Data protection and the fight against financial crime
By 2025 the global value of online digital transactions is expected to exceed US$10 trillion. The benefits of expanding digital transactions are huge. We can access goods and services across the globe in an instant in a way that was not previously possible.
But those benefits are not without risk. Fraud is one of the biggest threats in the digital world. Whether it be stolen payments, online money mules or cyber-criminal rings, there are huge threats when transacting online. Fortunately, there are also many anti-fraud services available to mitigate this risk.
Data is at the heart of the fight against financial crime and fraudulent behaviour online. By combining different types of data with advanced analytics technologies, organisations can detect, mitigate and prevent fraudulent behaviour by tracking information relating to a fraud event.
LexisNexis Risk Solutions’ Digital Identity Network, part of RELX, is an example of how firms can effectively identify and prevent fraudulent transactions through data sharing, without impairing the customer experience. The network allows organisations to crowdsource intelligence data in order to make better fraud and authentication decisions on their services. By using data technologies, organisations can establish trusted relationships with their users and identify bad actors, while allowing them to authenticate trusted users more quickly.
Privacy is a fundamental aspect of these sorts of services. Ensuring a high level of data protection is core to establishing trust with users. Fraud prevention should not, and need not, undermine privacy. The LexisNexis Digital Identity Network, which contains data on around three billion monthly transactions, maintains absolute data privacy through a tokenised system which keeps all customer data completely confidential and invisible to users of the Network.
The realities of balancing the understandable desire for increasing individual control over data and the risks of fraud need to be carefully considered. A criminal is hardly likely to consent to their personal information being processed for anti-fraud purposes, but that data is needed to prevent the fraud taking place. After all fraud prevention is an important public interest activity. Without access to data there is no way of investigating who is and is not a criminal when users interact with services. Data protection frameworks therefore need to allow processing to take place for the purposes of fraud prevention while maintaining high data protection standards for those the systems are designed to protect
Data: a new direction for tackling fraud?
In the context of GDPR, the ‘legitimate interest’ legal base for processing often, but not always, provides the grounds for processing personal data for fraud prevention purposes. This will continue to be a very important basis for processing, alongside others, where processing by consent is not a viable option to protect consumers’ interests. Restricting data protection frameworks to consent-based approaches would make the fight against fraud more difficult and would ultimately damage trust in the data economy.
The UK Government has recently consulted on reforms to its data protection framework and one of the key topics in ‘Data: A New Direction’ is legitimate interest. The government has proposed a new ‘whitelist’ of activities which would automatically be considered to fall under legitimate interest, removing some of the administrative requirements that sit alongside that lawful ground for processing. RELX supports this proposal as we believe it will allow greater focus to be placed on achieving positive outcomes using data, rather than spending lots of time on paperwork.
We agree with the approach suggested by the government and think the proposal could go further. Given the scale of online transactions and their importance to consumers, if any activity should be automatically considered a legitimate interest in the modern digital economy, it should be the prevention of fraud.
Please see here for techUK’s full response to Data: a new direction.
This blog is part of a series exploring the UK's upcoming reform to its data protection regime. Learn more here.
Jeremy is the UK Government Affairs Manager at RELX, a UK-based FTSE 100 global provider of information based analytics which provides analytics and decision tools for professional and business customers. Prior to joining RELX, Jeremy worked at techUK where he led data protection and EU policy work. Before techUK Jeremy worked in the House of Commons as a Parliamentary Assistant. He holds a BA (Hons) in Politics from the University of York and an MSc in Public Policy from University College London.