Privacy-Enhancing Computation: The future of cross-institutional secure data sharing

April 12, 2021

In a recent survey conducted by KPMG, 51% of banks reported a significant number of false positives resulting from their technology solutions, hampering efficiencies in fraud detection.

KPMGConclaveQuote

In an effort to reduce risk, institutions continually monitor and segment their customer data. They employ a host of different techniques to effectively do this, including software tools, precise risk scoring, behavior analytics, and more. However, they still may not get the “full picture” when it comes to a customer’s risk profile. Unknown knowns remain in part because customers often have relationships with more than one bank, insurance firm or provider. On top of this, financial crime, money laundering and other fraudulent activities remain difficult to detect because criminals purposely distribute their activities across different institutions, knowing that those institutions hesitate to share their data with one another.

Companies know that data sharing could hold the key to unlocking greater analytics and insights in their fight against fraud and financial crimes. That said, it rarely happens because of an inherent mistrust in how their data will be used. Concerns around data privacy, lack of control, and fear of proprietary information getting into the wrong hands outweigh the benefits of insights that might come from peers pooling data. But what if firms could receive technical assurances that their data will not be viewed or misused as it’s being pooled and analyzed? That they would be in complete control over how it will be used?

Well, now they can.

How Privacy-Enhancing Computation (PEC) can help fight fraud

While fraudulent activities have become more sophisticated, fortunately so has the technology that has the power to stop them. Techniques like Privacy-Enhancing Computation (PEC) provide protections around data privacy, confidentiality and integrity that make different entities feel comfortable pooling data securely across company lines, to gain insights and identify risk. This means that firms will now be able to combine both data and forces to fight financial crime. In fact, a recent Gartner report highlighted Privacy-Enhancing Computation as one of the top strategic trends for 2021 that IT leaders should assess.

PEC solves the challenge that has been facing security experts for years: how to protect data as it’s being shared, analyzed and operated without exposing or viewing the underlying data. Protecting data in use is the next frontier of data security. Data encryption today covers data at rest and in transit but has not been extended to data in use—until now.

Encrypting data in use is critical to identifying the increasingly complex methods that are evolving to commit financial crimes because it allows firms to pool and analyze sensitive data without compromising on data privacy. In the insurance industry, for example, by using privacy-enhancing techniques, firms can pool, analyze, process, and gain insight from confidential data without exposing the underlying data itself, to identify possible fraud due to multiple claims being presented for the same insured event.

This opens up a world of possibilities across industries. This concept is simple yet was nearly impossible to execute on beforehand due to data privacy concerns. R3, IntellectEU and KPMG have leveraged this technology to deliver ClaimShare, a platform developed to detect and prevent double-dipping across insurers, allowing competing insurers to collaborate to fight fraud.

What are the types of techniques included in PEC?

There are a variety of software and hardware-based methods to protect data in use. Some examples include: secure multi-party computation, homomorphic encryption, zero knowledge proofs and trusted execution environments (TEE). Each technique tackles the problem of how to securely protect data in use, with accompanying advantages and drawbacks.

Confidential Computing stands out as a stable, scalable and highly performant solution for a broad range of use cases. By performing computation in a hardware-based TEE, it prevents unauthorized access or modification of applications and data while in use, thereby increasing the security assurances for organizations that manage sensitive and regulated data.

Meet Conclave – a revolutionary new Confidential Computing platform

Conclave is a new privacy-enhancing platform from R3 that utilizes Confidential Computing. Conclave enables the development of solutions, like ClaimShare, that deliver insight from data shared across parties without actually revealing the data to any other party, thus maintaining controls over how data is used while addressing security and compliance-related obligations.

With Conclave-enabled apps, confidential data can be pooled and processed within an Intel® SGX enclave where none of the contributing parties, nor the enclave host, can access the data. End-users can audit the application’s source code and cryptographically verify the application will run as intended before providing sensitive data for joint pooling or analysis.

As a result, end-users can be confident while sending proprietary data outside of their organization, and software providers can build more predictive financial crime risk management and compliance solutions using sensitive data from multiple firms for cross-institutional insights. ​​

What’s next?

Here are some helpful resources to learn more about PEC, Confidential Computing, and Conclave.

  • Read the Gartner report on why Privacy-Enhancing Computation is a top strategic trend for 2021
  • Learn more about Conclave in a recent blog from R3’s Richard Gendal Brown, titled ‘Introducing Conclave
  • Hear from R3’s Victor Boardman on how data sharing can address ‘double dipping’ in insurance claims in a recent article on Insider Engage
  • Try a free 60 day trial of Conclave today