In this interview, we speak with Søren Eller Thomsen, Cryptographic Engineer, and Mark Medum Bundgaard, Chief Product Officer at Partisia, to explore how MPC is transforming fraud detection, enabling GDPR- and PSD2-compliant data sharing, and preparing financial systems for a quantum-secure future. From cross-bank collaboration to secure DeFi infrastructure, they share insights on the real-world applications of privacy-enhancing technologies.
How does MPC allow multiple banks to share transaction data for fraud detection without ever exposing sensitive customer information?
MPC is built on a cryptographic technique called secret-sharing. This technique allows an entity (such as a bank) to split a piece of data up into a set of different pieces known as secret shares in such a way that no unqualified set of shares reveals anything about the original data.
MPC allows to compute any function over such secret shared data. For the case of fraud detection or money laundering detection, this means that if banks collaborate and secretly share information about transactions related to accounts they hold, then they can compute on a combined data set spanning the complete picture rather than just the information available to each of them.
Notably, this computation can take place without any of the banks participating in the computation being able to see the complete data set (as these will only ever see an unqualified set of secret shares of the data set). This allows the detection of advanced fraud schemes or money laundering schemes where money is transferred through multiple different accounts residing in different banks. Further, the computation can be designed to only reveal the relevant information to the banks where the potentially fraudulent account is actually residing. Thereby, no personal information is ever revealed to a bank where the person is not a customer.
In your partnership with Digital Platformer, what were the key technical challenges in integrating cross-bank data using MPC and how did you overcome them?
Our partnership with Digital Platformer focuses on finding information while computing on encrypted data from multiple sources, in this case potentially multiple banks trying to find mule accounts or doing advanced statistical analysis on bank transactions. Some of the key challenges have also been working with many different types of data, which do not currently follow any standards, and of course also coordinating with the authorities on implementation of new technologies.
How does MPC-based fraud detection compare in speed and accuracy to traditional single-bank systems?
The biggest selling point of an MPC based fraud (or for that money-laundering) detection mechanisms is the increase in accuracy. First of all, as the “complete picture” can be computed this allows to capture advanced fraud schemes involving multiple different banks which traditional fraud detections systems simply cannot detect. However, not only can the number of false negatives be reduced, demonstrations have shown that utilizing the complete data set spanning across multiple banks can also reduce the false positive rate. Note that reducing the false positive rate, directly translates to increased profit as the costly burden associated with the manual inspection of a flagged transaction is reduced.
Naturally, there is computational overhead associated with computing on secret shared data compared to computing on clear text data. However, over the last 35 years MPC has matured to a point where this no longer prohibits even large scale computations to be done. Additionally, by designing the MPC based fraud detection system smartly this can to a large degree be mitigated. For example, one can use MPC to precompute precise risk scores for accounts that local fraud detection systems can then take into account when making immediate decisions (such as if a transaction should be blocked).
With GDPR and PSD2 in mind, how does Partisia’s MPC approach ensure regulatory compliance while enabling enhanced security?
GDPR imposes stringent requirements on how user’s data is governed whereas PSD2 mandates the use of advanced fraud detection systems in the financial sector. MPC allows to balance privacy of the data while preserving its utility and is therefore a useful tool to stay compliant with both.
Can you explain how secure DeFi applications are powered by MPC and what benefits this brings to users?
Blockchains enable DeFi applications to be built as the integrity of the interactions and transparency of this is guaranteed. However, for many applications in finance this is not sufficient – confidentiality is also needed and this is exactly what MPC can add to the mix. This is crucial for for example sealed bid auctions or swaps without front-running.
As quantum computing advances, how is Partisia building quantum-resistant MPC solutions to safeguard financial data for the future?
Compared to a lot of other companies developing advanced cryptographic protocols, we are actually in a very fortunate position as the core of our MPC protocols enjoy a property called information security which by some is also referred to as “ever lasting security”. That is, the core of our protocol is based on information theory rather than computational hardness assumptions. In particular, it is proven to be secure independently of future breakthroughs in computing (such as a full scale quantum computer).
What performance optimisations have you introduced to make MPC practical for high-volume, real-time financial applications?
Partisia’s current MPC protocol is based on more than 35 years of research within the field and has been optimized to the extreme. Pinpointing all of that is probably too much detail for this medium, but a particular optimization that has revolutionized the practicality of MPC is something called preprocessing. This allows nodes in the system to collaborate to prepare cryptographic material before the specific computation is even known. Now, when the computation is deployed this carefully correlated cryptographic material can then be used by the nodes to significantly speed up the actual computation time itself.
Looking ahead, which new use cases for MPC in the financial sector are you most excited about, and how is Partisia preparing to support them?
MPC and PETs in general opens up for many new possibilities in data sharing between regulated institutions, this type of data sharing should provide a whole new possibility of fighting fraud, or doing KYC across many entities. But just imaging being able to stop complex fraud transactions and provide visibility to other parties (Banks, Insurance, etc.) that this behavior is fraudulent, will provide a whole new means of protecting individuals around the world.
