Formal privacy analyses for Open Banking

Luigi D. C. Soares; Mário S. Alvim; Di Bu; Natasha Fernandes; Yin Liao

doi:10.1007/978-3-031-78116-2_11

Formal privacy analyses for Open Banking

Luigi D. C. Soares^*, Mário S. Alvim, Di Bu^*, Natasha Fernandes, Yin Liao

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

Abstract

The term “Open Banking” describes a series of global initiatives to allow the sharing of customer data between financial companies to facilitate competition within their sector. In this paper, we formalise in the rigorous framework of quantitative information flow (QIF) relevant privacy risks in a concrete Open Banking scenario, namely: (i) transaction-history recovery and (ii) collateral attribute-inferences using external correlations. We provide extensive analyses of these risks in real-world data from Open Banking, supplied by a fintech in Australia. We show that the Open Banking system studied presents considerable privacy risks with respect to transactions, both in the presence and in the absence of demographic data. Finally, we exemplify potential real-world collateral attribute-inference attacks, in which we show how an attacker might leverage scientific correlations to infer individuals’ level of neuroticism and self-control from their transaction history. We hope that this work may: (i) help financial customers in Australia make better-informed decisions about what kind of information, and how much of it, to share via Open Banking; (ii) raise awareness about the potential privacy risks of Open Banking in other countries; and (iii) foster the development of privacy regulation in digital finance and the open data economy.

Original language	English
Title of host publication	Formal Methods
Subtitle of host publication	foundations and applications : 27th Brazilian Symposium, SBMF 2024, Vitória, Brazil, December 4-6, 2024, proceedings
Editors	Sidney C. Nogueira, Ciprian Teodorov
Place of Publication	Cham
Publisher	Springer, Springer Nature
Pages	171-193
Number of pages	23
ISBN (Electronic)	9783031781162
ISBN (Print)	9783031781155
DOIs	https://doi.org/10.1007/978-3-031-78116-2_11
Publication status	Published - 2025
Event	27th Brazilian Symposium on Formal Methods, SBMF 2024 - Vitória, Brazil Duration: 4 Dec 2024 → 6 Dec 2024

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	15403
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th Brazilian Symposium on Formal Methods, SBMF 2024
Country/Territory	Brazil
City	Vitória
Period	4/12/24 → 6/12/24

Keywords

Open Banking
Privacy-Risk Analysis
Quantitative Information Flow

Access to Document

10.1007/978-3-031-78116-2_11

Cite this

Soares, L. D. C., Alvim, M. S., Bu, D., Fernandes, N., & Liao, Y. (2025). Formal privacy analyses for Open Banking. In S. C. Nogueira, & C. Teodorov (Eds.), Formal Methods: foundations and applications : 27th Brazilian Symposium, SBMF 2024, Vitória, Brazil, December 4-6, 2024, proceedings (pp. 171-193). (Lecture Notes in Computer Science; Vol. 15403). Springer, Springer Nature. https://doi.org/10.1007/978-3-031-78116-2_11

Soares, Luigi D. C. ; Alvim, Mário S. ; Bu, Di et al. / Formal privacy analyses for Open Banking. Formal Methods: foundations and applications : 27th Brazilian Symposium, SBMF 2024, Vitória, Brazil, December 4-6, 2024, proceedings. editor / Sidney C. Nogueira ; Ciprian Teodorov. Cham : Springer, Springer Nature, 2025. pp. 171-193 (Lecture Notes in Computer Science).

@inproceedings{3acb0d5bb4024c4aa7f2c52f28bdd5e0,

title = "Formal privacy analyses for Open Banking",

abstract = "The term “Open Banking” describes a series of global initiatives to allow the sharing of customer data between financial companies to facilitate competition within their sector. In this paper, we formalise in the rigorous framework of quantitative information flow (QIF) relevant privacy risks in a concrete Open Banking scenario, namely: (i) transaction-history recovery and (ii) collateral attribute-inferences using external correlations. We provide extensive analyses of these risks in real-world data from Open Banking, supplied by a fintech in Australia. We show that the Open Banking system studied presents considerable privacy risks with respect to transactions, both in the presence and in the absence of demographic data. Finally, we exemplify potential real-world collateral attribute-inference attacks, in which we show how an attacker might leverage scientific correlations to infer individuals{\textquoteright} level of neuroticism and self-control from their transaction history. We hope that this work may: (i) help financial customers in Australia make better-informed decisions about what kind of information, and how much of it, to share via Open Banking; (ii) raise awareness about the potential privacy risks of Open Banking in other countries; and (iii) foster the development of privacy regulation in digital finance and the open data economy.",

keywords = "Open Banking, Privacy-Risk Analysis, Quantitative Information Flow",

author = "Soares, {Luigi D. C.} and Alvim, {M{\'a}rio S.} and Di Bu and Natasha Fernandes and Yin Liao",

year = "2025",

doi = "10.1007/978-3-031-78116-2_11",

language = "English",

isbn = "9783031781155",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Springer Nature",

pages = "171--193",

editor = "{C. Nogueira}, Sidney and Ciprian Teodorov",

booktitle = "Formal Methods",

address = "United States",

note = "27th Brazilian Symposium on Formal Methods, SBMF 2024 ; Conference date: 04-12-2024 Through 06-12-2024",

}

Soares, LDC, Alvim, MS, Bu, D , Fernandes, N & Liao, Y 2025, Formal privacy analyses for Open Banking. in S C. Nogueira & C Teodorov (eds), Formal Methods: foundations and applications : 27th Brazilian Symposium, SBMF 2024, Vitória, Brazil, December 4-6, 2024, proceedings. Lecture Notes in Computer Science, vol. 15403, Springer, Springer Nature, Cham, pp. 171-193, 27th Brazilian Symposium on Formal Methods, SBMF 2024, Vitória, Brazil, 4/12/24. https://doi.org/10.1007/978-3-031-78116-2_11

Formal privacy analyses for Open Banking. / Soares, Luigi D. C.; Alvim, Mário S.; Bu, Di et al.
Formal Methods: foundations and applications : 27th Brazilian Symposium, SBMF 2024, Vitória, Brazil, December 4-6, 2024, proceedings. ed. / Sidney C. Nogueira; Ciprian Teodorov. Cham: Springer, Springer Nature, 2025. p. 171-193 (Lecture Notes in Computer Science; Vol. 15403).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Formal privacy analyses for Open Banking

AU - Soares, Luigi D. C.

AU - Alvim, Mário S.

AU - Bu, Di

AU - Fernandes, Natasha

AU - Liao, Yin

PY - 2025

Y1 - 2025

N2 - The term “Open Banking” describes a series of global initiatives to allow the sharing of customer data between financial companies to facilitate competition within their sector. In this paper, we formalise in the rigorous framework of quantitative information flow (QIF) relevant privacy risks in a concrete Open Banking scenario, namely: (i) transaction-history recovery and (ii) collateral attribute-inferences using external correlations. We provide extensive analyses of these risks in real-world data from Open Banking, supplied by a fintech in Australia. We show that the Open Banking system studied presents considerable privacy risks with respect to transactions, both in the presence and in the absence of demographic data. Finally, we exemplify potential real-world collateral attribute-inference attacks, in which we show how an attacker might leverage scientific correlations to infer individuals’ level of neuroticism and self-control from their transaction history. We hope that this work may: (i) help financial customers in Australia make better-informed decisions about what kind of information, and how much of it, to share via Open Banking; (ii) raise awareness about the potential privacy risks of Open Banking in other countries; and (iii) foster the development of privacy regulation in digital finance and the open data economy.

AB - The term “Open Banking” describes a series of global initiatives to allow the sharing of customer data between financial companies to facilitate competition within their sector. In this paper, we formalise in the rigorous framework of quantitative information flow (QIF) relevant privacy risks in a concrete Open Banking scenario, namely: (i) transaction-history recovery and (ii) collateral attribute-inferences using external correlations. We provide extensive analyses of these risks in real-world data from Open Banking, supplied by a fintech in Australia. We show that the Open Banking system studied presents considerable privacy risks with respect to transactions, both in the presence and in the absence of demographic data. Finally, we exemplify potential real-world collateral attribute-inference attacks, in which we show how an attacker might leverage scientific correlations to infer individuals’ level of neuroticism and self-control from their transaction history. We hope that this work may: (i) help financial customers in Australia make better-informed decisions about what kind of information, and how much of it, to share via Open Banking; (ii) raise awareness about the potential privacy risks of Open Banking in other countries; and (iii) foster the development of privacy regulation in digital finance and the open data economy.

KW - Open Banking

KW - Privacy-Risk Analysis

KW - Quantitative Information Flow

UR - http://www.scopus.com/inward/record.url?scp=85211384359&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-78116-2_11

DO - 10.1007/978-3-031-78116-2_11

M3 - Conference proceeding contribution

SN - 9783031781155

T3 - Lecture Notes in Computer Science

SP - 171

EP - 193

BT - Formal Methods

A2 - C. Nogueira, Sidney

A2 - Teodorov, Ciprian

PB - Springer, Springer Nature

CY - Cham

T2 - 27th Brazilian Symposium on Formal Methods, SBMF 2024

Y2 - 4 December 2024 through 6 December 2024

ER -

Soares LDC, Alvim MS, Bu D , Fernandes N , Liao Y. Formal privacy analyses for Open Banking. In C. Nogueira S, Teodorov C, editors, Formal Methods: foundations and applications : 27th Brazilian Symposium, SBMF 2024, Vitória, Brazil, December 4-6, 2024, proceedings. Cham: Springer, Springer Nature. 2025. p. 171-193. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-78116-2_11