The research arm of payment card giant Visa has published a paper describing the development of LucidiTEE, a blockchain system for orchestrating sensitive data among multiple parties.
For example, the paper outlines a system that would allow banks and fintech applications to share data without relying on intermediary data aggregators.
While Europe has relied on legislation like GDPR to set standards for securely sharing customer data, US banks had to develop agreements with data aggregators.
Visa, the world’s largest card payment network, has been quietly developing a blockchain system that could upend how banks transfer customer transaction data to consumer financial applications like Mint and Credit Karma.
In a paper published by Visa’s research and development arm, researchers describe a system called LucidiTEE. It outlines a system for sharing sensitive personal data on a blockchain, crunching that data within a trusted execution environment (TEE) and using history-based policies to ensure that each of the parties receive an output of the computation. (The system’s name is a combination of TEE and the word lucidity).
The first application of LucidiTEE is sharing data between customers and financial apps. Such a configuration might spell trouble for aggregators like Plaid, Envestnet Yodlee, Finicity, according to people familiar with Visa’s thinking.
LucidiTEE could also allow banks to share data to train machine learning algorithms for tackling fraud or keep financial data tracking apps from selling anonymized customer data to tech giants like Google.
Visa did not respond to multiple requests for comment.
The paper, published on the Cryptology Eprint Archive, describes LucidiTEE as “the first system to enable multiple parties to jointly compute on large-scale private data, while guaranteeing policy-compliance even when the input providers are offline, and fairness to all output recipients.”
Visa was a founding member of the Libra Association until it dropped out right before the association launched. The financial services giant has also experimented with a blockchain-based business-to-business payment service originally developed alongside blockchain startup Chain. It is designed to perform international business transfers without the help of a typically slow correspondent banking network.
Visa Research produces work for the entire security and cryptography community, so the research could be taken up by a rival firm. But Visa can profit off of the intellectual property in the future.
The system was tested on Tendermint and Hyperledger Fabric, both available in the public domain. But it can also be used on a forkless public blockchain using a proof-of-stake consensus system, like those on Algorand or Ethereum 2.0, which is scheduled to arrive next year.
The trouble with aggregators
While the paper is undergoing a peer review process and is subject to changes, it illustrates Visa’s desire–like most large financial firms–to be able to not have customer data touching multiple different companies and to allow consumers to get closer to controlling their data.
Fintech apps have encouraged banks to work with third-party data aggregators to pull, clean and normalize financial transaction data from customers. The philosophy of the “open banking” movement is for banks to share data with fintech apps offering services direct to consumers.
Data aggregators have become a key part of the banking system because millions of consumers are using applications like budget tracker Mint, micro-investing tool Acorns and peer-to-peer payment app Venmo. San Francisco-based Plaid, the largest of these aggregators valued at around $2.56 billion, powers several personal financial apps, as well as cryptocurrency exchanges Gemini and Coinbase, to be able to access consumers’ financial data.
Data aggregation startups popped up as an alternative to screen scraping, where customers would give fintech applications sensitive login credentials for those apps to then scrape customer transaction data, said Brian Knight, senior research fellow in the Financial Markets Working Group with the Mercatus Center at George Mason University.
Banks were still reluctant to share information with aggregators until the passage of the Dodd-Frank Act which required financial institutions to make consumers’ records available in an electronic format. Aggregators argued they were the consumer’s agent. The U.S. Treasury Department sided with the aggregators in a recent fintech report, but the Consumer Financial Protection Bureau hasn’t commented on the issue, Knight said.
In place of regulation like Europe’s General Data Protection Regulation (GDPR), banks and data aggregators have formed informal and formal agreements about how the aggregators would handle customer data. Banks are selective about this process, however. When two parties differ on data-sharing standards, banks have been known to cut off aggregators, stopping customers from accessing financial apps.
For LucidiTEE to work in the customer transaction data space, the industry would also need to adopt a common data categorizing standard that every entity would need to follow. In deciding whether or not to take the leap, banks would need to weigh the cost of sticking with data aggregators or integrating into a new system, according to Knight.
“Part of the problem with blockchain adoption is that it seeks to remove intermediaries, and while intermediaries can charge rent, they can also add value,” Knight said.
After reviewing Visa’s paper, Salt Lake City-based data aggregator Finicity said the proposed system would not provide the level of service that data aggregators provide today.
“It is simple when described as an exchange of data, but when you layer on the multitude of use cases, data intelligence, variances in data, security, privacy, regulation and more, it becomes much more sophisticated,” Nick Thomas, co-founder of Finicity, said in an email.
Thomas said that Finicity, a founding steward of the ID-focused Sovrin Foundation, is looking at blockchain for data privacy, however.
“It is always about giving consumers more granular and secure control over their financial data, and doing so in a way that they can be more informed and make smarter financial decisions,” Thomas said.
LucidiTEE enforces history-based policies–similar to smart contracts but with the ability to read the entire blockchain. That ensures that, even when users are offline, their information is not computed in a way they did not authorize.
The paper assumes a “malicious setting.” The system it describes uses protocols to ensure outputs are sent to every party has been given access to outputs. The blockchain would act like an escrow account where users would put the policy they’d like to enable, like sharing encrypted data to Mint in return for charts showing where the consumers spent money.
According to the paper, LucidiTEE’s blockchain ensures the trusted execution environment — an encrypted domain where computers crunch sensitive data — only does certain computations. In this way, the company holding the TEE can’t tamper with it, and every party on LucidiTEE doesn’t have to run a TEE.
The ledger then stores all cryptographic hash digests of encrypted inputs and outputs as well as what functions were run, for history-based protocols to review when the next computation is done.