In October, C.B. Insights announced the largest fintech hackathon in the world.
C.B. Insights is a global business analytics platform and one of the biggest market intelligence databases for private companies and investor activities.
Even though FinTech technologies are not at the center of my professional focus, I wanted to see the challenges financial institutions face.
So, to find out, I registered for the event.
Most of the presented challenges simply aimed to improve various existing services. However, one challenge was close to my interests – a Privacy-Preserving Fintech Market place.
The Problem
The problem the organizers wanted to solve was: “How can consumers discover new fintech products while preserving privacy and limiting unnecessary data sharing?”
Currently, when a customer looks for a financial service like a credit card or a loan, they have to search the different providers’ websites, and then in order to be approved, the customer needs to send personal data to each of them. This personal data stays with the institutions even if they did not approve the customer. The customer has no control of who accesses the data, how it is handled, or how it is used later.
This challenge resonates well with Swisscom’s research in the space of Confidential Computing. We are a founding member of the Confidential Computing Consortium, and we are developing new products with startups like Decentriq and Secretarium. Our current focus is on Trusted Execution Environments, but there are other forms of Privacy-Preserving Computing – like Federated Learning and Homomorphic Encryption.
I waited with interest for a few days to see if there will be a project for this challenge. Surprisingly, there were none, and I decided to participate. I have built a mock-up of a fintech marketplace called DataSpot to visualize the concepts of Distributed computing and Federated Learning.
The Solution
The solution I proposed flips the current workflow. First, it works as a catalog collecting all financial offers in one place. And then, it checks the customer’s eligibility locally. Instead of sending the data for approval to the institutions, DataSpot downloads the bank algorithm to the customer’s device and runs it there.
The applicant enters all the personal data that is needed for the evaluation and can be sure that it will not leave their device. For additional privacy, the customer could even turn off their computer or mobile phone’s connectivity during the local evaluation process. Security companies can audit the actual implementation to make sure no personal data is leaked.
If the local algorithm approves the application, the user can proceed and apply for real with the bank and share their actual data.
Data Utilization
And this is not all. Many financial institutions are using customer data not only for approval but also in operations – to improve their fraud detection algorithms or service offerings. Some companies are also outright selling their customers’ data to third parties.
The customers do not directly benefit from the usage of their data, nor do they have any control over how it is used down the road.
DataSpot provides additional functionality to address these challenges. Its data mining capabilities are based on federated learning.
Federated learning is a form of Machine Learning gaining traction in privacy-preserving computation. A federated learning model is first trained separately at each customer device and then is aggregated at a central location. This way, no raw data leaves the customer device.
Companies like Google and Apple already use federated learning. Every time you use your phone’s keyboard, it trains a local algorithm for auto-correct and sends it to the vendor’s servers. There it is aggregated with the model from other users and is sent back to your phone.
You have no control of the process, and your contribution is kept in the vendor’s ecosystem. But what if the customer wants to do this training for a different company? What if you want a reward for your contribution?
With the solution I presented, the customer receives an invitation to participate in research. If they decide to join, they download the “blank” model, train it locally and send it back. The training could take several iterations so it could be automatically scheduled, and the customer could be rewarded.
I also showed an additional mechanism for privacy-preserving, called Encode-Shuffle-Analyze (ESA). One problem with Federated Learning is that in some cases, the partially trained models can leak some confidential data (imagine for example you are being the only participant in a study, then it is clear that all of the collected data has had to come from you). ESA solves this by creating intermediate storage (“bucket”) where the models are stored until a predefined number of samples is collected. For example, 25 or 50 customers’ models need to be collected before the batch is sent to the analyzer. And the models are encrypted with a key that the bucket cannot decrypt.
The outcome.
My project was selected in the final five, and I presented it at the Future of FinTech Conference. After the final voting, the audience selected my prototype as one of the two runners-up.
Even though I did not win, I was able to raise awareness about the challenges Swisscom is facing as our customers become more privacy-aware and show the business opportunity to rebuild the fintech ecosystems on the solid foundation of data privacy and data ownership.
Here is a link to the presentation and the video of the prototype.
P.S.: Why DataSpot?
As you probably know (if you are nerdy enough),
Data from Star Trek had a cat. The cat was called Spot.