How PETs help banks protect consumers from fraud without sharing personal data

Fraud keeps climbing. In the United States alone, consumers reported more than $12.5 billion in losses in 2024, up about 25% year-over-year. Behind that figure are victims whose savings were drained, whose credit scores were destroyed by fraudulent loans, and whose stolen identities continue to cause harm long after the initial incident.

Banks want to protect customers, but fraudsters operate across many institutions and often as syndicates – putting banks working in isolation at a disadvantage. A single bank rarely sees enough of a pattern to act decisively. Banks need a way to share visibility without sharing personal data. Traditional 'share-the-file' approaches are not the answer: moving personal data between institutions creates new risks and clashes with public expectations and privacy law.

Privacy-enhancing technologies (PETs) remove these barriers, enabling banks to act as a united front against fraud without sharing customer files.

PETs are tools and methods that let organizations share information and derive insights with each other, while protecting raw personal data from exposure. In essence, they let organizations learn from each other’s data without sharing the data itself. The role PETs can play in unlocking the positive impact in sectors like healthcare and finance is why the World Economic Forum named them a Top 10 Emerging Technology of 2024.

For an accessible overview, see the World Economic Forum’s explainer, The impact of privacy-enhancing technologies on business, individuals and society.

One PET-in-practice with growing adoption is the data clean room, a governed environment that combines PET techniques, so organizations can work together to answer agreed-upon questions safely. Raw personal data stays with its owner; participants contribute pseudonymized/tokenized identifiers (hashed or tokenized on premises) and non-identifying aggregates.

Let’s use a PET-enabled data clean room here as a clear example of PETs working under governance: banks keep raw data on-premises while enabling cross-bank matching without exchanging customer files.

Below are three practical examples of how banks can work together via a PET-enabled data clean room to help prevent fraud:

Stolen funds are routed through 'money-mule' accounts – bank accounts used to receive and pass on illicit money on behalf of fraudsters, sometimes with the account holder’s knowledge – so cash can be split and moved to other accounts before detection.

At a single bank, a fast 'in and out' movement can look suspicious but not conclusive – for example, $5,000 is deposited and $4,950 is withdrawn the next day. That could be perfectly legitimate (moving money to another account or paying a large bill), so Bank A can’t confidently label it fraud without seeing the same pattern at other banks.

(a) Each bank converts customer identifiers, devices used and beneficiaries into irreversible and interoperable tokens on-premises that allow matching of the same tokens across banks.

(b) The banks upload the tokens, plus behaviour signals (e.g. amount bands, timing, velocity, counterparty counts).

(c) In the data clean room, matching tokens across banks are aligned and suspicious patterns are flagged (e.g. rapid in-out cash-through; fan-in/fan-out hubs).

(d) Each bank receives flags for its own tokens only and resolves them locally to accounts for action.

Small anomalies align into multi-bank patterns consistent with mule activity, such as rapid 'in-out' cash through multiple banks or fan-in/fan-out hub accounts, where multiple small payments are quickly paid to multiple beneficiaries.

Faster interdiction, fewer successful scams and more consumer protections without sharing personal data between banks.

Fraudsters combine real and fabricated details to create a 'person' who passes checks and then runs up debt that a real consumer never authorized before defaulting on the debt.

Inside one institution the identity can look consistent. Contradictions appear only when attributes are compared across providers.

(a) Each bank converts identity fields (ID numbers, phone, email) into irreversible tokens on premises; no raw personal information leaves any bank.

(b) In the data clean room, tokens are matched privately across banks to detect one-to-many and conflicting links (e.g. same ID token with different names/DOBs; multiple IDs tied to the same device).

(c) The system returns an actionable flag or strength-of-identity score, plus brief explainers and never the underlying attributes.

Clear synthetic-identity signals: the same ID number associated with different names or variations of the same name at different banks, different IDs associated to the same device or a new token opening accounts at multiple banks within a short timeframe.

Less fraudulent debt created, fewer genuine customers mistakenly flagged and improved detection without mass data pooling.

Alerts are time-sensitive, yet privacy rules prevent sharing identities. Without a safe way to alert peers, the same threat can spread to other institutions before controls tighten.

Bank A may spot a spike in risky logins, but cannot broadcast raw personal identifiers to others.

(a) The detecting bank publishes a tokenized alert (credential, account/beneficiary or device token) with a brief reason code, confidence and time window.

(b) Receiving banks check locally whether they hold the same token or have had recent transfers to/from the alerted beneficiary token within the window. No identities are exchanged.

(c) On a match, the bank steps up security (e.g. one-time code/MFA) and temporarily limits movement (rate-limits/holds/review). Actions are logged and the alert expires automatically unless refreshed by new evidence.

A quiet early-warning layer that hardens defences sector-wide without swapping customer lists.

Fewer account takeovers ripple from a single breach; meaning less harm for customers.

Begin by defining success in concrete, consumer-first outcomes (victim losses avoided, mule interdictions, synthetic IDs stopped).

Then run a 30-60 day joint proof-of-concept with two or three banks focused on a single pattern (mule detection, synthetic-identity contradictions, or compromised-credential alerts) with simple, pre-agreed metrics.

Set up the data clean room, dry run on synthetic data, encode the rules, run the pilot and decide, based on the evidence, whether to scale or stop cleanly.

Fraud is becoming more sophisticated every day. For banks to combat this growing threat, they need to collaborate safely by using PETs that enable them to protect customers’ privacy and accounts.

That is good risk management, good compliance and, above all, the right outcome for the people who trust the financial system.