Deep Dive: How Privacy-Enhancing Technologies Can Ease Customers’ AML/KYC Confidentiality Concerns


Online privacy has become a hot-button issue in recent years, with individuals looking for ways to protect their personal information not only from fraudsters but also from the banks and businesses with which they transact.

One study found that 86 percent of Americans have attempted to shrink their digital footprints, fearing that corporations could leverage their personal data for targeted marketing or — worse yet — that fraudsters could seize it in a data breach. Even government-operated services are viewed with suspicion, with 64 percent of Americans saying they do not trust federal agencies with their personal information.

Businesses looking to improve their anti-money laundering (AML) and know your customer (KYC) protocols are thus faced with a significant challenge when it comes to protecting customers’ privacy. They must convince customers to provide said data to screen them for fraud and money laundering risks, but they also need to shield these details from data breaches and other cyberattacks. Many companies have found that bolstering the latter capability goes a long way toward building consumers’ trust and convincing them to more willingly provide access to the necessary data.

The following Deep Dive explores consumers’ general privacy concerns as well as how businesses are working to protect their data from cybercrime and build trustworthy relationships with their customers.

Why Consumers Distrust Businesses With Their Data

A major consumer fear is having personal data, including their names, passwords, email addresses and Social Security numbers, leaked in data breaches. Fraudsters use stolen data to perpetrate identity fraud or to stage account takeovers (ATOs), which can be particularly troublesome because 65 percent of users recycle passwords across numerous websites. This means that a single data breach that compromises just one account could jeopardize them all, with fraudsters deploying artificial intelligence (AI) algorithms to systematically test thousands of username-password combinations to find a match.

Some data breach dangers may stem from customers’ subpar password hygiene, but they still tend to hold companies responsible for these breaches regardless. Sixty-five percent of consumers say they would not continue using merchants after experiencing data theft or fraud on their server, with this number increasing to 72 percent among low-income customers and 80 percent among baby boomers and seniors. Only 51 percent of consumers said they would be forgiving of companies that reacted quickly to data breaches, meaning that businesses with the best chance of retaining customer trust are those that proactively work to stop breaches before they happen rather than just pick up the pieces afterward.

These businesses are faced with the dual task of protecting consumers’ data and examining it for AML/KYC purposes. Improving compliance without sacrificing privacy is a tall order for these organizations, but it is not an impossible one.

Ensuring AML Compliance And User Privacy

On the surface, AML and KYC procedures and user privacy seem fundamentally incompatible. The former relies on examining consumers’ data for signs of potential money laundering while the latter keeps their data as far away from companies — and, by extension, potential fraudsters — as possible. Many businesses are attempting to square this circle with privacy-enhancing technologies (PETs), which can come in many different forms.

One of the most promising is secure multiparty computation, a form of data encryption that entrusts separate pieces of user data to a third party for analysis rather than keeping them all on a company’s server. This trusted third party then analyzes the data for potential signs of money laundering or fraud but does not keep the data on its own server, severely limiting the potential for a data breach.

Another PET that banks and businesses are deploying for secure and private AML and KYC analysis is homomorphic encryption. This allows organizations to encrypt data and analyze it without decrypting it, which is a necessity for most forms of secure encryption. Homomorphic encryption ensures that raw data is never exposed, even during AML and KYC examinations, and any potential data breach will yield only useless fragments of code rather than actionable data like account numbers or passwords.

Both of these privacy-enhancing technologies are still relatively new in the AML and KYC world, which means they factor into relatively few use cases. They are rapidly gaining steam as customers grow more privacy-aware, however. They may be challenging and expensive to implement, but these costs and concerns are nothing compared to the price of a data breach.