Duality Technologies, a provider of privacy-enhanced data collaboration solutions, today released Inter-Bank Privacy-Enhanced Information Sharing: Fraud Detection and Prevention a report authored by financial services advisory firm Aite-Novarica. The report analyzes how Canadian financial institutions can engage in information sharing based on privacy-enhancing technologies (PET) to mitigate the rapid rise in digital fraud, which is double the global average in Canada. The research estimates such collaboration could save the top seven Canadian banks hundreds of millions of dollars per year at the very least.
Fraud grew exponentially during the pandemic as the expansion of digital banking services provided an ideal camouflage for fraudsters. The rate of suspected digital attempts against Canadian financial services companies increased by 218 per cent in the first four months of 2021 over the last four months of 2020. As of 2019, the estimated cost to Canadian financial services firms was CA$2.96 billion, and this only takes into account known actions.
For years, banks have been acquiring solutions to help them deal with growing challenges, fuelling a market for detection and prevention products estimated in 2020 at CA$8.62 billion. However, the report determines that currently, banks are primarily investing in internal approaches to address a shared problem that is best solved by working together.
It concludes that in an interconnected banking ecosystem, collaborating on account and transaction data is the only effective way to detect and prevent fraud which is often perpetrated across multiple banks using compromised identity information. Analyzing this type of data is ideal for detecting various types such as synthetic identity, bust-out, and ATO (account takeover) and can be executed in order to help uncover attempts to prey on customers of multiple financial institutions.
The report highlights the use of information sharing solutions based on homomorphic encryption (HE) for privacy protection, as a key enabler of inter-bank collaboration for fighting fraud. Using HE, banks can encrypt data and share it with peer institutions for analysis and querying, while protecting banks’ and customers’ interests and remaining compliant with strict privacy regulations.
Canada’s banks are subject to PIPEDA, which allows data sharing to protect the public interest – in particular for fraud prevention. By using PETs to secure sensitive information and personally identifiable information (PII), information sharing can help banks gain the upper hand in the fight while overcoming their hesitance to share their most guarded information while mitigating legal, business, and data privacy concerns.
Alongside an evolving landscape, the shift toward open banking and payment modernization has led financial services executives to recognize the need for modernizing their detection and prevention programs in a comprehensive manner. Increased competition in the banking sector has been squeezing profit margins, making it more difficult for banks to absorb losses from fraud as a cost of doing business and accelerating the need to develop prevention initiatives. As part of the report, Aite-Novarica surveyed anti-fraud executives at Canadian financial services companies and found that the overwhelming majority of these executives are either “likely” or “very likely” to seek to transform their capacity to mitigate risk over the next one or two years.
“Privacy-protected information sharing enables Canadian banks to move beyond inward-focused approaches and tackle the country’s skyrocketing fraud problem collectively,” said Dr. Alon Kaufman, co-founder and CEO of Duality Technologies, which in October announced a $30 million Series B round. “If banks continue with business as usual by only processing fraud-related data internally behind lock and key, they risk significant reputational and financial damage as fraud continues to grow. Adapting innovative, collaborative, fraud-fighting processes as soon as possible will immediately impact the effectiveness of their anti-fraud efforts while ensuring regulatory compliance and preserving their customers’ privacy.”
“Banks must have access to a broader array of customer data to analyze patterns, behaviors, and incidents of fraud; to score risk properly and to detect fraud occurring at their bank as well as others,” added Tari Schreider, strategic advisor – Cybersecurity Practice, Aite-Novarica Group. “In the world of open banking, new threat vectors will emerge, which will require banks to expand their risk horizon across account and device data held by other banks.”