Published: 16/10/2024

Bridging the gaps in digital banking fraud prevention
The arms race between organized crime and defenders against fraud is asymmetrical. Fraudsters collaborate seamlessly within syndicates, while banks’ and payment providers’ efforts to tackle fraud and share data are often fragmented due to hurdles such as data sharing limitations and compliance issues. However, there is a new mechanism available to financial institutions in the fight against fraud, which can help give them the edge.
Introduction
Financial institutions exist in systems where the legal framework relating to data and its secure processing have become a limiting factor in the way of data-driven innovation. However, approaches that can be grouped under the umbrella term Privacy-enhancing technologies (PETs) are showing that these limiting factors can be overcome. PETs can help banks and other financial institutions collaborate effectively, tackling fraud within existing privacy frameworks while simultaneously driving business innovation.

The privacy vs. innovation dilemma
Financial institutions have invested heavily in improving their skills, implementing new tools, and changing the processes and requirements to their data analysis output. This is giving them the opportunity to unlock the value contained within their data vaults.
It’s vital that financial institutions protect their customers’ data. However, stringent data protection legislation can sometimes cause issues around privacy, stemming from the consents that were sought from and given by the customer at the time data was collected. This applies to the purposes for which the data may be used and to how it may (or may not) be shared. Getting consent for as-yet-to-be-designed services, which may involve multiple institutions, is hard to come by.
Even if the data can be legitimately used, its processing must then comply with extensive security and confidentiality requirements. The onerous nature of these makes a compelling case for privacy and data security by design, as building strong privacy and security processes into a new data-driven product from the very beginning gives the flexibility that innovation requires.
PETs help address issues relating both to legitimate uses of customer data and to the security of its processing. PETs use a variety of approaches to preserving the privacy of the information. Critically, PETs enable insights to be extracted from data without compromising individual privacy, ensuring that analysis can still be conducted while safeguarding personal information.
“Fraud prevention in the digital age requires financial institutions to move beyond fragmented efforts. Privacy-enhancing technologies allow banks to share data securely, breaking down silos while maintaining customer privacy.“
Chairman of the “AI” & “Data Privacy in the Age of AI” Expert Groups, Mobey Forum
Privacy-enhancing technologies, explained
PETs can take a number of different forms1, involving different technological solutions to tackling the privacy issue. The main approaches are:
-
Encrypted analysis
PETs enable the extraction of insights from data without compromising individual privacy, ensuring that analysis can still be conducted, while safeguarding personal information. This approach allows for the secure analysis of sensitive information, ensuring that data remains protected throughout the process. The two key technologies underpinning encrypted analysis are fully homomorphic encryption (FHE) and confidential computing. FHE is a cryptographic technique that enables computations to be performed directly on encrypted data, eliminating the need for decryption during the analysis. This ensures that sensitive information remains encrypted at all times, even when being processed on the server or platform conducting the analysis. The results also stay encrypted and can only be decrypted by an authorized party, providing end-to-end data protection. Confidential computing is a cloud computing technology that protects data during processing by using hardware-based security measures. It relies on trusted execution environments (TEEs), which decrypt data solely for the duration of the computation while safeguarding it from unauthorized access by the operating system, applications, or cloud providers. TEEs ensure that the data remains secure and untampered with, within the specific analysis environment. Together, FHE and confidential computing form the foundation of encrypted analysis, enabling secure data processing while maintaining privacy throughout the entire analytical workflow.
-
Anonymized computing
This can involve a cryptographic technique that allows several different parties to jointly compute the encrypted data. This allows the joint analysis of data without it being shared and is known as secure multi-party computation (MPC or SMPC). Or it can involve the use of multiple versions of a central model that are distributed to the relevant sources, where they are trained and operate locally. This approach is known as federated learning. Federated learning is a machine learning (ML) method, also referred to as collaborative learning, that allows models to be trained across decentralized devices or data sources while ensuring that local raw data remains private and is never shared.
-
High dimensional anonymization
This has two possible implementations. The first is to create synthetic data that mimics real-world data using AI. This data has all the characteristics of real-world data but no link back to data points tied to individuals. The second implementation is to use algorithms whose outputs are designed to ensure that one cannot determine whether any individual’s data was included in the original dataset. This is known as differential privacy.
“Choosing the right privacy-enhancing technology requires a deep understanding of the specific fraud challenges a bank faces. Often, the best solution lies in blending multiple PETs to create a comprehensive fraud defense strategy.“
Chairman of the “AI” & “Data Privacy in the Age of AI” Expert Groups, Mobey Forum

Choosing the right tools: a strategic approach to fraud prevention
Banks need to give careful consideration to which PET or PETs to deploy. Financial institutions need to make decisions on a case-by-case basis, taking into account the nature of the fraud, the types of data they’re working with, and the collaborative nature of their relationships with partner organizations. Banks may also have their own internal compliance requirements that must be considered.
The questions which need to be asked include:
- Whose data needs to be processed, and by whom?
- Does the relationship between the analysis results and the data subjects in the input data need to be maintained?
- Should data from multiple controllers be processed together?
- How complex are the calculations, and how critical are non-functional aspects, such as latency?
- Is decentralized processing, where each data partner contributes to insight generation, a viable option?
- And if so, should all parties involved have access to the results of the analysis?
There are also choices to be made about the use of plug-and-play options and whether the development is led in-house or by a technology partner with security expertise.
Finally, a bank’s options are not simply restricted to choosing one type of PET to use. Rather, they can be used in combination or blended.

Case study: secure multi-party computation
Rabobank and ABN AMRO used SMPC to analyze transaction data and detect anomalies indicative of fraudulent activity2. The results were promising, with a significant increase in the detection rate of complex fraud schemes that were previously difficult to identify.
They achieved these results by sharing encrypted data and collaboratively analyzing it to detect fraudulent patterns without exposing any sensitive information. Since the actual data was never revealed during the computation process, customer privacy was preserved, and regulatory requirements met.
By pooling their data, the banks were able to identify fraud patterns that might not have been apparent from analyzing data in isolation. This enhanced the accuracy and scope of fraud detection.
Conclusion
The financial services industry is at a turning point. Modern data processing and AI require large-scale collaboration with more stakeholders, yet financial institutions also face increasingly complex data privacy regulations driven by consumer protection. The key challenge is how to use data more effectively to detect fraud without compromising privacy.
To break free from the innovation-versus-privacy dilemma, financial institutions must adopt a new approach. PETs are a vital strategic tool for financial institutions. Different approaches that fall under the PET umbrella can be used singly, or together, as part of the toolkit for combating fraud, an issue of increasing concern in the payments and banking world.
Fraudsters collaborate seamlessly, but banks’ efforts to tackle fraud and share intelligence remain fragmented. PETs are breaking down barriers, empowering banks to unite in the fight against financial crimes. By leveraging these advanced technologies, institutions can move from working in silos to collective, secure solutions that not only enhance fraud detection but also protect customer privacy. A new era of collaboration and innovation is reshaping the battle against financial threats.
Key takeaways
- Integrating PETs into financial institutions’ operations is a strategic imperative. By leveraging PETs, financial institutions can enhance their fraud detection capabilities, ensure compliance with privacy regulations, and maintain customer trust.
- Financial institutions need to join forces and share collective intelligence to stay ahead of organized criminal networks. PETs provide a tool for doing this withing existing privacy frameworks.
- Financial institutions should carefully assess which PET or combination of PETs is right for them in the context of what they are trying to achieve, their technical capacity, and the partners they want to work with.
-
The Digital Banking Blindspot, Mobey Forum 2021
-
TNO, Rabobank and ABN AMRO work on privacy-friendly data analysis, March 2021
Share this article
Don’t miss out on the latest articles in G+D SPOTLIGHT: by subscribing to our newsletter, you’ll be kept up to date on latest trends, ideas, and technical innovations – straight to your inbox every month.