Privacy-Enhancing Technology | QEDIT

Privacy-Enhanced Collaborative KYC

Background

Amassing KYC data is a top priority for any FinTech company, and not just due to legislation that mandates its collection for AML authorities and other financial regulatory bodies.  Sensitive user data provided for KYC checks has become a core business asset, but also one that has become increasingly difficult to leverage due to privacy regulations which restrict companies from sharing personally identifiable information (PII) about their users. 

How can companies leverage their KYC data to facilitate commercial growth, without sharing sensitive customer information?

Fintech companies that wish to broaden their consumer product offering through new business partnerships and services have a conundrum: on the one hand, they’re keen to increase revenue streams and expand their customer base through the sale of new products; on the other, financial service partners need to conduct their own KYC and perform independent credit and risk assessments, even if their products are integrated into a platform that is owned and operated by a third party.

 

Fintech companies in this scenario face a major constraint — they cannot engage in commercial ventures that require the disclosure of their KYC data because it violates user privacy, and they cannot share sensitive information about their customer data because it could result in poaching and a potential loss of business down the road.

HomeCollaborative KYC

Solution Description

QEDIT’s collaborative KYC solution employs zero-knowledge proof cryptography to help businesses share insights based on confidential customer data while preserving user privacy and protecting sensitive business information. At their core, zero-knowledge proofs allow one party (the prover) to confirm the veracity of a statement to another party (the verifier), without revealing any underlying data about the statement.

 

Using QEDIT’s enterprise KYC solution, FinTech companies can leverage their customer data through the use of zero-knowledge proofs, and offer users third party services without exposing sensitive customer information to the service provider.   In this context, a QEDIT “proof-generation” node maintains a predefined list of conditions that must be satisfied in accordance with the service provider’s KYC rules. When an end-user attempts to purchase the service within the FinTech company’s platform, the node runs a KYC query, and generates a zero-knowledge proof that attests to the veracity of the answer provided.

 

The service provider then verifies the zero-knowledge proofs thus guaranteeing that all KYC conditions were successfully met prior to the authorization of a transaction. Similarly, zero-knowledge proofs can be used to validate a credit and risk score based on private information about the customer’s historical financial standing. No real-world user identities or personally identifiable information (PII) are shared with the service provider in either of these instances.

 

QEDIT’s solution can be integrated with 3rd party KYC screening services and can also leverage other privacy-enhancing techniques such as ‘private set intersection’ to support blacklist management. In this case, cryptographic commitments based on customer records can be compared to cryptographic commitments based on blacklisted individuals. When matches occur, participating businesses and financial institutions can be immediately notified of suspicious activity or individuals, without violating data privacy regulations.