles for ongoing research, analysis and reporting, comply with laws requiring preservation of social histories, and to comply with any requirements of law. This information may be disclosed only to our staff and to our immediate agents.
We May Collect Purchase Information. We may collect information actively generated https://www.usemybank.com/PrivacyBotSecurity.asp 11/25/2005
Us.eMyBank- Instant on1ine debit payments. .. maae easy!
by the purchase of a product or service, such as confirmation/reference number/id. This information will not inherently reveal your identity or be linked to you personally. We use this information to complete and support the immediate activity requested, administer and run the Site, improve the Site for everyone, market things to you in the future (other than by telemarketing), build a profile of your habits, interests or activities to treat you as an individual, build individual profiles for ongoing research, analysis and reporting, comply with laws requiring preservation of social histories, and to comply with any requirements of law. This information may be disclosed only to our staff, to our immediate agents, sellers, and billers.
We May Collect Information About Your Finances. We may collect information about your financial account status, purchase and payment history and other financial data to help establish a financial status for your on-screen persona. This information will not reveal your identity or be linked to you personally. We use this information to complete and support the immediate activity requested, administer and run the Site, Attention Sellers! comply with laws requiring preservation of social histories, and to comply with any requirements of law. This information may be disclosed only to our staff and to our immediate agents.
We May Collect Information About Your Computer. When you visit our Site, we may automatically collect information about your computer configuration, such as your browser type, operating system, IP address or ISP domain name. This infqrmation will not reveal your identity or be linked to you personally. We use this information to complete and support the immediate activity requested, administer and run the Site, comply with laws requiring preservation of social histories, and to comply with any requirements of law. This information may be disclosed only to our staff and to our
immediate agents, sellers, and billers.
Start Increasing Profits Today! We May Collect Navigation and Clickstream Data. As you browse our Site, we may gather navigational and clickstream data that shows what pages are visited and how long various features are used. This information will not reveal your identity or be linked to you personally. We use this information to complete and support the immediate activity requested, administer and run the Site, improve the Site for everyone, build a profile of your habits, interests or activities to treat you as an individual, build individual profiles for ongoing research, analysis and reporting, and to comply with any requirements of law. This information may be disclosed only to our staff and to our immediate agents, sellers, and billers.
We May Collect Interactive Data. You may decide to input data while using certain interactive features at our Site, such as queries submitted to a search engine. This information will not reveal your identity or be linked to you personally. We use this
information tp complete and support the immediate activity requested, administer and run the Site, improve the Site for everyone, comply with laws requiring preservation of social histories, and to comply with any requirements of law. This information may be disclosed only to our staff and to our immediate agents, sellers, and billers.
https://www.usemybank.com/Privacy BotSecurity .asp
11125/2005
U~eMyBank- lnstant online debit payments ... made easy! .C Gl.~I:' '"t Ul. ...J What they are saying 4. CERTAIN EXCEPTIONAL DISCLOSURES We may disclose your information if necessary to protect our legal rights or if the information relates to actual or threatened harmful conduct. Disclosure may be required by law or if we receive legal process. I appreciate the fast reaction to this problem and the no hassle policy ... I am happy with the 5. WE CURRENTLY DON'T USE COOKIES usemybank alternative to the credit Cookies are small files stored by your browser in your computer when you visit a card route ... James web site. Cookies are used to recognize users and improve web site performance. Currently, we don't use cookies. If we later decide to use cookies, we will revise this Policy accordingly.
6. HOW DO WE PROTECT INFORMATION WE COLLECT? We offer secure web pages to collect certain kinds of user information and we store certain kinds of data in encrypted form. We follow reasonable technical and management practices to help protect the confidentiality, security and integrity of data stored on our system. While no computer system is completely secure, we believe the measures implemented by our Site reduce the likelihood of security problems to a level appropriate to the type of data involved.
7. HOW LONG DO WE KEEP USER INFORMATION? We generally keep user data on our server or in our archives for as long as we reasonably need it. We may alter this practice according to changing requirements. For example, we may delete some data if needed to free up storage space. We may keep other data for longer periods if the law requires it. In addition, information posted in a public forum could stay in the public domain indefinitely.
Data management requests are administered in an orderly manner to the extent feasible and within our direct control. Note: we have greater control over recently collected data than for archived data. Once data is removed from the system and archived, it may not be feasible to accommodate specific requests. In those cases, our general data retention policy applies.
8. YOUR CONSENT TO THIS POLICY By using our Site, you agree to this Policy. This is our entire and exclusive Privacy
Policy and it supersedes any earlier version. Our Terms of Service take precedence over any conflicting Policy provision. We may change our Policy by posting a new version on our Site.
9. LEGAL DISCLAIMER This Site operates AS-IS and AS-AVAILABLE, without liability of any kind. We are
not responsible for events beyond our direct control. This Policy is governed by Ontario law, excluding conflicts of law principles. Any legal actions against us must be commenced in Ontario within one year after the claim arose, or be barred.
10. IF YOU HAVE A PRIVACY QUESTION If you have a privacy question about our Site please email:
https://www.usemybank.com/PrivacyBotSecurity.asp
11125/2005
UJeMyHank- lnstant online debit payments. .. made easy! rag~ Jui..; support@usemybank.com Or write: UseMyBank Services, Inc. 78 Pleasant Blvd.,
Suite 1183, Toronto, Ontario M4T 1K2 Canada
UseMyBank Services, Inc. 7B Pleasant Blvd., Suite 1183, ,ipsCA Toronto, Ontario M4T 11<2 Canada Client Support: email: supoort@usemybank.com S•eured Tel: 1-866-672-2265 Sales/Business Development: PrivacyB ot'"' email: sales@usemybank.com Tel: 1-888-706-2265 or local Toronto(GTA) at 416-727-3806. alft.IO y.r!fY 81111... • Media Relations: Targeted Messages (Bradley Moseley-VVilfiams) 'f HACKER SAFE email: bU1w@TargetedMessages.com Tel: 416-785-7056. TESTED DAILY 25-NOV All other inquiries: Last update: Sep. 29, 2005 - V2.9. 7 email: info@usemybank-com. © 2002-2005 UseMyBank Services, Inc. All rights reserved. Tel: 1-888-706-2265 or local Toronto{GTA) at 416-727-3806. All trademarks used or referred on this site are the property of the respective companies and/or owners.
https://www.usemybank.com/PrivacyBotSecurity.asp
11/25/2005
useMyl:Sank - instant onlme c.teb1t payments ... maae easy! Pagel ot L MEMalR :&.OtiN ::] Forget Your Password?
The world's first payment service to use the existing Online Banking Payment Systems.
Sellers Buyers Start accepting instant online debit Use your existing online bank account safely, payments from over 11 million online securely. and conveniently. Try UseMyBank right now and banking consumers. make a donation Enabling Instant Online Payments for over 11 million Now accepting Sellers from Canada, online banking consumers. the United States, and Internationally. Signup today! Tell me how it works and start making payments ln less than 5 minutes" through UseMyBank! Attention Sellers! Tell me how it works or click here to Signup today. Financial Institutions \., i '\"'_, View Financial Institutions II • United States - 02 2005 - Delayed due to New US Regulations • International - Q2 2005
Start Increasing Profits Today!
What they are saying https://www.usemybank.com/index.asp 11125/2005
UseMyBank - Instant online debit payments ... made easy!
I appreciate the fast reaction to this problem and the no hassle policy ... I am happy with the usemybank alternative to the credit card route ... James
UseMyBank Services, Inc. 78 Pleasant Blvd., Suite 1183, ipsCA I Toronto, Ontario M4T 1K2 Canada Client Support: email: support@usemvbank.com Secured Tel: 1-866-672-2265 Sales/Business Development: PrivacyBot- email: sales@usemybank com Tel: 1-888-706-2265 or local Toronto(GTA) at 416-727-3806. c11c1; io y.mry· fflfs •• Media Relations: Targeted Messages (Bradley Moseley-Wiiiams) ijJ!i·iij:f#;l}'@ij email: bmw@TargetedMessages.com Tel: 416-785-7056. TESTED DAILY 25-NOV All other inquiries: Last update: Sep. 29, 2005 - V2.9.7 email: info@usemybank.com. © 2002-2005 UseMyBank Services, Inc. AH rights reserved. Tel: 1-888-706-2265 or local Toronto(GTA) at 416-727-3806. All trademarks used or referred on this site are the property of the respective companies and/or owners.
https://www.usemybank.com/index.asp
11125/2005
Guaranteed Payment is an Internet and Telephone Banking cash rugc l u1 1 NPA Y is a unique payment delivery service. Payments are made over the Internet using a online banking.
NPAY in conjunction with GPAY and UseMyBank provides an internet online banking payment processing service. BENIFITS Payments are not subject to charge back. Universal, everyone has a online banking. Add the option to your existing payment options in as little as in 24 hours. Payments are processed instantly and reported instantly. The entire transaction takes place within the security envelope of the payee's bank.
Email Contact Information NPA Y@NPAY.com BOX 3376 STN MAIN SHERWOOD PARK AB T8H 2T3 Affiliated companies: UseMyBank Services Inc.
7hls ts txhrbrt. ....... "'. E :·· ··.········:::~,rere'f d ro rn the effidsvlt of. ••••• ..J.J.l:Lx. ........ L\1. . d.L ................ . .;)5tl._ sworn before me, this ..........., . ............................. .. day of._ .... ..l.Y ':: ... :. :.J.:)..:~:::.. .......... 20 ..e :.~:: //
http://www.npay.com/
Toll Free NPAYinc. 1-888-706-2265 Press here for a sales ren GPAYinc.
11/24/2005
Uuaranteed Payment is an internet ana l e1epnone tlanKmg casn
GPAY, A Division ofB-Filer Inc, is a unique payment delivery service. Payments are made over the Internet using a online banking.
GPA Y in conjunction with NPA Y and UseMyBank provides an internet online banking payment processing service. BENIFITS Payments are not subject to charge back. Universal, everyone has a online banking. Add the option to your existing payment options in as little as in 24 hours. Payments are processed instantly and reported instantly. The entire transaction takes place within the security envelope of the payee's bank.
Email Contact Information Toll Free GPAY A Division ofB-Filer Inc. GPAY@GPAY.com BOX 3376 STN MAIN 1-888-706-2265 SHERWOODPARKAB T8H2T3 Affiliated companies: UseMyBank Services Inc. Press here for a sales rep NPAYinc.
l;::. 1bls Is ExhTbll..A. •. ...........••••...••••••• refe'(ed to In the aff1davft of... ......... J:.f:.~ ~ · 1 ..... ..if:.d.L ................. . n.c K .. sworn before me, this ..... llY..0 ............................. . A/ \.le/ day of. ••.•••• !..'!.~. .. , . _ . _ .. .. .. , , . . , ~ . , . ................ oS-20 ........ .. --... -... ~F;;a;~·;;:;;;;;:;;;; http://www.gpay.com/ 11/24/2005 v
UseMyBank- lnstant onlme deblt payments ... maae easy!
I MEMIER.t®f"s/I Forget Your Password?
Legal Terms and Conditions of Use
1. Acceptance of terms Your use of UseMyBank is subject to the following Terms and Conditions of Use. UseMyBank reserves the right to update and change, from time to time, these Terms and all documents referenced. The most recent version of these Terms can be found at http://www.UseMyBank.com/legal.asp.
2. Transaction providers You understand that the Transaction Provider may not have consented to and/or endorsed, and/or may not have knowledge of its inclusion as a designated Transaction r Provider, and/or access by you to its Online Service, and that in the context of
UseMyBank as an acting agent on your behalf, and not on the behalf of any Transaction Provider.You understand that UseMyBank provides a link to the Transaction Provider for your convenience, but that (i) if you activate such a link you will be using UseMyBank to access the Transaction Providers web site, and (ii) you are responsible for bill payments or email money transfer made by you using this service.
3. Description of use UseMyBank is a service that facilitates account information and bill payment or email money transfer from your preferred online Transaction Provider. The providers and sources of your online accounts are referred to in these Terms as "Transaction Providers". The account information that is collected from these Transaction Providers is used on your behalf (ie. account information, Bill payee, etc). In order to access the account information from these Transaction Providers, UseMyBank will request your online Login Information. "Login Information" is your user ID, password, Personal Information Number (PIN). and other information that provides online access to the appropriate account information and billing facilities. The terms "Login Information" and "Account Information" are collectively referred to in these Terms as "Buyer Information." Please note account access from these Transaction providers will be used to process bill payment or email money transfer transactions from the selected account and at no time
https://www.usemybank.com/legal.asp
11/25/2005
UseMyBank- Instant online debit payments ... made easy!
will the account information of login information be logged, and hence cannot be used in the facilitation of any transactions. UseMyBank is simply a facilitator, all rules and regulation governing the transferring of funds is provided by NPAY(NPAY Inc. which is the corporation that has Biller account with the Transaction Providers). Transaction Providers may prohibit the disclosure of Login Information or deny liability to the user if Login Information is disclosed. It is the users responsibility to review their agreements with the Transaction Providers to determine whether disclosure ·is permitted, what the consequences of such disclosure are and what liability will be in connection with such disclosure.
i. For funds transfer, the Seller and Affiliate Terms and Conditions can be found by clicking here ii. For funds transfer, the Buyer Terms and Conditions can be found by clicking I "'·.)· :=;r, here. j ., ·. "--. : H~ifal ~ 4. Your authorization of UseMyBank services i . ~-' .. f0~8"'~~ Online accounts access is provided by you from the Transaction Providers. By providing [ our vision ...t o pon(fl,!~ caryc~ Login Information, you authorize UseMyBank and its facilitation service to act as your Try UseMyBank right now and agent to access, retrieve your Account Information, and make bill payments or email make a donation money transfer from the web sites of your Transaction Provider site on your behalf. You hereby grant UseMyBank and its facilitation service a limited power of attorney, and you
hereby appoint UseMyBank and its facilitation service as your true and lawful attorney-in-fact and agent, with full power of substitution and resubstitution, for you and in your name, place and stead, in any and all capacities, to access Transaction Provider sites, retrieve information, and use your information, all as described above, with the full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN USEMYBANK AND ITS FACILITATION SERVICE ACCESSES AND RETRIEVES INFORMATION FROM THE TRANSACTION PROVIDER, USEMYBANK AND ITS FACILITATION SERVICE ARE ACTING AS YOUR AGENT, AND NOT THE AGENT OR ON BEHALF OF SUCH TRANSACTION PROVIDER. You agree that the Transaction Providers will be entitled to rely on the foregoing authorization, agency and power of attorney granted by you to UseMyBank. You also authorize UseMyBank and its respective authorized agents and assignee's to receive your Information, to provide that information to its facilitation service in accordance with the terms of the UseMyBank Privacy Policy Statement. UseMyBank is not responsible for any fees that are associated with the facilitation of this services as it relates to Bill Payment or email money transfer through the Transaction Provider and/or third parties.
5. Privacy Certain information, required by law, will be requested through your Transaction Provider. This information is solely used in the Facilitation Service of UseMyBank. All other information is subject to UseMyBank privacy policy statement (http://www.UseMyBank.com/PrivacyBotSecurity.asp). UseMyBank may contact you via your email address, or telephone regarding your account status, payment verification, and provide information to you about enhancements of our services, and respond to your questions or comments about your transactions or other items.
https://www.usemybank.com/legal.asp
11/25/2005
UseMyBank- Instant online debit payments ... made easy!
6. Method of communication To the fullest extent permitted by applicable law and usage, this Agreement and any other agreements, notices or other communications regarding your membership and/or your use of the UseMyBank Service, may be provided to you electronically and-you
agree to receive Communications in an electronic form. Electronic Communications may be posted on the pages within the UseMyBank website and/or delivered to your email address. You will print a copy of any Communications and retain it for your records. All Communications in either electronic or paper format will be considered to be in "writing," and to have been received no later than five (5) business days after posting or dissemination, whether or not you have received or retrieved the Communication. UseMyBank reserves the right but assumes no obligation to provide Communications in paper format. In Ontario, please refer to the Electronics Commerce Act. Your consent to receive Communications electronically is valid until you revoke your consent by notifying UseMyBank of your decision to do so, by sending an email message to support@UseMyBank.com. If you revoke your consent to receive Communications electronically, UseMyBank may terminate your right to use the UseMyBank Service.
Attention Sellers! 7. Anti-spam You agree not to use unsolicited email, usenet, message board postings, or similar methods of mass messaging (spam) to gather referral bonuses. The use of spam to promote the UseMyBank Service has strict negative consequences. UseMyBank will immediately and permanently terminate the account of any member who has used unsolicited email to gain referrals. In addition, you may be subject to Canadian provincial and federal penalties and US state and federal penalties and other legal consequences $ under applicable law if you send unsolicited email. Our Anti-Spam Policy is intended to protect our members, the Internet, and UseMyBank. 8. Specific limitation of liability UseMyBank's facilitation service do not assume responsibility for malfunctions in
communications facilities that may affect the accuracy or timeliness of transactions or Start Increasing Profits Today! information you send or that is provided to you via online access to the site. UseMyBank's service is also not responsible for any losses or delays in transmission of instructions arising out of the use of any Internet service provider providing connection to the Internet or caused by any third party software or systems. In the event that a court should hold that the limitations of liabilities or remedies available as set forth in these Terms, or any portions thereof, are unenforceable for any reason, or that any of your remedies in connection with the online access fail their essential purpose, you expressly agree that under no circumstances will UseMyBank and its facilitation service have any liability to you or any party claiming by, through or under you for any cause whatsoever, and regardless of the form of action, whether in contract or in tort, including negligence or strict liability, in the aggregate, exceed $5,000 (Canadian.). Because some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, in such cases liability is limited to the extent permitted by law.
9. Exchange Rates Best efforts are made to obtain the most accurate and timely exchange rates from Bank of Canada. UseMyBank does not guarantee the accuracy, timeliness. reliability or completeness of this service from Bank of Canada. As a user, you acknowledge and
https://www.usemybank.com/legal.asp
11/25/2005
UseMyBank- Instant online debit payments ... made easy! rag~'+ u1 u agree that any reliance on or use by you of the exchange rates shall be entirely at your own risk. In no event shall UseMyBank nor any of its bill payment or email money transfer providers be liable for any direct, indirect, consequential or exemplary damages arising from the use or the performance of the exchange rates provided by Bank of Canada.
10. Specific disclaimer of warranties YOU EXPRESSLY AGREE THAT USE OF ONLINE ACCESS IS AT YOUR SOLE RISK. NONE OF USEMYBANK'S, THIRD PARTIES, TRANSACTION PROVIDERS, OR THEIR RESPECTIVE LICENSORS, AFFILIATES, EMPLOYEES, DISTRIBUTORS OR AGENTS WILL HAVE ANY LIABILITY FOR ANY DIRECT, INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL OR OTHER DAMAGES SUFFERED BY YOU OR ANY OTHER PARTY (REGARDLESS OF WHETHER OR NOT SUCH PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) RESULTING FROM: (I) THE USE OR THE INABILITY TO USE THE SERVICE; (II) THE COST OF OBTAINING SUBSTITUTE GOODS OR SERVICES RELATING IN ANY MANNER TO YOUR USE OR NON-USE OF THE SERVICE; (Ill) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (IV) STATEMENTS OR CONDUCT OF ANYONE ON THE SERVICE; OR (V) ANY OTHER MATTER RELATING IN ANY MANNER TO THE SERVICE.
11. Termination Either you or UseMyBank may terminate your use of this service at any time without prior notice. You can cancel your transaction at any time during the use of this service at any time and have your information deleted from our records. The UseMyBank Terms of Service which apply to your use of your online account and transaction providers, provides that UseMyBank expressly reserves the right to immediately modify, suspend or terminate your transaction and refuse current or future use of any UseMyBank service, including online transaction processing. If UseMyBank in its sole discretion believes you or someone using your online access has: (i) violated or tried to violate the
What they are saying rights of others; or (ii) acted inconsistently with the spirit or letter of the UseMyBank's Terms.
12. Invalidity of specific terms If any provision of these Terms or any document incorporated by reference is found by a
I appreciatf¥ the fast reaction to this court of competent jurisdiction to be invalid, the parties nevertheless agree that the court problem and the no hassle should endeavor to give effect to the parties' intentions as reflected in the provision, and policy ... I am happy with the the other provisions of the such documents remain in full force and effect. usemybank altern.ative to the credit card route ... James 13. Age of use You agree and accept that payments that require age verification have been completed and accepted. UseMyBank services restrictions are not limited. All use is governed by the Transaction Providers and Third Party suppliers.
14. Legal matters . The UseMyBank Terms which apply to all use of the online access through the transaction providers, provides that both you and UseMyBank agree that any dispute or controversy arising out of or relating to any interpretation, construction, performance or
https://www.usemybank.com/legal.asp
11125/2005
UseMyBank - Instant online debit payments ... made easy! breach of these Terms, shall be settled by arbitration to be held in Toronto, Ontario, before a single arbitrator and in accordance with the Commercial Arbitration Rules then in effect and/or pursuant to the statues of Ontario, and in particular, the Arbitrations Act. Each party irrevocably and unconditionally consents to the jurisdiction of any such proceeding and waives any objection that it may have to personal jurisdiction or the laying of venue of any such proceeding. The parties will cooperate With each other in causing the arbitration to be held in as efficient and expeditious a manner as practicable. If the parties are unable to appoint a mutually acceptable arbitrator within thirty (30) days after a party gives written notice to the other requesting resolution of a dispute, the a Ontario court shall appoint the arbitrator in accordance with such Commercial Arbitration rules and/or the Arbitrations. The arbitrator may grant any and all relief permitted by the Arbitration Act. The decision of the arbitrator shall be final, conclusive and binding on the parties to the arbitration. Judgment may be entered on the arbitrator's decision in any court having jurisdiction. Nothing herein shall prevent the parties from settling any dispute by mutual agreement at any time.
15. Indemnities EXCEPT WITH RESPECT TO CLAIMS, COSTS, AND LIABILITIES ARISING PRINCIPALLY BY REASON OF USEMYBANKS' NEGLIGENCE, YOU WILL INDEMNIFY USEMYBANK AGAINST ANY CLAIM, COST AND LIABILITY INCURRED BY YOU IN CONNECTION WITH USEMYBANK PROVIDING ITS FACILITATION SERVICE. IN ADDITION, YOU AGREE TO RELEASE USEMYBANK FROM ANY CLAIM, COST, AND/OR LIABILITY INCURRED BY YOU IN CONNECTION WITH THE USEMYBANK SERVICE, EXCEPT FOR THOSE ARISING PRINCIPALLY BY REASON OF USEMYBANKS' NEGLIGENCE.
16. Language It is agreed that this Agreement and all related documents, including notices, be drawn
up in the English language only.
17. Code of Practice UseMyBank endorses the Canadian Code of Practice for Consumer Debit Card Services
and is committed to maintaining and/or exceeding the level of customer protection for all its clients. Note: this is a voluntary code.
18. Notices i. The following legal agreement details the users responsibilities and obligations along with UseMyBank/NPAY with its facilitation of online bill payments or email money transfer from accounts of these Transaction Providers and by using this service you agree to be bound by same. ii. A copy of this agreement will not be mailed to the user. Please print or save this agreement by using the "Print" or "File/Save" options the appropriate Internet browser.
Sept. 29, 2005
https://www.usemybank.com/legal.asp
11125/2005
UseMyBank - Instant online debit payments ... made easy! --o-----UseMyBank Services, Inc. 78 Pleasant Blvd., Suite 1183, ipsCA Toronto, Ontario M4T 11<2 Canada Client Support: email: support@usemybank.com Secure-d Tel: 1-866-672-2265 Sales/Business Development: Privacy Bot'"'' email: sales@usemvbank.com Tel: 1-888-706-2265 or local Toronto(GTA) at416-727-3806. Click to V!!'!y lflts Sil• Media Relations: Targeted Messages (Bradley Moseley-Wiiiams) 9 HACKER SAFE email: bmw@TargetedMessages.com Tel: 416-785-7056. TESTED DAILY 25-NOV All other inquiries: Last update: Sep. 29, 2005 - V2.9.7 email: info@usemybank.com. © 2002-2005 UseMyBank Services, Inc. All rights reserved. Tel: 1-888-706-2265 or local Toronto(GTA) at 416-727-3806. All trademarks used or referred on this site are the property of the respective companies and/or owners.
https://www.usemybank.com/legal.asp
11/25/2005
. ~ .~ '.' , • - n -(}sack ... '°t::( €) 'I"\_ ':•) )-) Search Favorites -=-9 - ~~- --- ---- --t.i,ddress ti http: f/www.~se~~b~~k.com/legal.asp ~ 1 7. Code of Practice UseMy8ank endorses the Canadian Code of Practice for Consumer Debit Card Seivices and is committed to maintaining and/or exceeding the level of customer ~L~}-~fE:t~if~~l'.'E~~~J::~J!~!~~f~i~t~i .. File Edit \liew Favorites Tools Help (!,) 8-'>Ck \J ~ ~ '..:!~ fJ Search u Favorites e .e ... ~~ ~ LJ ' Address !I) http:/lstrat;~is~i~~~~.~~f~~i~1i~t;;;;;t/in~c~-bc.~~fl~~k~015B1e.html-- - -- --IJ 1] Go '· ' - . ~' ~ [iJ The page cannot be found The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
ipsCA Please try the following: Seeure-d • If you typed the page address in the Address bar, make sure that it is spelled correctly. • Open the strategis.ic.gc.ca home page, and then look for links to the information you want.
• Click the ¢=i Back button to try another link. fJ HACKER SAFE • Click Q Search to look for information on the Internet. TESTED DAILY 25-NOV Last update: Sep. 29, 2005 - V2.9 ©2002-2005 UseMyBank Service All trademarks used or re'ferred on HTTP 404 - File not found Internet Explorer
BETWEEN: B-FILER INC. -and- THE BANK OF NOVA SCOTIA Applicants
McCarthy Tetrault LLP Barristers & Solicitors Box 48, Suite 4700 Toronto Dominion Bank Tower Toronto, ON M5K 1E6
F. Paul Morrison LSUC #: 17000P Tel: (416) 601-7887 Fax (416) 868-0673 Lisa M. Constantine LSUC#: 35064B Tel: (416) 601-7652 Fax: (416) 868-0673 Solicitors for the Respondent 4051702v2
Respondent Court File No. CT 2005-006 COMPETITION TRIBUNAL AFFIDAVIT OF ALEX TODD (Sworn November 25, 2005)