privacy-enabled payment cards - standards australia · roles – immigration agency – sanctions...

PRIVACY-ENABLED PAYMENT CARDSA case study of

Combining asylum seekers’ privacy and AML/KYC regulation

Pietu Pohjalainen, Ph.D.

CONTENTSCompany presentationProblem definitionBlockchain solutionNew business models Outlook to the future

Nets is the leader in the Nordics

Nets’ strong presence in the Nordic

market means that we know local

market conditions, legislation ,

trends and languages.

COPENHAGENHQ

OSLO

STOCKHOLM

HELSINKI

TALLINN VILNIUS

RIGA

A coordinator in a strong digital ecosystem

MERCHANTS300,000+

30,000+ online

CONSUMERS

-

BUSINESS & PUBLIC SECTOR

240,000 CORPORATES

BANKS200+

DATA CENTERS

7.3 billion transactions8.1 billion digital identities

2,500 employees6.8 bn in turnover

DISTRIBUTORS & PARTNERS500+

• Year 2015 brought Europe a shockwave of asylum seekers

• Using prepaid payment cards would significantlysave in monthly allowance process costs

• KYC/AML requirements associated with a payment card issuing license require the issuerto know the name of the card holder

• Privacy requirements to protect identity prohibitgovernments to give out the names of theirasylum seekers to 3rd parties

Issuing cards to asylum seekers

• International bodies are publishing sanctionlists of individuals whose assets ought to befrozen or otherwise restricted

International sanctions lists

• The standard way is to check the issuedcardholder nameagainst the list

Normal way to operate corp cardsRoles – corporate <–> card issuer

Issue to name JOHN SMITH

JOHN SMITH’s card

What if the cardholder name is

MIGRI 00001

Privacy-preserving issuing of cardsRoles – immigration agency – sanctions list indexer – query API provider – card issuer

Ethereumblockchain

Crea

teid

entit

y0x

de0B

2956

69a9

FD9

3d5F

28D9

Ec85

E40f

4cb6

97BA

e

Write sanctionlist data

Notifymatches

Role: Immigration agencyCreate a blockchain identity e.g. 0xde0B295669a9FD93d5F28D9Ec85E40f4cb697BAeNotify the indexer the public key to use for encryptionAgree with indexer about the shared secret key to useMIGRI_VERY_SECRET_PASSWORDQuery against the blockchain database for hits in the sanctions list, using SHA256(’secret’ + ’query term’)In case of a match, decrypt contents with the privatekey associated to the identityNotify the card issuer in a case of match

Role: Payment card issuerIssue cards to anonymized cardholdersBe prepared to place an issued card into a restricted listupon notification

I don’t need to change anything ..

SUITS ME FINE!

Role: List indexerMonitor the published listsUpdate the shared blockchain database stateIndex new entries from the the published list to the Ethereum blockchainEncrypt the data by elliptic curve Diffie-Hellmanencryption using ephemeral keys (ECDHE) to protect the identitiesHandles only public or contracted information

Ethereumblockchain

Write(SHA256(’MIGRI_SECRET’ + ’SADDAM’),ECDHE(’ <ENTITY Id="13" Type="P"

legal_basis="1210/2003 (OJ L169)“pdf_link="http://eur-lex.europ.PDF”programme="IRQ"

…>’);

Role: API providerOperate the infrastructure to make queriesDoes not see what was asked or what was returned

Due to query key being one-way hashedDue to returned answer being Diffie-Hellman encrypted

New business models

New roles of the database indexer and API connectionprovider

Are independent of each otherAre designed not to contain vendor lock-inProviders can concurrently co-exist

New aspects of qualityDegree of privacy preservation(fully public / queries anonymized / matches anonymized / everything anonymized)

Questions and discussion

He fumbled for the doorhandleof the refrigerator, to get out a carton of milk.”Ten cents, please”, the refrigerator said. ”Five cents for opening my door; five cents for the cream.”UBIK – Philip K. Dick, 1969