This is Part Four of the Enigma Solutions Series, examining real-world decentralized solutions that can be built with Enigma’s groundbreaking protocol.

Do you know where your credit report is? Kept at credit bureaus like Equifax, Experian or TransUnion, your credit report includes information about your identity (name, address, SSN, date of birth), your existing credit (loans, credit cards), public records and inquiries. This information is far too sensitive set to be centralized at a single location, as the recent Equifax hack made clear. Personally Identifiable Information must be better secured.

In a decentralized future, individuals will not need to depend on consolidation of various types of very sensitive information at unreliable credit bureaus. De-coupling credit information from identity and SSN is possible in a decentralized future that allows for data sovereignty. In the rest of this post, we are going to focus on credit scoring and offer a better alternative to current systems — powered by Enigma.

Blockchains and Credit

Blockchain is often trumpeted as a solution to data breaches, with the promise of giving individuals control over their data and allowing them to use it as they see fit. As we already covered in a recent post following the Facebook — Cambridge Analytica fiasco, this claim is not really accurate. Blockchains without privacy fail to give individuals control over their own data because once something is on a blockchain, every person has access to that data. In addition, there’s another layer of complexity that arises from storing personally identifiable information (PII) on blockchains as presented by GDPR. According to GDPR, no PII, encrypted or hashed, can be stored on a blockchain.

However, Enigma’s privacy protocol can enable a secret contract-based decentralized credit scoring approach that provides full data security for individuals. It is also more likely to be compliant with GDPR than a standard blockchain-based smart contract approach.

But before going into more detail about a potential Enigma-powered solution, let’s take a look at the existing system in USA.

How do credit scoring algorithms work?

Credit score is a metric that quantifies one’s credit-worthiness compared to others. This score is used by banks, insurance providers and landlord’s to assess one’s responsibility or reliability as a customer. The following variables help define your credit score:

Number and types of accounts (credit card, checking account, saving account etc.)

Payment history and timely payment

Outstanding balance vs. credit limit (also called credit utilization)

Length of banking relationship

Types of credit used

The data points, which are provided by your creditors (banks, credit card company, utility company), are multiplied by certain ambiguous weights to determine one’s credit score. This process is extremely opaque, resulting in confusion among how to improve one’s credit score and to understand what one should prioritize to rebuild their credit. This is another poor design choice that we take for granted given the current model.

Weirdly enough, your lenders are not legally obliged to report your payment and account history to credit bureaus, which also means that we have to check our credit report and ensure that our history is being accurately reported.

How is a credit score used?

Just some of the mail I received in the days I spent writing this post.

Credit scores are shared at the consent of individuals. A lender, employer, insurer or a landlord can only get your credit report if you agree to share the information with them. However, there’s an annoying caveat. As mentioned in to FED’s guide on Credit Reports and Credit Scores: “Credit bureaus may sell the names and addresses of consumers who meet specific credit criteria to creditors… for example, a creditor can request from a credit bureau names and addresses of consumers who have a credit score of 680 or higher to offer credit to those consumers.” This is what leads to all the junk in your mailbox.

A better future with blockchain?

Ideally a credit scoring algorithm can be represented as a smart contract that takes the inputs listed earlier in the post. This is highly desirable because a smart contract is publicly auditable. If you are trying to improve your credit score, you know exactly how important it is to reduce your utilization ratio vs. opening multiple accounts and performing timely micro-payments.

However, blockchains have one limitation when applications with sensitive data is concerned: its publicly auditable nature. All sensitive inputs, from the different credit cards you use to how much balance each one has, are visible to the entire world.

With Enigma’s secret contracts, we are able to allow users to provide these sensitive inputs that determine one’s credit score in a privacy-preserving way. An individual can choose to report the account she uses and make sure all relevant information is considered in privacy preserving way, when her credit score is calculated. As a result, an individual can obtain her data from a bank and get a credit score that she can decide to share with other entities at her will.

Here’s how the user flow might look:

Alice uses a HTML based decentralized application (dApp, like Metamask), that hosts an Enigma client, to login to her online bank platform using OAuth. This is similar to a Login with Facebook prompt. dApp retrieves API keys (token + secret) that enables the dApp to login or retrieve data from Alice’s online banking platform on behalf of Alice Using the Enigma client, dApp encrypts Alice’s API keys, using the public key to the trusted execution environment (TEE) run inside the Enigma network. Encrypted API keys (Encrypted_token, secret) are pushed to a Decentralized Credit Scoring Contract, which is a smart contract on Ethereum network and registered in Enigma Secret Contract registry contract on Ethereum. Enigma network listener identifies the encrypted inputs to the Decentralized Credit Scoring Contract and copies this contract and the encrypted API keys to the Enigma network Alice’s API Keys are decrypted inside the Enigma node (Enigma VM) that is randomly chosen by the protocol Enigma node securely connects to Alice’s profile in the online banking platform (get_tx_data) Enigma node securely retrieves Alice’s transaction data to the VM inside the TEE that runs Decentralized Credit Scoring Contract. Alice’s transaction information is fed into Decentralized Credit Scoring Contract inside enclave and the computation takes place (scoring_function(tx_data)) Alice’s credit score is calculated within the Enigma network and the result is submitted to Ethereum network HTML based dApp can retrieve Alice’s score from the Ethereum chain and show it to interested parties, including Alice

A diagram depicting the proposed credit scoring model.

This proposed model enables transparent credit scoring. A similar model has been used in centralized models like Mint.com in the US. In Europe the open banking movement, which enables third party applications to be built around financial institution data, is just getting started. The revised Payment Services Directive (PSD2), which came into effect in 2015, enables and promotes this movement, making proposed models much more meaningful.

In December 2017, we wrote about decentralized credit scoring using the Enigma protocol. That discussion was purely around using our blockchain history to come up with a reliability score. While we are still very excited about the idea of on-chain reputation, it’s important to note that a hybrid model can exist and is likely to result in a usable decentralized product sooner.

There are couple of interesting projects in this space. Bloom is working on staking based credit scoring and expects to integrate input from existing credit bureaus into their scoring framework in future releases. Colendi is blockchain based credit scoring project, which utilizes alternative data inputs such as utility bill payment, retail spending and more. Cerved, an Italian credit scoring agency, is also interested in applying open data protocols enabled by PSD2 to enable a more transparent credit scoring process. For those projects and others exploring credit, we invite them to build on the Enigma protocol. Let’s create a better, more secure, more decentralized future together!

Note: One vulnerability of the proposed model is selective reporting. Since data sovereignty and self-reporting are design choices we are trying to enable, one can decide not to report or omit undesirable financial information such as late payments. This problem can be addressed by creating incentives for lenders to verify that the information you’ve provided is complete. I plan to elaborate on this in a future post — so stay tuned to our Solutions blog!