Secured Customer insights through Zero Knowledge Proof (ZKP) Data Vault

TL; DR: ZKP Data Vault, powered by AI and ML, facilitates data collaboration among related entities in different countries. It enables secure, correct customer insights that can help in business growth, a better customer experience, risk mitigation, and compliance, all while fully meeting data localization and data privacy laws.

In the interconnected world we live in, large BFSI and retail companies operate across borders. These collect customers’s Personally Identifiable Information (PII) data like name, father’s name, address, mobile number, gender, and IDs like SSN, FIN, Aadhaar, etc., as part of their operations, as per the laws of the country. This Customer PII data is stored in respective countries.

Using data available with each, by all, meeting privacy & localisation.

This wealth of data holds immense potential for an enterprise as a whole. When subsidiaries of the enterprise located in different countries can share customer data with each other, they get a global customer view. A global customer view improves customer experience, helps business growth through targeted cross-selling and upselling, simplifies KYC processes, manages risks effectively, etc.

“McKinsey estimates that connecting data across institutional and geographic boundaries could create roughly $3 trillion annually in economic value by 2020.”

But there’s a catch. Large BFSI and retail enterprises have consolidated data from all countries into a central location, undergoing some data transformation during the process. However, this traditional approach is now up against the brick wall of data localisation/ data residency, and data privacy laws, a mandate already made by every country or will be made. The new data residency and data privacy laws prohibit data from being moved out of respective countries, but more importantly, place restrictions on data access from across borders from a privacy perspective.

Need for a global customer view in present conditions is explained as under

What companies therefore now need is a BOLD & totally different approach to customer insights through an approach that we call “Zero Knowledge Proof (ZKP) Data Vault”.

“The concept isolates, vectorises, anonymises, tokenenises, and encrypts customer PII plain text data through Polymorphic encryption and then provides insights & enables analytics on the transformed data. “

What is data localization and data privacy?

Before we dive into the new approach, let’s get two basics out of the way.

When we say data localization, it means customer PII stays within the respective country. So, if you’re a citizen of India, and the organisation is in India, your PII stays within the geographical boundaries of India.

“Data localization or data residency law requires data of nation’s residents to be collected, processed, and/or stored inside the country. It mostly does not allow the data to go out of the country, and when allowed, it’s with very strict regulations on a specific case-to-case basis. Bulk data is not allowed to be moved.”

“Data privacy puts restrictions on how organisations collect, store, and use customer data in their country. It puts restrictions on accessing data, particularly while accessing across the borders. Most of the countries do not allow access to plain text data for requests coming from across borders.”

Introducing Posidex’s Zero Knowledge Proof (ZKP) Data Vault

This circles us back to the new approach: the Zero Knowledge Proof (ZKP) Data Vault.

ZKP concept comes from Blockchain.

It is an increasingly common way of achieving privacy in public blockchain networks.

It’s a method where one party cryptographically proves to another that they possess knowledge about a piece of information without revealing the actual underlying information.

Requestor ( who is making the request) gets the insights & can perform analytics, without having access to the plain text data with a Yes or No answer or a value.

We have modified this concept to suit the business need of insights and analytics on fully encrypted customer PII data. The requestor ( making the request) gets the insights & can perform analytics on fully encrypted data and the requestee does not know the contents of what was requested or what was the response. Audit log will be maintained on the requests received and responses to track who requested, again only encrypted values.

Let’s see how ZKP data vault meets data localisation & data privacy

Data localization

Unlike traditional methods, this solution doesn’t centralise and consolidate customer data. Instead, the data resides in the country of origin, meeting data localisation/data residency law.

Data Security

To meet data privacy, a ZKP-based secure data vault is built in the respective country. As mentioned earlier, Customer PII data is isolated, vectorised, anonymised, tokenenised and encrypted. It is done through a proprietary one-way irreversible polymorphic encryption algorithm invented by Posidex, using its AI/ML mathematical model. These anonymised tokens are stored in the ZKP Data Vault in respective countries. They remain so at all times, at rest and in transit. This meets data privacy laws.

We have modified this concept to suit the business need of insights and analytics on customer PII data, wherein the requestor gets the insights & can perform analytics, without having access to the plain text data.

We have modified this concept to suit the business need of insights and analytics on customer PII data, wherein the requestor gets the insights & can perform analytics, without having access to the plain text data.

How ZKP data vault allows secured, correct & contextual insights

Take a bank with a presence in the USA, Mexico, and Singapore.

Customer PII data is held in a ZKP data vault installed in the data center of the bank in each of the three countries. When an authorised person in the bank USA subsidiary wants to know whether their USA customer is also a customer in Mexico or Singapore, the solution sends the query using anonymised, encrypted, and tokenised data, through polymorphic encryption instead of sharing a plain text request.

This request consisting of anonymised, encrypted, and tokenised data is compared with anonymised customer data ( using same polymorphic encryption) in Mexico and Singapore, which is stored in ZKP Data vaults, which is also anonymised. Analytics and comparison of customer PII data are done on this anonymised, encrypted, tokenised data, and the result (in the form of a matched ID) is sent back to the USA.

At no point of time in the entire process, plain Customer PII data in Mexico and Singapore accessed by the request coming from the USA. The request from USA has Zero knowledge of the contents of the Data vault Mexico, Singapore but gets the insight whether the customer exists or not or any other type of query. This guarantees compliance with each country’s data localisation and data privacy regulations.

The solution is based on AI/ML with a proprietary mathematical model that’s amenable to probabilistic search with fuzzy logic on all possible PII data elements. Customer PII data elements are vectorised, anonymised, tokenenised and encrypted data through a proprietary one way irreversible polymorphic encryption algorithm. This feature makes the Posidex solution for ZKP Data Vault unique in the world with huge business value for organisations that have a global presence.

While ZKP Data Vault offers privacy and security, for the customer insights to be useful they have to be accurate and in real time handling 3V challenges of Data Volume, Velocity & Variety.

The AI/ML model’s capability to deliver real-time and accurate contextual insights has been firmly established in India. With a track record of processing over 5 billion pieces of customer PII data, it currently caters to a client base of over 60 large enterprises across the country including the largest bank and largest life insurance company.

Independent study has revealed that the accuracy of insights & analytics is more than 99%. Large clients in India have seen the best quality results with the highest precision and recall in the industry.

Benefits of secure customer analytics and insights ZKP Data Vault

1. Compliance Adhere to regulations across jurisdictions

2. Collaboration Derive meaningful insights

3. Security Maintain strict data security controls

4. Efficiency Optimise data analyses

Empowering businesses to grow

“With real-time, correct, contextual and insights by harnessing data available globally, in a highly secured manner.”

We, at Posidex Technologies, offer a proprietary Zero Knowledge Proof (ZKP) Data Vault powered by a proprietary AI/ML model. Organisations can collaborate globally on data available to all and used by all for accurate, real time customer analytics and insights for various business requirements while fully meeting data privacy laws, data localisation and data residency laws.

To learn more about how the concept works, write to us.

‍