Financial data sharing that puts user privacy first
Exploring the potential of privacy-enhancing technologies to power more secure data sharing in the financial space.
Written by Panos Chatzigiannis, Catherine Gu, Mert Ozbay, Srini Raghuraman, Peter Rindal, and Mahdi Zamani.
The potential and challenges of financial data
Financial institutions each generate a large amount of data, especially as a result of increasing digital payment adoption. When it comes to data, more is better. Pooling together financial data from these institutions can increase the potential of these algorithms, including enabling better prediction models, performing more capable and accurate calculations and generally improving their outcomes in the financial system. But data can also be personal. It often contains personally identifiable information, so laws and regulations, such as the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the United States, limit data sharing to protect the consumer’s right to privacy. As a result, a lot of useful data is siloed-off among different financial institutions.
Advances in cryptography and machine learning have opened a new realm of technological possibilities that can help resolve this conflict between privacy and data sharing. Institutions can collectively process information and produce outputs while also keeping financial data private, preserving user anonymity and confidentiality. Such advances are commonly referred to as Privacy-Enhancing Technologies (PETs). As a joint effort between Visa Research and Visa Crypto Product teams, we authored a whitepaper that highlights existing PET techniques which can facilitate financial data sharing in a way that preserves privacy. This whitepaper was inspired by recent work from Visa Research, which received a special recognition from the White House. Our whitepaper shows how privacy-preserving financial data sharing using PETs can provide benefits for various use cases within the financial system.
Making privacy technologies accessible
It might require substantial time and effort for many enterprises and agencies to gain the in-house domain expertise and technical capacity to implement these technologies. Enterprises should consider outsourcing to dedicated external providers who can select the optimal algorithms per use case, build the setup and allocate the necessary computations among the participating institutions. In our paper, we propose a new paradigm, called PET-as-a-Service (PETaaS), to increase the adoption of PETs in real-world applications such as privacy-preserving financial crime prevention, data analytics and so forth. Such a model allows defining generic APIs as well as infrastructure for executing recurring PETs functionalities while minimizing the amount of overhead required of corporations and governments.
At Visa, we are committed to developing research and partnerships that build toward the future of payments. To share our research on the future of financial data sharing, regulations, privacy and PETs, we are publishing a whitepaper that highlights existing PET techniques. For comments, feedback, and further questions, you can reach out to us at [email protected].