Financial data sharing that puts user privacy first

Exploring the potential of privacy-enhancing technologies to power more secure data sharing in the financial space.

Written by Panos Chatzigiannis, Catherine Gu, Mert Ozbay, Srini Raghuraman, Peter Rindal, and Mahdi Zamani.

Financial algorithms. See image description for details.
The exemplary image depicts data sharing that happens between users and financial institutions. The shared data is financial in nature. This data sharing happens in a secure and privacy-preserving manner, symbolized by the shield in the middle.
When you tap your card at a store or click the submit button on an online order, it takes only a few seconds for the payment to process. Within this short time interval, efficient algorithms trained on huge amounts of financial data work to detect anomalous activity and potentially block the transaction. Sophisticated algorithms use rich financial data to help our financial system function properly and securely. Such algorithms can detect financial crimes, compute macroeconomic statistics that inform policy decisions and calculate your credit score, to name a few.

The potential and challenges of financial data

Financial institutions each generate a large amount of data, especially as a result of increasing digital payment adoption. When it comes to data, more is better. Pooling together financial data from these institutions can increase the potential of these algorithms, including enabling better prediction models, performing more capable and accurate calculations and generally improving their outcomes in the financial system. But data can also be personal. It often contains personally identifiable information, so laws and regulations, such as the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the United States, limit data sharing to protect the consumer’s right to privacy. As a result, a lot of useful data is siloed-off among different financial institutions.

Advances in cryptography and machine learning have opened a new realm of technological possibilities that can help resolve this conflict between privacy and data sharing. Institutions can collectively process information and produce outputs while also keeping financial data private, preserving user anonymity and confidentiality. Such advances are commonly referred to as Privacy-Enhancing Technologies (PETs). As a joint effort between Visa Research and Visa Crypto Product teams, we authored a whitepaper that highlights existing PET techniques which can facilitate financial data sharing in a way that preserves privacy. This whitepaper was inspired by recent work from Visa Research, which received a special recognition from the White House. Our whitepaper shows how privacy-preserving financial data sharing using PETs can provide benefits for various use cases within the financial system.

Making privacy technologies accessible

It might require substantial time and effort for many enterprises and agencies to gain the in-house domain expertise and technical capacity to implement these technologies. Enterprises should consider outsourcing to dedicated external providers who can select the optimal algorithms per use case, build the setup and allocate the necessary computations among the participating institutions. In our paper, we propose a new paradigm, called PET-as-a-Service (PETaaS), to increase the adoption of PETs in real-world applications such as privacy-preserving financial crime prevention, data analytics and so forth. Such a model allows defining generic APIs as well as infrastructure for executing recurring PETs functionalities while minimizing the amount of overhead required of corporations and governments.

At Visa, we are committed to developing research and partnerships that build toward the future of payments. To share our research on the future of financial data sharing, regulations, privacy and PETs, we are publishing a whitepaper that highlights existing PET techniques. For comments, feedback, and further questions, you can reach out to us at [email protected].