Unlocking New Data Sources Using“Zero Trust” Security for the Financial Services Industry
One of the key challenges facing chief data officers, data scientists and chief risk officers in regulated industries has been the difficulty in improving model score performance using new or “alternative” data sources. Strict data governance policies regarding testing new data sources are holding back financial services organizations from reaching new customers, assessing underbanked consumers and reducing potential fraud.
The process of data collection and data sharing, especially in regulated industries, has beenfraught with inefficiencies for years. As I wrote back in April, “A company’s ability to ingest or share data is typically a drawn-out process because there’s overhead involved in establishing trust.”
What’s needed is a new approach to data collaboration;one that frees organizations to easily pursue alternative data. That change is Zero Trust and it can’t come soon enough. Let’s take a look at the current environment, and how to overcome some of the obstacles involved.
How is Trust established today?
Up to now, organizations have had to rely on legal contracts to establish trust. Those contracts are nice in theory but only offer liability protection when an issue is discovered. It’s the burdensome process of information security and business background checks behind those contracts that work to ensure data governance processes are trustworthy. Consequently, for companies in regulated industries, it can take up to a year to onboard a new data partner before the data of interest can even be evaluated. It is common for a data sharing project to take anywhere from six weeks to six months.
Personally Identifiable Information (PII) and Consumer Trust
As the identity ecosystem matures, the lines between privacy, security and identity become blurred. The importance of being able to ensure consumer trust and provide transparency regarding how consumer data is used can’t be overstated.
Consumers need their identities protected, as exposed PII is not only a privacy concern, it can lead to various forms of fraud being carried out. The combination of already strict regulatory requirements for data use and new regulations designed to protect consumers’ identity demands that a new method of data sharing is required.
What’s the Opportunity for Financial Services Organizations?
In the financial services world, organizations have depended on traditional credit bureaus for data to drive risk models. But there are limits to the data that’s available that drives organizations to look for alternative sources of consumer data.
- Finding more customers:Banks, insurers, and lenders are seeing many different ways to measure credit worthiness of what are called "thin file" consumers -- those who lack traditional credit scores and backgrounds. Using alternative data sources, like rental payments, can offer organizations access to more customers.
- Creating a better user experience: Predictive and descriptive models can help inform a user experience, critical to reducing application abandonment. Appending scores or attributes that represent consumer preference is one of the more significant opportunities for building a better customer experience.
- Test new data faster:Financial companies already know that negotiating trust and applied security between each sharer, if done separately for each partner, takes far too much time and resources.
With so much of current data collaboration processes leaving financial services firms struggling to complete, now is the time to turn to crypto-identity and infrastructures that deliver on “zero trust.” The opportunity here to hide personal details, and move data securely at scale is tremendous.
The Future is Zero Trust?
A secure data exchange can be a critical component of a modern and compliant data collaboration architecture. Two essential tenets of privacy protection need to be addressed in next-gen solutions.
First, that personal identity data is not disclosed during the sharing of data. Cryptography can be an effective technique to block exposure of sensitive data. This breaks the current dependency on sending files that include PII to a partner or a third-party to be matched, even encrypted files don’t provide adequate protection.
Second, and historically more challenging, is that re-identification needs to be prevented. What this means is you need to communicate information about shared identities but block partners acquiring identifying information they did not already have.Propagation of consumer identity outside of consent has been plaguing the industry for decades.
....-->One of the key challenges facing chief data officers, data scientists and chief risk officers in regulated industries has been the difficulty in improving model score performance using new or “alternative” data sources. Strict data governance policies regarding testing new data sources are holding back financial services organizations from reaching new customers, assessing underbanked consumers and reducing potential fraud.