FNA Shortlisted for BIS Analytics Challenge

News
Written By Saiesha Pitroda

As a result of the widespread increase in consumer fraud and scams, several countries are seeking to establish or strengthen cross-bank, cross-platform, and cross-industry utilities to counter fraud and scams at the national level – and to augment traditional efforts at individual financial institutions. Some data sharing across Financial Institutions (FIs) is crucial for fighting consumer fraud and scams as it enables organizations to track fraudulent funds across the payment system, detect suspicious activity and anomalies effectively, and flag suspicious transactions that may go unnoticed if a bank can only access its own transaction data. This collaborative approach enhances the overall security of the financial ecosystem, enables quicker responses to emerging fraud tactics, and facilitates the development of comprehensive fraud detection systems. Consequently, it protects consumers by reducing the incidence and impact of fraud, thus fostering greater trust and confidence in banking and payment systems.

Figure 1: Example of Money Trail visible to a bank. The amount of information shared about other banks’ customers can be configured by local requirements and the banks’ willingness to share data.

It has been evident for several years that privacy is a key concern when considering sharing data between financial institutions and with authorities for combatting fraud and scams. Legislators have developed robust frameworks protecting personal and other data, and FNA strives  to create solutions that are compatible with these frameworks. FNA has therefore invested in R&D and public sector education for many years.

The BIS Innovation Hub has provided a key forum for exchange at a recent event in London. FNA’s solution tackling the problem statement “How can privacy technology be used to support public and private institutions to share data and intelligence; and collaborate while preserving user privacy?” was shortlisted and Florian Loecker, FNA Chief Technology Officer, presented it at the BIS Innovation Hub’s Analytics Showcase in London on 27-28 March to an audience of senior leaders from central banks, public sector organizations, and financial institutions.

Before we speak about FNA’s solution, let us briefly discuss other solutions that are applicable for the capability that many financial ecosystems are looking to build now – a real time multi-rail track and trace system to freeze fraudulently acquired funds and recover these funds to the victims. FNA deploys these systems in several countries already via its Money Trails solution, e.g. as part of the National Fraud Portal in Malaysia by Paynet and Bank Negara Malaysia. 

Several technologies were presented by participants, of which we’ll focus on three. 

Homomorphic Encryption

First, homomorphic encryption is a technology that allows participants to the sharing scheme to submit data in a fully encrypted format (including encryption of value and timestamp of the payment), whilst preserving the ability of a centralized platform to perform computations on the data. The key disadvantage is that homomorphic encryption does not scale well, with tens (or low hundreds) of thousands of transactions appearing to be the limit for the current state of the art. Since use cases often run into tens of millions of payments per day, and therefore hundreds of millions or billions of payments per month, the computational complexity currently appears prohibitive.

Secure multi-party computation

Second, secure multi-party computation is a technology that employs clever protocols to share data in a noisy fashion (essentially randomized), so that no single party can make sense of the data, but together, they can still compute useful outputs. This is typically combined with basic cryptographic hashing to obscure PII data. The main drawback is that computing useful outputs in a shared setting introduces latency and complexity to the system, therefore making setup costly. Moreover, the calculation of outputs may take several minutes according to studies (1).

Zero Knowledge Proofs

Finally, a solution based on using Zero Knowledge Proofs and cryptographic hashing: the approach presented by FNA has its principal advantage in its simplicity and limitless scalability, whilst protecting all Personally Identifiable Information (PII) data in payments. Identifying data is hashed securely using a common protocol across Financial Institutions, and can only be recovered by parties who already own the data. Because the protocol is common, potentially illicit transactions can still be linked, enabling track & trace (as well as other applications such as transaction monitoring under millisecond-level SLAs).  The main drawback is that care is required to make sure that the value and timestamp of payments do not allow the identification of PII data through indirect inference.

 

FNA’s submission was accompanied by a paper: FNA Money Trails and Fraud Intelligence Sharing.

Footnotes & References

  • (1) https://www.bis.org/publ/work1242.pdf

  • (2) e.g. National Scam response Center (NSRC) and National Fraud Portal (NFP) in Malaysia, Anti-Deception Coordination Center (ADCC) in Hong Kong, AFCX in Australia and Cifas/Action-Fraud in UK

  • FNA’s BIS Analytics Challenge submission: FNA Money Trails and Fraud Intelligence Sharing. Access the Paper

Saiesha Pitroda
Previous

FNA to Develop Fraud Portal as a Service
Next

Shaping the Future of Fraud in Real-time Payments