TripleBlind Technology Helps the Financial Services Industry Address a $56 Billion Issue

In 2020, identity fraud losses exceeded $56 billion in the United States alone. This number includes $13 billion for traditional identity fraud, such as data breaches, and $43 billion for other types of identity fraud scams. 

Financial services companies have been reluctant to collaborate for multiple reasons; including competitive pressures, concerns about antitrust exposure and additional concerns about data privacy.  However, $56 billion is too large a number to ignore. A key reason identity fraud happens is any one financial institution has just a limited profile of its customers. The typical consumer has multiple accounts with multiple institutions.  If financial institutions could collaborate and gain a holistic picture of their customers, they could develop more effective algorithms to combat identity fraud.  This holds true for other illegal activity, such as money laundering schemes. In our recent Privacy Enables the Adoption of Open Banking blog, we discuss reasons banks and financial institutions are still reluctant to share data with competitors. 

Solutions that enable and facilitate collaboration haven’t been up to the task. Legal agreements institutions attempt to put in place are complex, take a long time to negotiate and rely on the goodwill of the parties involved. Some technology solutions, such as homomorphic encryption, do enable data sharing while remaining in compliance with data privacy standards, but severely degrade the performance of financial institutions’ networks. Others, such as secure enclaves provide an incomplete solution.

TripleBlind’s solution addresses these issues and allows financial services competitors and partners alike to share data without needing to trust the recipient because the most sensitive information within each data set remains private. TripleBlind’s API-driven virtual exchange creates an environment where encrypted data can safely be shared and used by institutions without ever exposing them to the risks that come with handling raw data, ultimately reducing fraud, intentional or not, and ensuring higher levels of compliance.

One example of how TripleBlind’s solution could prevent credit card fraud would be for Bank 1, Bank 2 and Bank 3, to share encrypted data with a credit card fraud detection company using TripleBlind’s private AI infrastructure. If a customer has accounts with the three banks, it would be most beneficial for the fraud detection company to access spending habits from all three sources and then share data among them to ensure the customer’s finances are secure.

However, while Bank 1 wants to give the fraud detection company information regarding the consumer’s spending habits, Bank 1 is reluctant to share that data with Banks 2 or 3. TripleBlind’s technology would only give Bank 2 and 3 the essential information necessary to determine if the customer’s account has been compromised; and vice versa for data from the other two banks.

Additionally, the data can only be used for its agreed-upon purpose. So if Bank 1, Bank 2 and Bank 3 agree to share data for fraud detection, they cannot access it for additional operations, such as marketing activities. 

Sharing data with TripleBlind allows competitors to collaborate for mutual benefit without giving up the proprietary data – everybody wins.

TripleBlind has already partnered with leaders in the healthcare and financial services industries to tackle their data sharing needs with ensured safety, including Mayo Clinic, BC Platforms and Snowflake. If you are interested in exploring how your company can increase your data sharing capabilities, please contact us for a free demo HERE.

TripleBlind’s Blind De-identification Via One Way Encryption Provides Advantages for Healthcare Institutions

TripleBlind is currently the only solution that effectively de-identifies genomic data. Its groundbreaking approach to data sharing involves de-identification via one-way encryption that allows for safe and compliant data sharing among healthcare institutions. The solution meets the legal definition of de-identification, and TripleBlind never hosts any data that is being shared.

TripleBlind unlocks the ability for healthcare organizations to share PHI, health records, genomic and other data, enabling data to be usable at its highest resolution without incurring an accuracy penalty. TripleBlind de-identifies data by splitting each record, randomly, byte-by-byte, automatically de-identifying it without anonymizing it. Because the random splits cannot be used to identify an individual, the data sharing remains compliant with privacy standards, like HIPAA and GDPR.

Blind de-identification via one way encryption provides many advantages over the five methods for data anonymization most frequently utilized today, the utmost being that blind de-identification does not alter the fidelity of the data. Apart from often being slow, expensive, and unclear as to if full sets of data are actually fully de-identified and secure, other methods of de-identification remain inferior to TripleBlind’s mode of blind de-identification.

 

  • K-anonymization alters the fidelity of the data through two means: suppression (data masking); certain values of the attributes are replaced by an asterisk. All or some values of a column may be replaced by an asterisk; or generalization; individual values of attributes are replaced with a broader category, e.g., the value 19 might be replaced with <20,
  • Pseudonymization replaces private identifiers with fake identifiers or pseudonyms,
  • Data swapping (shuffling or permutation) rearranges the dataset attribute values so they do not correspond with the original records,
  • Data perturbation modifies the original data set by rounding numbers and adding random noise, also known as differential privacy,
  • Synthetic data is often used in place of altering the original dataset or using it as is and risking privacy, but even the best synthetic data is still a replica of specific properties of the original data.

 

One way encryption creates a clear path from data collection to data usage that is significantly faster, cheaper, seamless and compliant. 

TripleBlind has already partnered with leaders in the healthcare and finance industries to tackle their data sharing needs with ensured safety, including Mayo Clinic, BC Platforms and Snowflake

We have upcoming webinars that go into depth about our services so follow us on LinkedIn and Twitter for updates. If you have questions or would like a free hands-on demo, reach out to us at contact@tripleblind.ai.

Part II: The Private Solution to the Schrems II Decision Turmoil

In July 2020, the court of Justice of the European Union officially made their decision on Schrems II finding that the EU-U.S. Privacy Shield Framework, on which more than 5,000 U.S. companies rely to conduct trans-Atlantic trade in compliance with EU data protection rules, was invalid. Since then, companies have had to reevaluate their transatlantic data sharing operations through a case-by-case analysis, costing time and money to achieve the required level of compliance.

TripleBlind has the solution to this turmoil. We discussed this topic before the decision was made, our technology allows entities to comply with these new standards and achieve their business objectives regardless of location. Deploying TripleBlind enables enterprises to share data and collaborate with other enterprises with confidence, knowing that TripleBlind enables them to automatically enforce HIPAA, GDPR and other regulatory standards. 

We built TripleBlind to remain future-proof by creating a solution that automatically complies with even the strictest standards. Our blind de-identification process is TripleBlind’s novel method of data de-identification via one-way encryption, allowing all attributes of the data to be used, even at an individual level, while eliminating any possibility of the user of the data learning anything about the individual. Meaning, data is legally de-identified in real time with practically 0% probability of re-identification. 

TripleBlind enables the processing and analyzing of sensitive data without ever moving it across borders. The data always remains encrypted, de-identified and is completely blind to TripleBlind and data consumers.

See our graphic below for a visual summary of how TripleBlind solves the Schrems II turmoil.

TripleBlind Schrems II Solution Diagram


TripleBlind has the only private, encrypted and de-identified aggregated analysis pipeline. EU data stays within boundaries, and enterprises are able to efficiently and cost effectively share all types of data, even data that traditionally can’t be de-identified, such as genetic data. 

We have upcoming webinars that go into depth about our services so follow us on LinkedIn and Twitter for updates. If you have questions or would like a free hands-on workshop, reach out to us at contact@tripleblind.ai!

 

 

Responsible Technology is Leading the Fourth Industrial Revolution

Recently, we came across this insightful article from the World Economic Forum, “What if we get tech right?” which covers emerging technologies, but one part in particular caught our attention. Benjamin Haddad, Director of Technology Innovation at Accenture, and Algirde Pipikaite, Lead, Strategic Initiatives for the Centre for Cybersecurity at World Economic Forum stressed the importance of designing data architecture embedded with privacy and security. Today, we often rely on ethics when it comes to data compliance, putting too much personal information at risk. But as we move closer and closer to data liquidity, laws are being proposed to control and protect sensitive data. 

At TripleBlind, developing advanced mathematics to create an entirely new, comprehensive and streamlined approach to data privacy is our reason for being. TripleBlind’s cryptographic digital rights management allows fine-grained control of data and algorithm interactions with cryptographic consent needed for every operation. We never decrypt or copy the data and algorithms, meaning everyone involved, including data scientists or TripleBlind ourselves, never see the raw data and algorithms. Everything remains confidential and secure without losing the valuable assets of the data itself.

“This political debate over data residency is expected to gain as much importance as the one on foreign ownership of a country’s sovereign debt.”


TripleBlind also allows computations to be done on enterprise-wide global data while enforcing data residency regulations. We know data residency laws vary from country to country and keeping track and maintaining compliance is difficult and costly. TripleBlind enables convenient access to global data silos, all while maintaining compliance with even the strictest of data laws. 

As we head toward a future where big data is going to be key to unlocking countless advancements and insights, we have to put the privacy and security of that data first. TripleBlind is at the forefront of addressing this issue and we will continue to set the industry standard for data sharing. To keep up to date with us, subscribe to our newsletter and follow us on LinkedIn and Twitter!

Harness the Opportunities of Sharing Regulated Data

I was recently given the opportunity by insideBigData to provide a perspective on some of the possibilities present today for sharing regulated data. You can read it here as well as below where we’ve reproduced it in its entirety.

Harness the Opportunities of Sharing Regulated Data

Insights-rich but regulated or sensitive data is sitting in private data stores unleveraged and unmonetized by enterprises. In 2018, Gartner reported that nearly 97 percent of data sits unused by organizations. There are solutions available today that enable enterprises to share data and collaborate, but they are either cumbersome, slow, ineffective or dangerous – which is why the rate of data sharing remains so low. There are new solutions available that do allow enterprises to gain insights from enterprise data and address the weaknesses of current solutions, while concurrently enforcing regulatory standards such as HIPAA and GDPR, as well as data residency requirements in some regions, such as Southeast Asia, China and the Middle East.

Here are a few scenarios in which effective data collaboration would be beneficial.

Financial Fraud

On average, people own 5.3 accounts across different financial institutions. A person might have a checking and savings account with Wells Fargo, a credit card with Citibank and a mortgage with Chase. If Citibank detects potential fraud on the person’s credit card, there is currently little or no ability for Citibank’s fraud department to collaborate with Wells Fargo and Chase to get a comprehensive picture of the fraud – which would enable Citibank’s security team to identify and thwart the activity.

Healthcare

Approximately 1.2 billion clinical documents, such as patient records, are produced in the United States each year, comprising approximately 60% of all clinical data with each paper providing medical experts with a wealth of potentially life-saving insights and data. However, within any one healthcare system, these records are skewed by the demographics of the patients – in some parts of the country the skew might be toward older, whiter patients, in other part, younger, Hispanic patients. When these institutions develop algorithms to create diagnoses, they are impaired by this skewed data. Today, the solution is to physically ship anonymized data from other healthcare systems to create accurate algorithms, a long, slow and expensive process.

Airline Predictive Maintenance

Aircrafts supply chains are a trade secret for parts suppliers making current predictive models less accurate than they could be. Partnerships of various manufacturers are notoriously complex and often serve as a barrier in sharing data. But suppose they can privately run predictive models on the aircraft data and determine the remaining useful life of their aircrafts and parts without ever having access to the raw data sets. In that case, this can set a new precedent for the industry. The manufacturer networks will be able to share information from airlines they don’t have direct relationships with, all in compliance with local laws and protecting their intellectual property.

How One New, Breakthrough Solution Works

One new, breakthrough solution enables enterprises to gain insights from data without ever decrypting it. The process starts by privately aggregating data from multiple sources, such as different financial institutions or healthcare systems. It privately explores, selects and pre-processes relevant features for training, and then privately processes the encrypted data.

Fig. 1 Separate data from different clients are combined and privately aggregated creating a new algorithm. The data is blind to the algorithm and vice versa. The new insights are then sent back to each client without any of them ever seeing the data or algorithm themselves. The data remains encrypted throughout the entire process ensuring total security.

 

It then trains new, deep statistical models and then predicts on any private and sensitive data.

The training process features low compute requirements and low communication overhead.

Along with encrypted data, this new approach encrypts the algorithm. The algorithm is blind to the data fed through it and the data is blind to the algorithm executed upon it. And neither the data nor the algorithm is exposed to the solution itself – it is a triple blind answer to gain insights from sensitive data.

By incorporating algorithmic encryption, neither party can reverse engineer the algorithms and the algorithms cannot abuse the data. And, neither party can re-generate any of the original training dataset for neural networks

Compared to other approaches like homomorphic encryption or secure enclaves, this enterprise data privacy approach enables “digital rights” to the data – the ability to overlay rules on how the data may be used. This ensures that any regulation or other terms that govern the use of the data, can be baked into the digital rights management contract. This blind pipeline offers the highest privacy and security, lowest computational load, and the lowest communication overhead, with no one ever seeing the entire model. With a suite of tools that allows for even the most sensitive information to be shared among competitors, the use cases with this technology are endless. Being blind to all data and algorithms brings in the most visible results – ensuring that the data becomes “liquid” and can be used broadly.

Fig. 2 Comparison of the new blind inference solution to homomorphic encryption and secure enclaves. This compares different capabilities of each approach such as speed, digital rights management, and more.

 

To keep up with our announcements and events, subscribe to our newsletter and follow us on Twitter and LinkedIn!

TripleBlind Joins the Snowflake Technology Partner Program, Supplements Innovative Cloud Security Infrastructure with Private Data Sharing

Recently, we announced our partnership with BC Platforms and we’re excited to build on that momentum with our latest announcement. We officially partnered with Snowflake, the Data Cloud company, to empower joint customers to run TripleBlind’s API-driven virtual exchange solution that enables data owned by one enterprise to run specific operations on data owned by another enterprise, on Snowflake’s platform.

Snowflake’s Cloud Data Platform allows businesses or technology professionals to get the performance, flexibility, and near-infinite scalability to easily load, integrate, analyze, and securely share data. It’s the ultimate solution for data warehousing, data lakes, data engineering, data science, data application development, and for securely sharing and consuming shared data. Now, when a data owner and data consumer agree to private data sharing on Snowflake’s platform, TripleBlind’s solution automatically de-identifies the data and ensures they never move outside the owner’s firewall.

The data consumer can only perform operations on the data specifically allowed by the data owner and all computations occur in the encrypted space. TripleBlind’s API-driven virtual exchange keeps intellectual property in an algorithm safe from reverse engineering attempts, while Snowflake’s secure data sharing technology means that data is never required to be moved or copied, and is up-to-date. TripleBlind’s platform is architected to natively support data sets stored in the Snowflake Data Cloud, which means customers can seamlessly integrate the solution within their instance. Read our full press release here

To keep up with our announcements and events, subscribe to our newsletter and follow us on Twitter and LinkedIn!

TripleBlind Welcomes Gaurav Satam as Vice President of Corporate Development, Furthering Initiatives in Ethical Data Sharing in Healthcare

We are pleased to announce that Gaurav Satam has joined TripleBlind as its new Vice President of Corporate Development. Satam is responsible for TripleBlind’s Healthcare business in his new role with the company. 

“We have taken exceptional measures to focus on creating a safer and more ethical sphere for data sharing in healthcare, including achieving HIPAA compliance earlier this year,” said TripleBlind CEO, Riddhiman Das. “Under guidance from Gaurav, we hope to further communicate our capabilities in healthcare, and amplify TripleBlind’s solution to improve what is currently considered state-of-the-art in the industry.”

Satam has more than 13 years of experience in corporate strategy and business development for healthcare companies. Prior to joining TripleBlind, he worked for Mayo Clinic Ventures, a healthcare data analytics company called Inovalon and St. Jude Medical. Satam specializes in corporate venture, strategic development, finance, research and development, and product management roles. 

Gaurav Satam: VP, Corporate Development

“I am looking forward to using my unique skill set to further TripleBlind’s vision of data privacy in the healthcare industry,” said Satam. “Although my background is primarily in healthcare, I join the TripleBlind team ready to offer this solution to all industries and companies that value finding a better way to share data.”

TripleBlind Expands Collaboration with and Receives Investment from Mayo Clinic

On the heels of announcing the close of $8.2 million in seed funding, TripleBlind is pleased to announce that it has expanded its collaboration with Mayo Clinic. The renowned academic medical center invested in a seed extension round and was the only investor participating.

TripleBlind is collaborating with Mayo Clinic on data-analysis, algorithm training and validation on one-way encrypted data and on next generation algorithm sharing. TripleBlind’s API-driven virtual exchange solution allows Mayo Clinic researchers to validate interoperability of encrypted algorithms on encrypted data and train new algorithms on private data.

 “As part of our mission to commercialize innovative technologies for the benefit of patients worldwide, we are furthering our collaboration with TripleBlind through this investment,” said Andy Danielsen, Chair, Mayo Clinic Ventures.

Mayo Clinic joins Accenture Ventures, Okta Ventures, NextGen Venture Partners, Operator Partners, Wavemaker Three-Sixty Health, AVG Basecamp Fund, Anorak Ventures, Quiet Capital, Clocktower Technology Ventures, Parity Responsible Technology Fund and Manresa Ventures as a TripleBlind investor.

Through TripleBlind’s solution, organizations can share data and collaborate without decrypting the data, enforcing  HIPAA and other data standards, and create more ethical consumer and patient profiles. 

TripleBlind Accelerates Secure Data Sharing within BC Platforms’ Global Healthcare Data Network

Healthcare is ripe for a change with data availability and new data analysis techniques, including the rise of AI and machine learning. As companies look to work with healthcare “data owners” to innovate and improve patient care, they need to ensure no compromises are made with patient data in the face of new threats and vulnerabilities.

lab workers

TripleBlind’s recently announced strategic partnership with BC Platforms is a prime example of how our next-generation data privacy technology enables companies to safely provide and consume sensitive data without compromising privacy or security. TripleBlind’s tools will empower BC Platforms, a global leader in providing robust data for personalized medicine, to ensure data always remains encrypted throughout the process with no decryption possible, which is better than the current gold standard of homomorphic encryption or secure computing. BC Platforms’ global genomic and clinical database network of customers and data provider partners from the E.U., U.S., and Asia will leverage TripleBlind’s fastest and most secure privacy framework.TripleBlind’s ability to operate on any type of data such as images, text, voice, video, tabular data and genomic and perform any data operations, including training, AI algorithms, along with digital rights management, will give confidence to all parties involved in the transaction. This type of flexibility and scalability will allow for rapid innovation among BC Platforms’ collaborators to improve the quality of care and reduce cost. Interoperability across organizations using different hardware and cloud providers has been a significant obstacle in broader collaboration among companies and institutes worldwide. Also, data privacy regulations like GDPR, CCPA, HIPAA and data residency laws that change with location add complexity to partner with others and limit innovation at a global scale. Companies like BC Platforms can now use TripleBlind technology without worrying about interoperability issues and at the same time comply with not only GDPR, CCPA, HIPAA but also stricter regulation of data residency.

Enormous data availability has changed the way institutes operate and leverage data in any industry, but healthcare remains the one with the most potential and the most complexities. It is important to acknowledge no matter the potential of the data to improve human life, it is also important to acknowledge that organizations must create an environment which is secure, trusted and scalable for data sharing. As we work with companies like BC Platforms and other players in the provider, payer, pharma, and medical devices markets, we are hopeful about the future where healthcare innovation can happen while preserving and respecting patient privacy. 

 

About BC Platforms

BC Platforms is a global leader in providing a powerful data and technology platform for personalized medicine, accelerating the translation of insights into clinical practice. Our technology drives the infinite loop between personalized care and research discoveries, leveraging the latest science, deep technical expertise, strategic partnerships, and harmonized, diverse data collections. Our high performing genomic data discovery and analytics platform enables flexible data integration, secure analysis and interpretation of molecular and clinical information. Additionally, BC Platforms has developed a Global Data Partner Network BCRQUEST.com, which provides genomic and clinical cohort data for pharmaceutical and medical research and development. BC Platforms’ vision is to build the world’s leading analytics platform for healthcare and industry, providing access to diverse genomic and clinical data and samples from more than 5 million subjects, consolidated from a global network of Data Partners. 

Founded in 1997 from an MIT Whitehead project spinoff, the Company has a strong scientific heritage underpinned by over 20 years of working in close collaboration with a network of leading researchers, developers, and industry partners. BC Platforms has global operations with its headquarters in Zurich, Switzerland, research and development in Espoo, Finland, and presence in London, Boston and in Singapore.

 

 

About the Author

Gaurav Satam, VP, Corporate Development, has more than 13 years of experience working in the healthcare industry. Prior to joining TripleBlind, he worked for Mayo Clinic Ventures, Inovalon, a healthcare data analytics company and St. Jude in the Medical, where he worked in corporate venture, strategic development, finance, R&D, and product management roles.