Why Financial Services Needs to Embrace Confidential Computing
July 11, 2022
While financial data has always been considered sensitive, the growing array of companies working with sensitive data has brought new attention to this issue.
Financial institutions are one of the most sought-after targets of hackers due to the vast amount of critical customer data they process. Any loss of personally identifiable information (PII) can result in lawsuits, fines and irreparable brand damage.
For this reason, the financial services industry is often hesitant to share data and collaborate. With digital fraud growing rapidly since the onset of the pandemic, however, it’s time for financial institutions to reassess their options.
Confidential Computing is a new approach to data encryption that gives the financial industry the power to protect PII and fight digital fraud through collaboration.
The Value of Confidential Computing
Although protocols exist to protect data in transit (moving over a network connection) and at rest (in storage and databases), only Confidential Computing addresses critical data security by encrypting data in use — during processing or runtime.
Sensitive data is processed in fortified hardware memory called “enclaves,” which deny hackers access to the data, even if the infrastructure is compromised. This allows enterprises to run sensitive applications on the cloud or other hosted environments, as the risk of malicious or unintentional breaches is essentially eliminated.
The Growth of Digital Fraud
With the onset of the pandemic in 2020, financial institutions rushed the development of online services to make banking accessible to locked-down consumers.
The downside of this digital shift was the creation of new opportunities for fraudsters to steal PII. According to a recent study by the Identity Theft Resource Center, 1.5 billion PII elements were exposed in the past three years alone.
The availability of PII presents several opportunities for cybercriminals. They can use full sets of customer information to open new accounts or stitch together various elements to create entirely new profiles, known as synthetic identities. The 2021 Synthetic Identity Fraud Report found that U.S. banks lost $20 billion in 2021 due to synthetic identity fraud (SIF) alone.
Whether using the sensitive information of one person, or an amalgamation of several people, PII is the key that criminals use to unlock a wealth of fraudulent opportunities. Fortunately for financial institutions, Confidential Computing not only protects PII from the risk of exposure, but it also enables a new approach to fighting digital fraud – sharing intelligence on fraudulent profiles across banks.
Protecting PII and Fighting Fraud
Once fraudsters steal PII, they use it to create fake accounts, take out loans and open numerous lines of credit. Regardless of which approach they take, they’re able to re-use the same information to commit fraud at multiple banks, who are none the wiser.
Why? Because even if the financial institutions suspect, or discover, that the PII is fraudulent, they can’t flag it with their colleagues at competing banks due to fears of violating privacy laws, data leaks or putting themselves at a competitive disadvantage.
This is why confidential computing and its ability to encrypt data during processing or runtime is so important. It allows financial institutions to inspect the information for fraud markers and share their findings anonymously, without the risk of exposing PII in the process. This approach emboldens financial firms to collaborate in the fight against digital fraud, eliminate duplication of effort, and assist regulators and enforcement with greater ease.
The technology has already found success in industries such as healthcare, and the same success now needs to be replicated in the financial services space to protect PII. It has the potential to be the driving force that helps to improve the detection of digital fraud and reverse the rise in digital fraud.