Is customer information safer with a blockchain database?
Spring Labs is spearheading a group of prominent fintech lenders that will use a blockchain-based, peer-to-peer network to share consumer information to help with identification verification on loan applications.
Avant, OnDeck Capital and SoFi are among 16 companies currently testing the network, called the Spring Protocol, which is scheduled to go live in the second half of this year.
Part of the idea behind Spring’s system is to have a central database lenders can access without replicating critical consumer information on multiple systems, said John Sun, president and chief product officer for Spring Labs. While Spring doesn’t identify as a pure blockchain firm, he said it’s the best way to safeguard and store the information.
“We have this solution that does certain things and we asked ourselves what is the best technology to build it that way,” Sun said. “It just so happens that for parts of the protocol and the technology stack, blockchain really is the best way to accomplish what we wanted to do.”
When lenders access and share data on loan applicants through traditional data aggregators such as the credit bureaus, that information is shared on multiple systems, increasing the chance the data will be compromised in a breach. The data breach at Equifax in 2017 is a case in point, affecting an estimated 148 million U.S. consumers.
By using the blockchain, Spring hopes to avoid a similar vulnerability, Sun said. It is putting its information in a central database lenders can access through Spring’s “proprietary cryptographic communication protocol,” he said.
“There’s a public record of who we’re willing to share data with,” he said.
To be sure, Spring isn’t trying to upend the traditional credit bureaus, but instead wants to complement those credit reporting agencies with the information participating companies will access via the Spring Protocol.
“Members will still be pulling bureau reports” to make lending decisions, said Sun. “In the future, we hope we’re building a model for data sharing that everyone can adapt.”
In a statement, Experian said it views blockchain as a way to help with fraud prevention, data sharing and security. “This is something our technologists have been focused on for several years,” it said.
Experian in May joined Hyperledger, an open-source organization focused on blockchain technology.
“As an active member of the Hyperledger project we have implemented a number of blockchain solutions, and are continually working with our clients to leverage the technology,” said Experian. “Our technology roadmap has us well-prepared to ensure our clients succeed now and into the future, regardless of whether the industry follows the standard centralized model or shifts to a more decentralized approach.”
Equifax and TransUnion did not respond to a request for comment.
While Spring theoretically could work directly with the bureaus in the future, the company is seeking to protect sensitive information better than traditional data aggregators.
An investigation into Equifax’s breach led Sen. Elizabeth Warren, D-Mass., found the company, among other issues, “adopted weak cybersecurity measures that did not adequately protect consumer data.”
“I would say Spring Labs is trying to solve a problem that the credit bureaus do not solve, specifically around identity, fraud and things like loan sharking,” said Al Goldstein, CEO of Avant. “The protocol will be complementary to the data we’re already getting from the bureaus.
“The thing that has us excited about the protocol is sharing information without sharing the underlying data.”
For example, Avant could have a customer come to them “with a specific name and address that’s making a loan request,” Goldstein said.
“I can answer that question, and vice versa, and get information that’s valuable to me but I’m not sending the underlying data back and forth” between different institutions,” said Goldstein.
That, in turn, prevents the data replication Spring is attempting to address. Sun said Spring is speaking with banks about joining the consortium.
“Banks are lenders themselves, so they would immediately plug into any of the consortiums that we’re building around lending,” he said.
As for whether banks would be open to the idea of sharing some critical consumer data with fintech competition, Sun said the endgame for those involved in the consortium would be to solve the fraud issue.
“There’s kind of a contradiction in data sharing. By definition, every time you share data, someone is going to use it competitively against you,” Sun said. “That being said, there are some use cases where you want to share some data, and that is to prevent fraud."
“I don't think there's a single lender out there that would love it if one of their competitors got hit by fraud," he said. "Any kind of proliferation of fraud into the ecosystem helps to attract more fraud.”
One bank executive American Banker spoke to sees value in what Spring is trying to accomplish with the protocol.
“We place a very high value on ID verification, partly because it does help to reduce fraud, but also because it’s a requirement for banks because we have to know our customer,” said Mike McCrary, the executive vice president of e-commerce and emerging technology at the $1.2 billion-asset Lincoln Savings Bank in Cedar Falls, Iowa. “We’re always very interested in working with companies that help facilitate that.”
One hurdle Spring could face in trying to persuade banks to join the consortium is the ability to understand the technology for regulatory purposes.
“The challenge the industry has is adopting new technology,” McCrary said. “If someone comes up with a new way to verify an address, for instance, you’re going to have to understand that deeply to explain it to a regulator, and that’s what slows down progress on the banking side.”