Skip to main content
Top

2025 | OriginalPaper | Chapter

Formal Privacy Analyses for Open Banking

Authors : Luigi D. C. Soares, Mário S. Alvim, Di Bu, Natasha Fernandes, Yin Liao

Published in: Formal Methods: Foundations and Applications

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The term “Open Banking” describes a series of global initiatives to allow the sharing of customer data between financial companies to facilitate competition within their sector. In this paper, we formalise in the rigorous framework of quantitative information flow (QIF) relevant privacy risks in a concrete Open Banking scenario, namely: (i) transaction-history recovery and (ii) collateral attribute-inferences using external correlations. We provide extensive analyses of these risks in real-world data from Open Banking, supplied by a fintech in Australia. We show that the Open Banking system studied presents considerable privacy risks with respect to transactions, both in the presence and in the absence of demographic data. Finally, we exemplify potential real-world collateral attribute-inference attacks, in which we show how an attacker might leverage scientific correlations to infer individuals’ level of neuroticism and self-control from their transaction history. We hope that this work may: (i) help financial customers in Australia make better-informed decisions about what kind of information, and how much of it, to share via Open Banking; (ii) raise awareness about the potential privacy risks of Open Banking in other countries; and (iii) foster the development of privacy regulation in digital finance and the open data economy.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Appendix
Available only for authorised users
Footnotes
4
We reinforce that the use of synthetic joints was due to the fact that we only had access to correlations in the form of Pearson correlations; the datasets from which these correlations were computed are not publicly available. Nevertheless, we do believe the synthetic data is illustrative of the kind of concrete threat we are considering.
 
Literature
3.
go back to reference Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: The Science of Quantitative Information Flow. Springer (2020) Alvim, M.S., Chatzikokolakis, K., McIver, A., Morgan, C., Palamidessi, C., Smith, G.: The Science of Quantitative Information Flow. Springer (2020)
4.
go back to reference Alvim, M.S., Fernandes, N., McIver, A., Morgan, C., Nunes, G.H.: Flexible and scalable privacy assessment for very large datasets, with an application to official governmental microdata. Proc. Priv. Enhancing Technol. 2022(4), 378–399 (2022). https://doi.org/10.56553/popets-2022-0114 Alvim, M.S., Fernandes, N., McIver, A., Morgan, C., Nunes, G.H.: Flexible and scalable privacy assessment for very large datasets, with an application to official governmental microdata. Proc. Priv. Enhancing Technol. 2022(4), 378–399 (2022). https://​doi.​org/​10.​56553/​popets-2022-0114
7.
go back to reference Behling, O.: Employee selection: will intelligence and conscientiousness do the job? Acad. Manag. Perspect. 12(1), 77–86 (1998)CrossRef Behling, O.: Employee selection: will intelligence and conscientiousness do the job? Acad. Manag. Perspect. 12(1), 77–86 (1998)CrossRef
8.
go back to reference Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. Electron. Notes Theor. Comput. Sci. 249, 75–91 (2009)CrossRef Braun, C., Chatzikokolakis, K., Palamidessi, C.: Quantitative notions of leakage for one-try attacks. Electron. Notes Theor. Comput. Sci. 249, 75–91 (2009)CrossRef
9.
go back to reference Butz, N.T., Stratton, R., Trzebiatowski, M.E., Hillery, T.P.: Inside the hiring process: how managers assess employability based on grit, the big five, and other factors. Int. J. Bus. Environ. 10(4), 306–328 (2019)CrossRef Butz, N.T., Stratton, R., Trzebiatowski, M.E., Hillery, T.P.: Inside the hiring process: how managers assess employability based on grit, the big five, and other factors. Int. J. Bus. Environ. 10(4), 306–328 (2019)CrossRef
11.
go back to reference Dalenius, T.: Finding a needle in a haystack or identifying anonymous census records. J. Official Stat. 2(3), 329 (1986) Dalenius, T.: Finding a needle in a haystack or identifying anonymous census records. J. Official Stat. 2(3), 329 (1986)
12.
go back to reference Di Clemente, R., Luengo-Oroz, M., Travizano, M., Xu, S., Vaitla, B., González, M.C.: Sequences of purchases in credit card data reveal lifestyles in urban populations. Nat. Commun. 9(1), 3330 (2018)CrossRef Di Clemente, R., Luengo-Oroz, M., Travizano, M., Xu, S., Vaitla, B., González, M.C.: Sequences of purchases in credit card data reveal lifestyles in urban populations. Nat. Commun. 9(1), 3330 (2018)CrossRef
14.
go back to reference Freebairn, P.: Response to the farrell report into open banking. Policy (2018) Freebairn, P.: Response to the farrell report into open banking. Policy (2018)
16.
go back to reference Judge, T.A., Ilies, R.: Relationship of personality to performance motivation: a meta-analytic review. J. Appl. Psychol. 87(4), 797 (2002)CrossRef Judge, T.A., Ilies, R.: Relationship of personality to performance motivation: a meta-analytic review. J. Appl. Psychol. 87(4), 797 (2002)CrossRef
21.
go back to reference Rényi, A.: On measures of entropy and information. In: Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1: Contributions to the Theory of Statistics, vol. 4, pp. 547–562. University of California Press (1961) Rényi, A.: On measures of entropy and information. In: Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1: Contributions to the Theory of Statistics, vol. 4, pp. 547–562. University of California Press (1961)
22.
go back to reference Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression (1998) Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression (1998)
24.
go back to reference Smith, G.: On the foundations of quantitative information flow. In: FOSSACS. LNCS, vol. 5504. Springer (2009) Smith, G.: On the foundations of quantitative information flow. In: FOSSACS. LNCS, vol. 5504. Springer (2009)
25.
go back to reference Sweeney, L.: Simple demographics often identify people uniquely. Health (San Francisco) 671(2000), 1–34 (2000) Sweeney, L.: Simple demographics often identify people uniquely. Health (San Francisco) 671(2000), 1–34 (2000)
Metadata
Title
Formal Privacy Analyses for Open Banking
Authors
Luigi D. C. Soares
Mário S. Alvim
Di Bu
Natasha Fernandes
Yin Liao
Copyright Year
2025
DOI
https://doi.org/10.1007/978-3-031-78116-2_11

Premium Partner