Privacy protection is a serious matter today. Many industries have established their privacy protection guidelines, rules, or regulations. In many cases, even government is involved.
For example, in the USA financial industry, the famous Gramm-Leach-Bliley Act (“GLB Act”) requires financial institutions to keep all their customers' non-public personal information confidential. Non-public personal information also includes the identification information of the customers. Other countries have similar laws for privacy protection.
Although the GLB Act has a great purpose, it also forms a protection for con artists. For example, if a con artist commits a crime, such as check kiting, between Bank A and Bank B, it will be much easier to prevent this crime if Bank A and Bank B can jointly investigate this case at an early stage.
However, the chance for Bank A or Bank B to jointly investigate this case at an early stage is almost zero because, most likely, Bank A and Bank B may not know until it is too late that they have a common customer, who is using Bank A and Bank B to commit a financial crime.
It often requires a joint effort of multiple financial institutions to identify a possible crime at an early stage. The first step to forming this joint effort is to identify a common customer, who has suspicious activities. If a financial institution is not permitted to release the identification information of this suspicious customer, other financial institutions have no way to tell whether they have a common customer or not.
In theory, a financial institution should be able to determine whether any other financial institution may have a common customer, by simply posting the customer's identification information on a shared network and invite other financial institutions to compare this identification information with the identification information of their own customers. If there is a match, the matched person, organization, or entity is the common customer.
Although financial institutions are permitted to share information for the purposes of crime prevention under the section 314(b) of the USA PATRIOT Act or equivalent laws in other countries, most financial institutions do not take an advantage of these laws because they are afraid of violating the Gramm-Leach-Bliley Act in the USA or the equivalent laws in other countries. That is especially true if it is conceivable that the suspicious activities were perfectly innocent and the customer has not done anything that was illegal. Moreover, even if a customer had consented to the posting of the customer's identification information, it is not desirable to release the identification information of a customer because con artists could possibly obtain access to the posted identification information and use it to commit identity theft, which is one of the most common crimes today.
In other words, these conflicting requirements as established by different laws have placed financial institutions at a very awkward position. On one hand, there is an important need for financial institutions to identify a common suspicious customer in order to jointly prevent crimes. On the other hand, financial institutions are not permitted to release any identification information, even if it would assist the financial institution to identify a common suspicious customer.
In this document, the terminology “identification information” generally refers to a set of information that can be used to authenticate the identity of a subject person, organization, or other legal entity. For example, if the subject is a person, such information may include not only the person's name, but also one or more of that person's address, date of birth, identification document or instrument number, type of identification document or instrument, expiration date of identification document or instrument, social security number, driver's license number, etc.
In this document, the terminology “network” or “networks” generally refers to a communication network or networks, which can be wireless or wired, private or public, or a combination of them, and includes the well-known Internet.
In this document, the terminology “computer system” generally refers to either one computer or a group of computers, which may work alone or work together to perform certain system functions.
In this document, the terminology “computer network” generally refers to either one computer network or a group of connected computer networks, which may work alone or work together to perform certain network functions.
In this document, a “bank” or “financial institution” is generally referred to as a “financial service provider” and a “bank account” or “financial account” is generally referred to as an “account in a financial institution” or an “account with a financial service provider”.
In this document, the terminology “financial institution” and “financial service provider” generally refers to either banks or non-banks which perform financial transactions (such as deposits, withdrawals, and transfers) involving payment instruments (such as cash, checks, credit cards, debit cards, monetary instruments, electronic fund transfers, etc).
In this document, the terminology “encoding” generally refers to any type of data manipulation so that an alphanumeric code is generated from a set of data through this data manipulation. The terminology “decoding” generally refers to the reverse data manipulation to transform the “encoded” data back to its original format. Not all encoded information can be decoded. Some coding schemes compress the information contained in the data, such that some information is lost during the encoding process. Sometimes encoding involves encryption which hides the information such that it cannot be decoded or otherwise made visible without access to a secret key.