The promise of confidential computing for safeguarding privacy in BNPL schemes

Nikhil Surve, Associate Director at enterprise software firm, R3 discusses how can confidential computing be used to solve data privacy issues around BNPL

BNPL or Buy Now, Pay Later services have been gaining immense traction in recent times. The use of buy now, pay later services like Klarna and ClearPay on Black Friday more than doubled in 2020, European data shows, according to this article. On the funding front as well, there have been multiple deals in the recent times. Affirm, a major player in BNPL space, recently raised USD 500 mln in a Series G round.

BNPL services enable the customers to get quick access to credit at the point of sales. These services let a customer defer the payment at a later date in full or in instalments. With ecommerce seeing rapid growth due to COVID-19, retailers are signing up with alternative finance players that offer BNPL services to increase their revenues.

The risks

However, BNPL schemes come with their own share of risk. Recently, there has been mounting concern over whether BNPL encourages people to buy things they cannot afford. Because such schemes are largely unregulated, there has been calls from consumer rights organisations, demanding tighter consumer protection rules to mitigate the risk of unmanageable debts accruing.

As well as regulatory and individual consumer protection concerns, BNPL also throws up additional risks around privacy.

Since customers use BNPL services for low value products, they will be less inclined to submit a lot of information to such credit providers. What’s more, most of the customers for such services belong to Generation Z, which places huge importance on customer experience. If customers are forced to provide a lot of information, they may simply go elsewhere.

To counter this, most BNPL services start with very low credit amounts such as USD 50-100. As the customer starts using BNPL services over a period of time, higher credits are granted based on the payment behaviour of the customer. However, to attract and retain new customers, the crux of BNPL services lies in how accurately they can model the risk profile of the customer without asking them to provide a lot of details.

The way out

Although BNPL companies might not have access to data about new customers, they can build accurate data models using data originating from other sources such as ecommerce platforms. They wouldn’t need access to raw transactions but just trusted answers to questions such as how long a customer been shopping on ecommerce platform; what the average monthly order size is; how much time the customer spends on ecommerce platforms, and so on.

The problem is that no platform wants to share the customer data due to valid concerns surrounding data privacy, data leakage or data misuse. If there was a way to send data to a trusted party that would process the raw data and only provide answers to the BNPL players, this would be a gamechanger for the future of BNPL.

This is what confidential computing offers. It enables multiple parties to contribute data for analysis without revealing the actual data to anyone. You could call this ‘collective intelligence from concealed data’.

Let’s see how it works for a BNPL scenario.

How does it work?

Assume Bob, a 20-year-old college student, wants to access BNPL service to purchase the latest model of mobile phone worth USD 800 on an ecommerce portal. However, since he is using the BNPL service for the first time, his credit line is only approved for USD 50. Bob, however, has been a frequent shopper at the ecommerce platform for past 2 years and has bought goods worth USD 15,000 with an average order size of USD 1000 per month for last 6 months.

In this case, Bob wants to avail higher credit amount from BNPL provider based on his past orders on ecommerce platform. He authorises the ecommerce platform to share details about his last 6 months’ orders with BNPL provider in a secured way.

In the background, the ecommerce platform shares encrypted details with the confidential computing-based risk assessment application of the BNPL provider. The ecommerce platform can validate the application in advance and verify it each time it sends the data to the application. The secure enclave inside the application decrypts and processes the data and provides the average order size information to the BNPL provider.

What is key here is that the BNPL provider, itself, does not have access to the raw data even though it has developed the application! This way, the ecommerce platform can be assured that BNPL provider wouldn’t use the data for any other purpose and provide the same assurances to Bob. BNPL application approves credit of USD 800 to Bob.

Bob buys the mobile phone. Everyone gains in this transaction. The BNPL provider has won a lifelong customer while mitigating the risks by leveraging data available with an ecommerce platform. The ecommerce platform was able to sell one more product thereby earning revenues. The customer was able to avail of BNPL service by pseudo-monetising his past shopping history.

At the same time, the customer as well as the ecommerce platform is assured that his data would not be misused for any other purpose as raw data was never available to BNPL provider. A survey conducted by Harris Poll shows that only 20% of US consumers ‘completely trust’ the organisations they interact with to maintain the privacy of their data. Using technology to ensure that the users and organisations can validate this promise would help regain the trust in today’s digital ecosystems.

About Nikhil Surve

Nikhil leads Strategic Alliances for R3 in Asia Pacific region. He is a Certified Solution Architect specializing in Blockchain Technology. In his previous stints as Technology and Management consultant, Nikhil has worked with large corporations on their Digital Strategy and Architecture spanning across varied areas such as Value Case Analysis, Cloud computing, Analytics, DevOps, SAP implementation, and so on.

About R3

R3 is an enterprise software firm that is pioneering digital industry transformation. With a foundation in enterprise blockchain technology, R3 powers solutions that deliver trust across the financial services industry and beyond.