Lynn Johannson, Advisor, Sustainability and ESG
January 4th, 2024
Lynn Johannson, President of E2 Management Corporation and Catalyst for THE Collaboration
In a care[...]
Category Archives: Digital Identity, Privacy, KYC, AML/ATF
Tailscale Raises $230M to Power Identity-First Networking
Funding | April 9, 2025
Image from Tailscale's Series C blog announcement
Toronto’s Tailscale Secures $230M and $2B Valuation for Identity-First Networking
On April 8 2025, Toronto-based Tailscale announced that they raised $230 million CAD Series C (about $160 million USD), valuing the company at approx $2 billion CAD. The round was made up of U.S. investors, led by Accel, CRV, Insight Partners, Heavybit, and Uncork Capital, along with some prominent individual investors notably George Kurtz CEO of CrowdStrike (returning investor) and Anthony Casalena CEO of Squarespace. New funds will be used to grow product and engineering teams, expand globally, and improved support for fast scaling customers.
Tailscale - A Shift from IP Addresses to Identity
Tailscale was founded in 2019 by former Google engineers Avery Pennarun, David Crawshaw, David Carney, and Brad Fitzpatrick, and officially launched in April 2020 to help users connect devices and apps securely without relying on traditional VPNs, IP rules, or firewalls.
Tailscale uses a technology called WireGuard which is easy to setup and lets devices connect directly to each other, safely and privately. What's unique about Tailscale is its approach to solving networking challenges. Instead of relying on where a device is located (IP address), it focuses on who or what is connecting. This approach is called identity-first networking, and is a more modern solution in a world where teams work remotely, apps operate across various cloud platforms, and security rules are becoming stricter.
See: AI Concierge Tech and the Future of Finance
So instead of trusting a device because it has a certain IP address, Tailscale checks and verifies the identity of every user, device, or service trying to connect, making it easier for companies working in the cloud. Models that rely on firewalls, assume that any device inside the network is trustworthy while the risk is outside. But today's networks are too distributed for that approach to hold up today, making identity-first networking a more flexible and secure alternative for modern times.
Avery Pennarun CEO Tailscale describes it as:
“You’re connecting to your app, your teammate, your service — wherever it happens to be running right now.”
Which sectors could be disrupted?
Tailscale's model reduces/eliminates the need for traditional VPNs, static firewall rules, and perimeter defence, placing VPN and firewall vendors on notice. Managed service providers on traditional network configuration, such as port forwarding, IP management or hardware firewalls, will be under pressure as they lose relevance, assuming the identity-first networking movement continues to grow.
See: Securing Your IoT Network Against Emerging Threats
Further, any 'zero trust' solution that still relies on IP allowlists or geography-based filters are also at risk. Identity-first networking is meant to offer real Zero Trust, cryptographic identity access across dynamic environments, a better fit for compliance teams needing continuous monitoring and real time enforcement.
According to Betakit, Tailscale is already being used by over 10,000 clients, such as fast growing AI and tech companies like Perplexity, Cohere, Groq, Mistral and Hugging Face, alongside enterprises like SAP, Instacart, Telus, and Duolingo.
Notable Absence of Canadian Capital?
Although Tailscale is proudly based in Toronto, none of the firms participating in this $230M Series C were Canadian, reflecting a troubling pattern of Canadian innovation meets U.S. capital.
See: How Secure Networking Can Protect Your Business Data from Threats
While deep liquidity and quick deployment of global funding accelerates Tailscale's growth, the lack of domestic institutional investors in large scale Canadian tech rounds raises questions about ecosystem competitiveness, strategic alignment and ultimately, ownership retention long term. It's great for Canadian fintechs to have this kind of access to foreign capital but a real hurdle to build stronger investment pipelines at home.
Why It Matters for Fintechs
As digital interactions and businesses become more complicated, they need better ways to keep things secure by focusing on who or what is connecting, not just where it's coming from. Financial technology companies deal with reams of sensitive data, multiple cloud deployments, third party integrations, and remote teams, and are key prospects for using an identity-first networking solution. One that's secure and can scale with real-time access control by identity (user, device, or service), improved auditability for KYC and compliance, and easier cross-border infrastructure. Fintechs should take a fresh look at how their systems are built, and retool if necessary. The future of security, compliance, and growth will likely rely on identity-based technology at the core.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
 |  |  |
Support NCFA by Following us on Twitter!Follow @NCFACanada  |
Waymo Plans to Train AI Using In-Car Camera Footage
Privacy | April 7, 2025
Image: Freepik
Waymo’s In-car Data Plans Echo Orwell's 1984
As featured in TechCrunch, autonomous robotaxi firm Waymo is reportedly preparing to use in-car video data recordings of its identifiable passengers to train AI systems. Apparently, a researcher uncovered a 'draft privacy policy' that raises red flags, suggesting that users would not be directly notified or prompted to opt in. Call it ambient surveillance, or outright overreach but this invisible, continuous breach and approach to privacy is becoming normalized and embedded into business models of modern tech.
See: Ensuring Data Privacy in AI-Driven ID Scanning: Balancing Innovation and Compliance
Waymo clarified later that the feature is still work-in-progress but when companies at the cutting edge of mobility, fintech, and smart infrastructure, treat the public like collateral damage, it's time for people to stand up and push back against being a character right out of George Orwell's 1984 - that's right, Big Brother.
Surveillance Is No Longer Just About Security
Grocery stores are using facial recognition to monitor stores and shoppers behaviour, or how about surveillance and sensors at cashierless stores. Banks are using keystroke tracking to monitor employees.
Surveillance used to be about security but it's evolved into consumer experiences, services design, and product optimization. People now enter physical or digital spaces without even knowing whether their voice, face, movement or even tone is being tracked and analyzed for analytics or AI training. It's a slippery slope and can erode consumer trust, especially if it breaks a core fintech and digital innovation principle based on 'permission'.
Surveillance Free Zones?
These would be places or environments where surveillance monitoring simply isn't allowed or doesn't happen. These zones would offer privacy and a break from that feeling of being watched, studied, analyzed.
See: Major Data Breach @Finastra and Canadian Banks?
To some degree we have these private spaces in our lives today, at our home, or safe space but what if your favourite financial app disabled behavioural tracking by default and that was a differentiator in their business model where privacy, trust, transparency and customer empowerment are core to long term adoption and growth of a product or service.
Consent Needs a Redesign and Value Prop
Surveillance free experiences can built trust and help companies differentiate but the real opportunity is in redefining what it means to people who opt in.
Today the act of opting into an activity is a 'legal gate' where if a user clicks and 'agrees' to move forward then they have allowed it. What about a different model based around value, so if a user provides consent then they actively allow it but in exchange they want something of value in return.
The obvious value exchange is monetary where if someone's data is helping train a commercial AI model then that person's data could generate a tangible return, such as revenue sharing, or some type of platform equity, or a Web3 environment that tracks your data flows and offers tokenized compensation tied to impact and usage.
See: US Financial Surveillance Report Shows Privacy in Crisis
Another value exchange driver could be utility. Where sharing behavioural data leads to a better outcome, such as improved fraud protection, more accurate credit scoring, optimized financial coaching etc. In this way, users see the benefit clearly, and they should have the option to participate or not.
Some users may be motivated by purpose. Canadians for example may show a willingness to share data if it serves the public good, such as improved healthcare models, smarter urban planning, or inclusive innovation.
Any form of consent must put users in the driver's seat and allow them to control their participation. They need to be able to see and understand how their data is going to be used, for how long and in what ways, and have the option to revoke it. Any approach that's going to work in support of long term adoption will need to put participants at the forefront and treat them as humans, not data sources.
Canada Can Lead on Privacy Innovation
Waymo’s plan whether it comes to fruition or not, highlights how easily surveillance can be baked into a future services - literally in a legal and privacy document that most users will not read. Even companies with strong brand trust are drifting towards this world of data collection by default. That's why surveillance, privacy and consent matters.
See: Balancing AI Automation and Ethics in Fintech
Canada seemingly has the tools, policy infrastructure, and appreciation for leading privacy first innovation. There's a growing public awareness and need for privacy updates at the national level per the work being done on the Artificial Intelligence and Data Act. Perhaps regulation will only go so far and businesses will drive the privacy momentum.
Trust is a core input of innovation, and those that prioritize people, not just data, will lead it.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
| | |
Support NCFA by Following us on Twitter!Follow @NCFACanada |
School CCTV Systems: Are They the Key to Preventing Campus Incidents?
March 20, 2025
Ensuring the safety of students and staff is a top priority for schools worldwide. In recent years, school CCTV systems have become a crucial tool in enhancing campus security. From deterring bullying and vandalism to preventing unauthorized access, these surveillance solutions offer real-time monitoring and evidence collection. But the question remains: Are school CCTV systems truly the key to preventing campus incidents? This article explores the role of school security cameras in maintaining a secure educational environment.
The Role of School CCTV Systems in Campus Safety
1. Deterring Bullying and Misconduct
Bullying remains a major concern in schools. According to the National Center for Education Statistics, nearly 20% of students report being bullied at school. School security cameras can help address this issue in several ways:
- Preventing Incidents: The presence of cameras discourages students from engaging in bullying, knowing that their actions could be recorded.
- Providing Evidence: Recorded footage can help administrators investigate incidents and take appropriate action.
- Supporting Victims: Video evidence allows schools to intervene quickly and protect students from further harm.
2. Preventing Vandalism and Property Damage
Vandalism is another serious issue that schools face, costing districts thousands of dollars in repairs annually. School CCTV systems can:
- Deter potential vandals by increasing the risk of getting caught.
- Identify perpetrators with high-definition footage.
- Assist law enforcement in taking legal action when necessary.
3. Restricting Unauthorized Access
Unauthorized individuals on school property pose a significant safety risk. Integrating school camera systems with access control solutions can:
- Identify intruders before they enter the premises.
- Monitor entry points in real time.
- Trigger automatic alerts when unauthorized access is detected.
4. Enhancing Emergency Response
During crises such as school shootings or medical emergencies, real-time surveillance can be a lifesaver. Benefits include:
- Faster response times: Security personnel and law enforcement can assess situations immediately.
- Better coordination: Video feeds help first responders make informed decisions.
- Evidence collection: Footage can be reviewed for post-incident analysis and training.
How Effective Are School CCTV Systems?
While school CCTV systems provide many security benefits, their effectiveness depends on several factors:
- Strategic Placement: Cameras must be positioned at high-risk areas such as entrances, hallways, and playgrounds.
- Integration with Other Security Measures: Surveillance is most effective when combined with controlled access systems, alarms, and school resource officers.
- Regular Monitoring: Without active monitoring, security cameras serve only as passive deterrents.
- Privacy Considerations: Schools must balance security needs with students' privacy rights and adhere to legal guidelines.
The Debate: Are School CCTV Systems Enough?
While CCTV systems enhance security, they are not a standalone solution. Critics argue that:
- Cameras do not physically stop incidents; they only provide evidence after the fact.
- Some students may feel monitored and uncomfortable, affecting their school experience.
- Budget constraints may prevent proper implementation, leading to gaps in coverage.
Despite these concerns, most experts agree that school security cameras significantly contribute to a safer environment when used correctly.
Best Practices for Implementing School CCTV Systems
To maximize the effectiveness of school CCTV systems, administrators should follow these best practices:
- Use High-Definition Cameras: Clear footage ensures better identification of individuals.
- Ensure 24/7 Monitoring: Assign security personnel or use AI-based alerts to detect suspicious activity.
- Train Staff and Students: Awareness programs can help everyone understand the purpose and benefits of surveillance.
- Regularly Maintain Equipment: Ensure cameras are functioning correctly and have sufficient storage for recordings.
- Respect Privacy Laws: Schools must comply with local laws regarding surveillance and student privacy.
FAQs
1. Do school CCTV systems prevent crime?
While cameras alone do not prevent crime, they serve as a deterrent and provide crucial evidence for investigations.
2. Are school security cameras legally allowed?
Yes, but schools must comply with federal and state laws regarding privacy and surveillance.
3. Where should cameras be placed in schools?
Cameras should be installed at entrances, hallways, parking lots, and common areas while avoiding restrooms and locker rooms.
4. Can students access school security footage?
No, access to footage is typically restricted to school administrators and law enforcement as needed.
5. What features should a school CCTV system have?
Key features include high-definition video, night vision, motion detection, remote access, and integration with security alarms.
Conclusion
School CCTV systems play a vital role in maintaining a secure educational environment. They help deter bullying, prevent vandalism, restrict unauthorized access, and enhance emergency response. However, they should not be viewed as a standalone solution but rather as part of a comprehensive security strategy. By combining surveillance with access control, trained personnel, and strict safety policies, schools can create a safe and supportive atmosphere for students and staff.
See: Can Cloned Voices Crack Bank Security? Need to Know
Investing in the right school camera systems ensures a proactive approach to campus security, fostering a safer learning environment for everyone.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
| | |
Support NCFA by Following us on Twitter!Follow @NCFACanada |
US Sells $5M Gold Visa Residency Cards to Ultra Rich
Financial Policy, Immigration | Feb 26, 2025
Image: Freepik/fanjianhua
Trump’s $5M ‘Gold Card’ Visa Lets Wealthy Foreigners Buy U.S. Residency
On Feb 25, 2025, President Donald Trump announced his 'Trump Gold Card' visa at a press briefing in the Oval Office. The new gold visa card is a new U.S. residency program that would grant foreign nationals citizenship if they are willing to invest $5 million USD. The new visa replaces an existing EB-5 visa program, requiring investments as low as $800k in distressed areas. Trump supports laud the initiative as a way to attract wealthy, successful individuals whose investment initiatives and taxes will boost the economy while critics argue that it prioritizes financial status over traditional immigration values.
Perspectives on the Gold Card Visa
See: Global Competition Review: Key FDI Trends
Help the Economy or Just Selling Visas?
Supporters say the program could bring trillions into the U.S. with Trump claiming one million visas could generate $5 trillion. They argue it will boost spending, tax revenue, and jobs.
A Big Change in U.S. Immigration policy
Critics say selling visas goes against the U.S.'s traditional approach, focused on skilled workers, family reunification, and helping those in need.
U.S. Taxes Apply Everywhere
The U.S. taxes both citizens and permanent residents on all income, regardless of where it’s earned. This means new "Gold Card" visa holders would have to pay U.S. taxes on money they make anywhere in the world. Some investors worry that after paying $5 million for a visa, the extra tax burden might not be worth it.
Fintech Role?
This initiative straddles financial policy and immigration strategy rather than being a pure financial service. While it involves money, it is fundamentally an immigration program designed to attract high-net-worth individuals.
See: Founder Salaries: Insights from Europe, U.S., and Canada
Fintech innovators could play a role in streamlining applications, securing transactions, and automating vetting processes but it is not central to the policy.
How the U.S. "Gold Card" Visa Compares to Other Residency Programs
Many other countries offer residency or e-residency programs that are designed to attract entrepreneurs and investors but they cost significantly less and differ in requirements and benefits, such as Canada, Portugal, the UAE, and Estonia.
1. Canada’s Start-Up Visa (SUV) – No Personal Investment Required
Canada's Start-Up Visa program focuses on attracting innovators and does not require applicants to put up their own money. Instead, they must secure funding from a Canadian venture capital firm, an angel investor, or a business incubator with the aim of bringing in talented founders who will create businesses and jobs in Canada. Unlike the U.S., Canada doesn’t tax permanent residents on income they earn outside the country.
2. Portugal’s Golden Visa (from €500K+ Investment)
Portugal’s Golden Visa program offers residency to non-EU nationals who make a qualifying investment in the country. There are three ways to qualify: transferring at least €1 million into a Portuguese bank or investment fund, creating at least 10 full-time jobs, or buying real estate worth €500,000 or more. Portugal only requires golden visa holders to live there for just a few weeks a year to maintain the visa (not full time). After five years, Golden Visa holders can apply for permanent residency or Portuguese citizenship. This makes Portugal one of the most flexible options for investors looking for a pathway to EU citizenship with minimal stay requirements.
3. UAE’s Golden Visa (AED 2M+ Investment, No Income Tax)
The UAE’s Golden Visa is another popular option for those looking for a tax-free environment. Investors can obtain long-term residency by purchasing property worth at least AED 2 million (about $545,000 USD). There’s no requirement to live in the UAE full-time and there’s no personal income tax, making it an attractive choice for global entrepreneurs who want residency without tax obligations.
4. Estonia’s E-Residency – EU Digital Business Presence, No Physical Residency
For those who don’t necessarily want residency but want/need an international business presence, Estonia’s e-Residency program offers a unique solution. Instead of providing a visa, it gives non-residents a way to start and run a company remotely within the European Union. With an Estonian e-residency, entrepreneurs can access banking services, sign documents digitally, and operate in the EU without needing to live in Estonia. Unlike the U.S., Canada, or Portugal, this program isn’t about moving to the country but about making it easier to do business internationally.
Conclusion
Looking at these programs side by side, the U.S. "Gold Card" visa is by far the most expensive, and its global tax obligations make it less competitive compared to options like Portugal’s low cost residency, Canada’s innovation-driven approach, or the UAE’s tax-free benefits. Estonia offers a completely different angle by allowing business access without requiring relocation.
See: WEF Forecasts 92 Million Global Digital Jobs by 2030
While the "Gold Card" may appeal to ultra wealthy individuals seeking U.S. status, for those focused on lower costs, financial benefits and flexibility, other countries may offer better deals. This is one to watch the uptick, and adjust financial/immigration policies accordingly to compete for global talent and foreign direct investment.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
| | |
Support NCFA by Following us on Twitter!Follow @NCFACanada |
CSA Seeks Industry Input on Data Portability Consultation
Data Portability | Feb 19, 2025
Image: Freepik
CSA's Launches the Collaboratory and First Testing Initiative on Data Portability
Investor data is suck in silos and the Canadian Securities Administrators (CSA) is looking to gain more insight with a newly launched data portability testing consultation (CSA Multilateral Discussion Paper 11-406) to explore the ability for investors to move their financial information seamlessly between firms. Right now, switching investment providers often means filling out mountains of paperwork. If data portability moves forward, that could change.
This consultation is the inaugural testing initiative from the CSA's "Collaboratory" and is asking industry participants such as investment firms, fintechs, and investor groups to weigh in on how data portability could work, what risks it brings, and how regulations may need to evolve.
See: Primer on Quebec’s New Data Portability Law
Interestingly, participating provincial regulators in this initiative include Alberta, British Columbia, Manitoba, New Brunswick, Nova Scotia and Saskatchewan. It doesn't appear that Ontario (OSC) is participating, raising questions about whether the country can move forward with a unified approach to financial data sharing given that Ontario represents the largest capital markets in Canada.
What’s This All About?
Simply put, data portability means that investors could request that their personal financial data be transferred from one firm to a different firm, securely, accurately, and in a standard format. It’s similar to what’s happening in open banking (consumer driven finance), where customers can connect their bank accounts to budgeting apps or loan providers. However, today in Canada's investment world data portability doesn't really exist. If you move from one firm to another, you typically have to fill out everything from scratch. The CSA wants to see if an electronic Know-Your-Client solution (e-KYC) could help investors and firms move toward a more seamless and efficient system.
If done right, data portability could make investing easier, faster, and more flexible. Instead of repeating KYC processes with every new investment firm, investors could authorize their data to move with them.
See: Major Data Breach @Finastra and Canadian Banks?
For investment firms, fintechs, and every day citizens, data portability would open up new business models and streamline operations. Imagine a world where firms compete on products, service and returns, rather than who can collect and horde your data the best.
- But it’s not that simple. There are risks and the CSA is looking to tackle these questions before jumping into a full rollout.
- Privacy is a major concern. Who owns the data? How do you prevent unauthorized access?
- Regulatory challenges. Securities laws require firms to conduct their own KYC checks. How would data portability change that?
If data is more portable, does it increase security risks? Is it more vulnerable to breaches and fraud?
Is Ontario Sitting Out a Red Flag?
Given that Ontario isn't participating in this consultation is a red flag because Ontario represents Canada's largest capital market(s) in the country. We've seen it before where not all provincial regulators agree and decide to forge their own path which can cause regulatory friction and increased costs to operators who must comply with varied provincial regulatory requirements. Think back to when Canada rolled out equity crowdfunding regulations with 3 different sets of rules. The result? It confused markets and increased costs to the point where it hurt equity crowdfunding markets before they even had a chance to get off the ground.
The Ontario Securities Commission and the CSA should be forth coming with why they aren't participating. Is Ontario in fact taking a different approach to fintech regulation? Or do they have different priorities than concerns about data portability privacy, fraud risks, or other regulatory conflicts? Given that Open Banking is set to launch in 2026, these data portability consultations and potential tests would surely inform final rule making and implementation requirements. Maybe Ontario is waiting to see how open banking rules land and align with those.
One things for sure, industry certainly cannot afford increased friction at a time when interprovincial barriers are already costing Canada the equivalent to a 21% trade tariff.
What Happens Next?
There are 3 phases rolling out:
- Consultations are taking place now until May 19, 2025. Feedback will be gathered.
- Industry roundtables and discussions with market participants on the risks, benefits, and solutions.
- Live testing (possibly) - assuming there's enough interest, a pilot program may be run to test real world applications of data portability in practice.
See: Open Banking: Revolutionizing Financial Data Sharing
Of course, there may be required changes to current regulations to support a robust and secure system underpinning open banking, if required.
Closing thought
This is an important initiative that investors, fintechs, and established financial firms should care about and participate in as it will give investors and every day people more control over their financial data while making switching providers easier. For fintechs and financial firms it will mean opportunities for new products and services including those around investment, digital banking, digital identity, e-KYC and similar compliance tech. It will also mean new challenges as regulations are finalized. Read the 15 page PDF discussion paper on data portability here. If your business has a stake in financial data, now’s the time to get involved.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
| | |
Support NCFA by Following us on Twitter!Follow @NCFACanada |
Ensuring Data Privacy in AI-Driven ID Scanning: Balancing Innovation and Compliance
Feb 5, 2025
Photo courtesy of Pexels
Financial technology companies now use artificial intelligence (AI) to scan and verify identification documents. While this technology makes customer onboarding faster and more accurate, it creates new privacy challenges. This blog explores how fintech companies can use AI-powered ID scanning systems to protect customer data.
What Is AI-Based ID Scanning?
AI-powered ID scanning uses computer systems that can think and learn like humans to verify identity documents. These systems capture images of IDs, passports, or driver's licenses and extract meaningful information like names, dates of birth, and photos. The AI then checks if the document is genuine and matches it with the person trying to use it.
Key Privacy Challenges in AI-Based ID Scanning
Some key challenges that arise from AI-based ID scanning include the following:
1. Sensitive Data Collection Issues
Modern ID scanner systems must handle large amounts of personal data, which raises significant privacy concerns. Companies must ensure that these systems comply with strict data security regulations, such as the General Data Protection Regulation (GDPR), to prevent unauthorized access. ID documents contain highly personal information called Personally Identifiable Information (PII). This information includes:
- Full names and addresses
- Government ID numbers
- Biometric data (facial features from photos)
- Birth dates and places
- Signatures
The AI system must collect and store this sensitive data, creating risks of exposure or theft. For example, if hackers break into the system, they could steal thousands of customer identities.
2. Biometric Data Concerns
The biometric market may increase to 3.04 billion by 2030. The permanent nature of biometric data makes its protection particularly crucial for long-term security. Biometric data refers to unique physical characteristics like facial features or fingerprints. Unlike passwords, you cannot change these if someone steals them.
When AI systems scan ID photos, they create digital maps of faces that need special protection. For instance, if criminals steal facial recognition data, they could use it to create fake IDs or break into systems that use face scanning for security.
3. Cross-Border Compliance Challenges
Global operations require understanding and following various international data protection regulations. For instance, the European Union follows GDPR (General Data Protection Regulation), and California has CCPA (California Consumer Privacy Act). Companies must ensure their ID scanning systems follow all these rules, which can be complex and challenging because it requires ongoing monitoring and updates to privacy practices.
Data Minimization Strategies
Reducing data collection to only essential information helps minimize privacy risks while maintaining adequate ID verification. To do this, you must:
- Collect only necessary information. If you only need to verify age, don't store the entire ID - just extract and verify the birth date.
- Delete data after verification. Once you confirm an ID is valid, remove the scanned image and keep only essential details.
- Use temporary storage for the verification process. Here, you may store sensitive data for only 24 hours during the verification period, after which it will be deleted automatically.
This approach significantly reduces the risk of data breaches while maintaining service quality.
Privacy-Enhancing Technologies
Modern technology offers several powerful tools to protect sensitive data during ID verification.
1. Data Anonymization
Adequate anonymization maintains data utility while protecting individual privacy. You can,
- Replace names with random codes.
- Blur out unnecessary ID fields.
- Convert dates into age ranges instead of exact birth dates
These techniques help organizations maintain security while gaining valuable insights from their data.
2. Encryption Methods
Strong encryption serves as a crucial defence against unauthorized data access. You can use two encryption methods called:
- Storage encryption: Protects stored ID scans and extracted data
- Transit encryption: Secures data when it moves between systems
Data anonymization and encryption create a strong shield around sensitive customer information, allowing necessary verification processes. By implementing these encryption methods, companies create multiple layers of protection for sensitive information.
Endnote
AI-powered ID scanning offers exciting possibilities for faster, more accurate customer verification in FinTech. However, success depends on strong privacy protection and regulatory compliance. Organizations can innovate while keeping customer data safe by implementing these strategies and maintaining a privacy-first approach.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
| | |
Support NCFA by Following us on Twitter!Follow @NCFACanada |
The Diverging Paths of CBDCs, Privacy, and Global Payments
CBDCs | Feb 4, 2025
Image: Freepik/master1305
CBDC Research Continues Despite Diverging Strategies in Canada, UK and U.S.
While Canada paused its retail CBDC project last year, the Bank of Canada (BoC) recently published a 35 page report on "Privacy-Enhancing Technologies (PETs) for CBDC Solutions" while the UK is advancing its digital pound initiative and has provided an update. Trump explicitly banned CBDCs in the U.S. due to privacy issues upon taking office. This article looks at each country's latest approach to compare and contrast.
Background
As digital payments become more commonly accepted globally, central banks are rethinking the role of currencies in the digital age - aka, Central Bank Digital Currencies (CBDCs), which are largely about modernizing the infrastructure of the financial system. However, governments are approaching CBDCs differently, reflecting differences in monetary policy but also concerns about privacy, financial sovereignty, and security. There are two main use cases being researched including retail and wholesale.
You can think about Retail CBDCs as a 'digital dollar' which are designed for use by the general public to support daily transactions, savings, and digital payments. They promise to increase financial inclusion by providing easy access to digital financial services, even for individuals who are unbanked - meaning individuals/households that do not have access to traditional banking services such as savings/checking accounts or credit from a formal financial institution. Privacy protection and efficiency are key benefits but public trust in data security is paramount for retail CBDC success.
See: 2023 BIS Survey: CBDC and Crypto Trends Revealed
Wholesale CBDCs, on the other hand, are used by financial institutions for bank to bank transfers and could improve cross-border payments, reduce costs and enhance financial market stability. By optimizing interbank settlements, wholesale CBDCs can also strengthen liquidity management on a global scale.
A shared global concern is privacy protection. As digital currencies including CBDCs become more widely used, protecting sensitive financial data is essential other the financial system runs the risk of payment surveillance from hackers, bad actors, institutions, and government. Global cooperation between governments to ensure interoperability and compliance standards is critical, if CBDCs are to ever be adopted in a way that balances economic growth with financial privacy.
Canada Halts Retail CBDC Research, Focuses on Privacy-Enhancing Technologies (PETs)
In September 2024, the Bank of Canada stopped its work on a retail CBDCs after researching them for several years (see: Bank of Canada’s Latest on CBDC Implementation) citing that most Canadians were not interested in using a digital Canadian dollar. But they are continuing to research PETs like zero-knowledge proofs (ZKPs) and homomorphic encryption that offer privacy solutions that keep user data kept confidential while still enabling financial activities such as compliance checks and fraud prevention.
The report acknowledges several limitations with PETs though including slower transaction speeds due to the complexity of encrypting/processing large volumes of data. More sophisticated software and compute resources are required, raising costs. There is also scalability concerns which are still in early development stages. Lastly, any PET must still meet compliance requirements like anti-money laundering (AML) and counter-terrorism financing (CFT) while preserving user privacy, which is still a difficult act to balance.
The UK Advances Digital Pound Initiative
The Bank of England (BoE) is still working on the Digital Pound project to modernize the country's payment infrastructure and support financial inclusion as the usage of cash in the UK declines. On Jan 14, 2025 the BoE published a progress update on their findings.
In addition to the digital pound providing a secure and efficiency alternative to traditional payment systems, the BoE is exploring the potential to improve the efficiency of financial markets and cross-border payments, making the digital pound more versatile than just a retail transaction and savings tool.
See: Saudi Arabia Joins mBridge CBDC Project, Digital Oil Trade
One of their top priorities is tackling privacy concerns to gain public trust, and designing the digital pound to allow secure transactions while protecting personal data. Another challenge is interoperability with existing systems like credit cards and mobile payments. The digital pound has to integrate seamlessly for a smooth transition between traditional and digital finance. As more central banks investigate the potential of their own CBDCs, the UK's work on the digital pound project will certainly position them to take a leading role in crafting the future of digital currencies while maintaining their financial sovereignty.
The U.S. Bans CBDCs and Focuses on Stablecoins
In contrast to Canada and the UK, the U.S. has opted to ban CBDCs. On January 23, 2025, as part of the "Strengthening American Leadership in Digital Financial Technology" executive order, President Donald Trump effectively prohibited federal agencies from pursuing any sort of CBDC development largely over privacy and government control concerns (and desire to protect the existing financial infrastructure).
See: Fidelity Report Insights on Digital Assets in 2025
The U.S. government is however pursuing Stablecoins, seen more as a market driven solution that can offer the faster and cheaper benefits of digital currencies without the associated risks of a government issued form of digital money. This approach encourages more private sector innovation but raises questions about potential risks to consumers and financial stability.
In Conclusion
Varying approaches to CBDCs and digital money highlight the complexities of balancing between financial innovation, privacy protection, and regulatory compliance. Global cooperation will be essential to address privacy concerns and ensure interoperability and security.
The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, artificial intelligence, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org
| | |
Support NCFA by Following us on Twitter!Follow @NCFACanada |
