Privacy-preserving Fuzzy Name Matching for Sharing Financial Intelligence

TL;DR

This paper presents a privacy-preserving fuzzy name matching scheme using homomorphic encryption and clustering, enabling financial institutions to share intelligence without revealing sensitive data, thus complying with privacy regulations.

Contribution

It introduces a novel homomorphic encryption-based fuzzy name matching method with clustering for efficiency, addressing privacy concerns in financial data sharing.

Findings

Achieves matching in 100-1000 seconds for datasets of 10k-100k names

Reduces communication overhead by 30-300 times

Outperforms existing schemes in privacy and efficiency

Abstract

Financial institutions rely on data for many operations, including a need to drive efficiency, enhance services and prevent financial crime. Data sharing across an organisation or between institutions can facilitate rapid, evidence-based decision-making, including identifying money laundering and fraud. However, modern data privacy regulations impose restrictions on data sharing. For this reason, privacy-enhancing technologies are being increasingly employed to allow organisations to derive shared intelligence while ensuring regulatory compliance. This paper examines the case in which regulatory restrictions mean a party cannot share data on accounts of interest with another (internal or external) party to determine individuals that hold accounts in both datasets. The names of account holders may be recorded differently in each dataset. We introduce a novel privacy-preserving scheme for fuzzy name matching across institutions, employing fully homomorphic encryption over MinHash signatures. The efficiency of the proposed scheme is enhanced using a clustering mechanism. Our scheme ensures privacy by only revealing the possibility of a potential match to the querying party. The practicality and effectiveness are evaluated using different datasets, and compared against state-of-the-art schemes. It takes around 100 and 1000 seconds to search 1000 names from 10k and 100k names, respectively, meeting the requirements of financial institutions. Furthermore, it exhibits significant performance improvement in reducing communication overhead by 30-300 times.