July 20, 2022
by Greg Woolf
When harnessed correctly, collaboration is an extremely powerful tool. It drives innovation, increases chances of success, improves communication...the list goes on. But did you know that collaboration is also the financial services industry’s best line of defense when it comes to meeting one of its greatest challenges – detecting digital fraud?
While digital fraud isn't new, incidents grew to new heights during the pandemic, making it a key issue and one that financial institutions are struggling to tackle. A powerful tool for stopping fraud is collaboration, but banks have been reluctant to share information thanks to legal, competitive, and technological concerns. In fact, information sharing between financial institutions, even today, is virtually non-existent.
Thanks to Confidential Computing, however, that’s about to change. Up until now, there have been protocols to protect data in transit (moving over a network connection) and at rest (in storage and databases). What's been missing is the ability to protect data in use. Confidential Computing changes the game by protecting data during processing or runtime in impenetrable hardware memory, called "enclaves."
It Takes a Village
Confidential Computing is not driven by any single organization but rather by a group that includes technology leaders, academics, government regulators, and non-profits. Intel® has played an integral role in introducing Intel® Software Guard Extensions, a core component of Confidential Computing’s infrastructure. It also helped launch the Confidential Computing Consortium, which brings together hardware vendors, cloud providers, and software developers to accelerate the adoption of Trusted Execution Environment (TEE) technologies and standards.
Confidential Computing at Work
Confidential Computing helps secure sensitive information by tackling three challenges financial institutions have struggled to address.
1. Ceding Competitive Advantage
While the threat of digital fraud is very real, banks have resisted sharing information with competitors or regulators. By being more concerned about surrendering a competitive advantage, they’ve failed to realize how shared intelligence will allow them to detect fraudulent activity within their portfolios.
Confidential Computing eliminates these concerns by empowering businesses to share sensitive data without giving competitors an advantage. For example, FiVerity uses Confidential Computing in its Digital Fraud Network to secure sensitive financial information. Once information is secure and accessible, customers can share critical yet limited fraud intelligence with fellow institutions. The network does not give a bank carte blanche to look at all fraudulent activity identified by another bank. Instead, banks get notified of fraudsters who have been identified by other banks in the network which are either trying to become a customer or are already present in their portfolio.
2. Maintaining Reputation
The fear of internal leaks, external hacks, and the resulting reputational damage keeps security teams up at night, but harnessing Confidential Computing helps to give them a good night’s sleep. Secure hardware-level encryption enclaves protect sensitive information from malware and data breaches at the network, application, and operating system levels. It even protects the data from administrators who have physical access.
Trusted execution environments (TEE) protect data and code even if the compute infrastructure is compromised. TEE uses hardware-backed techniques to protect data from sophisticated hacking attempts and common theft, such as stolen laptops.
3. Respecting Customer Privacy
In addition to data encryption, Confidential Computing also gives users a higher degree of control over the information being shared. As a result, it's far less likely that inadvertent violations of privacy requirements occur.
This control appeases regulators that are calling for banks to share more information in an effort to stop digital fraud. The Federal Reserve put it best when it stated that "no single organization can stop wide-ranging, fast-growing synthetic identity fraud on its own. It is imperative that payments industry stakeholders work together to keep up with the evolving threat posed by synthetic identity fraud, which includes anticipating future fraud approaches."
Financial services companies have been slow to take the necessary steps to address the growth of digital fraud. But the answer is here. Confidential Computing makes collaboration a powerful tool in the fight against fraud while resolving issues around data privacy and competition. All that’s left now is for financial institutions to take the first step to a more secure, collaborative future – powered by Confidential Computing.