Adi Ben-Ari, Founder and CEO of Applied Blockchain
In recent years, open banking has increasingly gained traction as a means to speed up and simplify transactions for both consumers and businesses. Connecting banks, third parties, and technical providers, the simple and secure exchange of financial data provided by open banking marks an innovative development in financial technology.
Despite the obvious benefits, some aspects of open banking can pose substantial privacy risks. Addressing these risks is crucial to harnessing the considerable potential of open banking technology in a secure and confidential way.
What is open banking?
Open banking is an initiative which provides third-party financial service providers with access to an individual’s financial data from banks and other financial institutions through application programming interfaces (APIs). This allows third parties to offer new services to customers based on their financial data, such as tailored product recommendations, checking eligibility for loans, or proof-of-funds checks.
One example of this might be migrating from one current account provider to another. Previously an onerous and time-consuming process, open banking facilitates a seamless transition based on shared financial data. Where the customer would have been tasked with transferring information such as direct debits, standing orders, and other bill payments from their old account, with open banking, the entire process lies with the providers themselves, resulting in a swift, seamless, and comprehensive transition.
What are the current risks?
Despite the considerable advantages of open banking in increasing efficiency and enhancing fraud prevention, there are a number of security risks associated with the potentially unfettered access to sensitive data provided by the system. Users are asked for consent when sharing their data with third parties, yet this generally follows an all-or-nothing approach, with blanket access to all their financial data granted for up to 90 days.
By sharing data via an API, third parties have access to an individual’s data for a specific timeframe, before permission has to be obtained again. The issue is that some of those third parties may not have the same data security frameworks in place as established institutions or banks who depend on
rigorous safety measures. This essentially widens the attack surface on the data in question and exposes it to increased risk and misuse.
Accessing proof without sharing data
Finding a solution that allows open access to sensitive financial data without compromising on privacy and data security is vital to ensure that the potential of open banking can be reached fully.
One way to achieve this is to evaluate the data without having to move it. Rather than exhibiting the raw information to different parties, checks such as proof-of-income can be obtained while restricting access to the data itself.
Applied Blockchain has developed a technology called SilentData, which allows for these proofs to be extracted securely, using Intel’s Software Guard Extensions (SGX) technology. SilentData extracts sensitive information from the bank and places it into an Intel SGX ‘enclave’. Data in the enclave is shielded from the processing party, i.e. SilentData, providing only the necessary information, such as verified proof of funds for a future purchase or loan.
Protecting sensitive information on the blockchain
As more and more transactions take place on the blockchain, SilentData can provide a similar solution. Blockchains are immensely effective at providing fast and direct information exchange, while their decentralised nature makes it difficult to change locked data histories. With this distributed security comes a lack of data privacy, as all parties with access to the blockchain can view stored information.
This is especially damaging when the data in question is of the sensitive financial kind needed for purchases such as NFTs, which may be bought with fiat currencies. In order to complete these transactions, a proof of funds can often be required. Rather than transferring confidential data onto the blockchain, SilentData can provide the proof without sharing the underlying data itself.
By facilitating these proofs without compromising data privacy, Applied Blockchain and Intel have together developed a new and sustainable way to utilise the convenience and utility of open banking, whilst plugging the security gap left by sharing data with third parties. SilentData is the tool to enable sustainable innovation in open banking while solving the privacy challenge for blockchain technology.
