As AI Ushers in Open Banking, Data Privacy Upholds It

While 80% of Americans rely on financial app convenience, roughly 65% of financial organizations worldwide reported experiencing a ransomware attack in 2024. This isn’t a mere coincidence,  financial organizations are prime targets for bad actors given the sheer volume of personal information they hold. Routing numbers, addresses, social security numbers, transactions, and personal details pose a goldmine of opportunities in the eyes of cyber criminals.

For years, there have been roadblocks between financial institutions and their ability to share data with one another in an effort to protect consumers and institutional practices. In 2025, those walls are coming down in a model called “open banking.” This innovation is powered by artificial intelligence (AI) and sophisticated coding to give users a clear picture of their financial health. A single profile could contain checking and savings account balances, Venmo or PayPal transaction histories, and personalized insights into individual spending. With this new era of innovation however comes risk. Financial institutions are already targets for bad actors and breaking down walls between organizations grows the potential opportunities for attacks.

Why PETs Alone Can’t Secure Open Banking

Privacy-Enhancing Technologies (PETs) have emerged on the scene as sophisticated tools designed to protect this diamond mine of data. PETs reduce institutional reliance on identifiable personal information while still enabling financial institutions to analyze pooled data. The services PETs offer differ based on the tools and techniques used, a few common ones include:

• Multiparty Computation: Using encryption and mathematical techniques, companies can work together on one project without ever revealing individually owned raw data. For instance, should there be a range of fraud attempts across banks, each company can share trends without revealing any individual information. With PETs, these companies are equipped to track global fraud despite differences in global privacy laws.
• Differential Privacy: By adding “noise” to datasets, financial institutions make it nearly impossible to retrace data back to an individual. Without risking accuracy, data “noise” protects raw data.
• Homomorphic Encryption: While it sounds impossible, companies are able to perform calculations on encrypted data without ever decrypting it. For instance, calculations can be made on encrypted financial transactions without the personal data ever being revealed. The queries used can even be protected, coming in handy especially for cross-border crime detection.
• Federated Learning: Lastly, as AI models rise in frequency, federated learning allows companies to train AI models locally without pooling every single data set together. Those smaller models are eventually combined to leverage AI model capabilities without ever moving the data.

Despite the number of methods, PETs only safeguard data after it has been collected and in use. PETs cannot determine whether collecting, processing, or sharing that data is even lawful to begin with. Regulations like GDPR and CCPA require explicit consent before processing information, even if it's anonymized down the line. PETs can keep data safe but without the clear ability to use it in the first place, processing user information could be illegal.

The Missing Piece: Consent and Preference Management

Consent and Preference Management platforms (CPMs) are the legal sidekick to PETs. CPMs create a single record of truth as to what each user has (or hasn’t) agreed to share. This ensures a user’s preferences are honored even as different participating institutions share information in an open banking model.

Without CPMs, consent can be cast to the wayside as financial institutions cross wires and merge information, becoming a compliance nightmare waiting to happen. With CPMs in use, financial institutions can maintain a trail of permissions and reassure customers their choices, and trust, are being respected.

By combining PETs with CPMs, long gone are the days of having to trade off data protection in favor of garnering insights. Now, banking institutions can provide individuals with valuable knowledge and move the industry forward without sacrificing valuable data.

The Stakes for Trust and Compliance

According to the Federal Trade Commission, consumers reported losing more than $12.5 billion to fraud in 2024, a 25% increase over the prior year. As financial institutions pool data, the value of that information grows. Large-scale data breaches can undermine customer trust and erode an institution’s reputation.

No matter the complexity of PETs, they cannot guarantee 100% security. PETs require complex computations and significant industry expertise to fortify data. Just as AI opens doors to innovation, it also creates more opportunities for bad actors to launch sophisticated attacks that can find holes in otherwise secure systems. Even legal gray areas remain as regulations, like GDPR, catch up to emerging techniques. PETs are powerful, but they’re not a replacement for a strong consent and preference management foundation.

Building a Dual-Layered System of Defense

Open banking delivers a new era of financial possibilities, from banking transparency to crime prevention to an overall better customer experience. None of those opportunities matter though if it’s not built with data privacy in mind. PETs and CPMs can combine to create a powerful framework that protects data at the technical level while upholding customer trust.

On the brink of incredible innovation, the financial institutions that place customer trust as a core pillar of open banking operations will be the ones that thrive. When innovation and trust advance together, the financial industry can usher in a stronger, safer world for all.