Data security is paramount

I want to start this article with a few statistics on cybercrime and data breaches. Just to bring you up to speed. Then we will look at how Aleo allows you to use banking and many other services more securely without revealing personal information.

The most high-profile cyber-attacks of 2022 with leaked user data

1. Extortionist attack on Costa Rican government agencies
   An unprecedented case of attack on public institutions occurred in April: a group of extortionists Conti attacked Costa Rican government agencies and demanded a ransom of 20 million dollars. Due to the inaccessibility of most of the IT infrastructure in the country was declared a state of emergency, and a few days later, the attacked public sector was joined by Costa Rican health care, whose management and institutions were attacked by the group Hive.
2. Lapsus$ attacks on Okta, Nvidia, Microsoft, Samsung and other companies
   The Lapsus$ group has hacked a number of major IT companies, including Okta, Nvidia, Microsoft, Earlier this year, Okta, which develops solutions for account and access management, including support for multi-factor authentication, was attacked. The attack affected about 2.5% of the company’s customers and raised questions about the reliability of the solutions used for authentication.
3. Attack on Swissport International
   Swissport International, a Swiss air cargo and ground handling provider that operates at 310 airports in 50 countries, has been attacked by ransomware. The attack resulted in multiple flight delays. In addition, criminals stole 1.6 TB of data.
4. Attack on Vodafone Portugal
   An attack on telecommunications operator Vodafone in Portugal has caused service disruptions across the country, including 4G and 5G networks, as well as SMS messaging and TV services. Vodafone Portugal serves more than 4 million cellular subscribers in the country and another 3.4 million internet users, so the scale of the impact of the attack was felt by many Portuguese citizens. It took the company a long time to restore its systems: for example, the organization’s websites became functional again after almost a month.
5. Data leak of Indonesian citizens
   An archive containing a dataset of 105 million Indonesian citizens — nearly 40% of the country’s population — has been put up for sale on a shady forum. The information is believed to have been stolen from the “General Election Commission”. The archive contains full names, dates of birth, and other personal information, and the price set by the attacker is $5,000. Earlier, the criminal also posted an archive containing the registration details of about 1.3 billion SIM cards — phone numbers, ID cards — at a cost of $50,000.

Now you understand the full extent of data breaches and why you need to treat your data, especially in finance, with extra caution.

Let’s look at an example of how you can get a loan without revealing your personal data.

Qualifying for loans — without exposing your bank account

Maybe it’s your dream house. Maybe it’s your first house. Either way, you’ve been preparing for this purchase for years. You have the down payment, and now all that’s left is getting approved for the mortgage — oh, and laying bare your entire financial life to lenders you’ve only just met.

People engage with financial services in many ways, such as getting a mortgage, financing their education, applying for a credit card, and setting up a payment plan. Applying for a mortgage, loan, or other financial service today often requires you to reveal years of bank statements, tax documents, credit reports, and more.

Sure, that information helps the lender decide whether to approve you, but it often exposes details far beyond what you actually need to qualify. While we’ll always have to share information online, we shouldn’t have to wonder if it’ll appear in the next data breach.

Your exposed data could be used by bad actors to steal your identity, potentially leading to unwanted purchases made in your name, messy legal battles, and challenges getting access to credit in the future — which could prevent you from achieving your goals, from maintaining a good credit score to starting a business.

While oversharing sensitive information is the status quo for obtaining financial services today, it won’t be in the near future. Emerging cryptography known as zero-knowledge proofs (ZKPs) offer a privacy-preserving alternative to traditional qualification processes.

With a zero-knowledge solution such as zPass on the Aleo blockchain, you can prove you meet specific criteria without revealing anything more, allowing financial institutions to validate your credentials while keeping your personal documents private. You maintain control over your data, giving financial institutions only the information they need to offer you their services.

The not-so-private loan application process today

When you apply for financial services, such as a loan, you often must provide extensive personal information to prove your creditworthiness.

The typical loan application can require:

• Years of bank statements showing account balances and transaction history
• Tax returns and pay stubs verifying employment and income
• Credit reports from agencies like Equifax, TransUnion, and Experian
• Documentation of assets like property deeds and investment accounts
• Existing loan and debt information from various creditors
• Your firstborn (kidding, not kidding)

These documents give the lender deep insight into your financial position. But while that’s necessary to assess risk, it also exposes many extraneous private details and physical documents that may live on others’ servers and can easily be hacked. Plus, there’s the additional risk of biased decisions based on specifics in your documents that are irrelevant to the application itself — information that could be used to discriminate against you, such as your age, gender, race, and other personal details.

How zero-knowledge offers more privacy and control

ZKPs are a form of cryptography that allows one party (the prover) to prove information to another party (the verifier) without revealing anything beyond what is proven.

On a platform for truly private applications like Aleo, borrowers can prove they qualify for a loan without revealing personal information.

As an example, you could cryptographically prove you have:

• A credit score over 740, without disclosing the actual number
• Monthly income of at least $7,000, without showing payslips
• Over $50,000 in a checking account, without revealing the balance
• No late mortgage payments in the past two years, without exposing your entire payment history

Let’s say a woman named Emily wanted to apply for a financial service — she would be the prover. For each qualification criteria, she could upload her documents on her private device, such as her phone or computer.

Emily would then use zPass to create a ZKP, which validates that she meets the requirements without revealing her uploaded documents.

She could then pass that ZKP along to the verifier, in this case, Paul, a loan officer at her financial services provider. He can validate that Emily meets the qualifications but cannot view any underlying documents or data that inform the proof.

A more secure future with ZK

Aleo’s zero-knowledge approach provides better privacy for borrowers. You maintain control over your personal information, choosing what information to disclose for each application. And lenders only receive what is necessary to prove your creditworthiness, avoiding the possibility of them discriminating against you based on irrelevant details.

Meanwhile, financial services get streamlined verification of customer credentials without having to actually store any of that data themselves — offering a huge benefit since they don’t have to worry as much about being the target of massively expensive cyber attacks from bad actors trying to access sensitive data.

Case in point — finance firms lost an average of $5.9 million per data breach in 2022, according to a 2023 report from IBM, with large institutions paying even more: JP Morgan Chase and Equifax reported $100 million and $300 million in losses after hacks in 2014 and 2017, respectively.

Aleo and others work to mainstream this technology and its many applications across not just finance but all industries that require validating potentially sensitive information.

With continued progress, truly private interactions online can become the norm so that people no longer have to expose their personal information to participate in modern financial activities online.

Explore zPass to see how we’re making privacy — including financial privacy — the new normal.

Apply for zPrize 2023 to earn up to $500K in prizes for solving challenges that push ZK technology forward.

If you want to keep up to date with Aleo, I recommend subscribing to their Twitter and Discord