Privacy-preserving fraud infrastructure

Fraud intelligence
without exposure.

Edge Gateway sits inside your bank's perimeter, strips personally identifiable information from every transaction, and forwards only anonymized signals to the shared fraud network. You see the patterns. No one sees your customers.

Request access How it works

Deployed on-premise · zero PII leaves the bank · sub-millisecond hashing

Abstract depiction of encrypted transaction data passing through a privacy gateway. — gateway online eu-west · signals/s 1,284

Built to the standards regulated institutions answer to

SOC 2 Type II
ISO 27001
GDPR
PSD2 / SCA
PCI DSS

01 — The problem

The moment customer data leaves your core, it becomes someone else's liability.

Fraud rings don't respect institutional boundaries. The same identity launders across a dozen banks, and each one sees only its own slice. Catching it means pooling signals — but pooling raw data means pooling risk, regulatory exposure, and a breach surface no compliance officer will sign off on.

Edge Gateway resolves the contradiction. The intelligence that fights fraud is shared. The data that identifies your customer never is. Anonymization happens before the signal leaves the building — irreversibly, at the edge.

02 — Architecture

PII stays here. Only the pattern travels.

A single POST to the gateway returns an anonymized fraud signal and forwards it to the Hub. Raw fields never cross the boundary line.

Bank core system

Raw transaction
name · account · amount · geo

POST /process

Edge Gateway

SHA-256 · tiering
geohash · bucketing

anonymized signal

Intelligence Hub

Cross-institution
pattern detection

Bank perimeter — PII never crosses

03 — The transform

Every identifying field, replaced before it moves.

Raw PII field	Anonymized output	Method
Customer ID + name	`identity_mosaic`	SHA-256( id · name · bank_salt · regional_pepper )
Transaction amount	`amount_tier`	TIER_1 <$500 · TIER_2 $500–2.5K · TIER_3 $2.5K–10K · TIER_4 >$10K
Latitude / longitude	`location_zone`	Geohash precision 5 (~4.9 km grid)
Timestamp	`time_bucket`	Rounded to a 15-minute window
Account number	`account_hash`	SHA-256( account · bank_salt )
Device / IP	`device_hash`	SHA-256( value · bank_salt )
Counterparty	`destination_mosaic`	SHA-256( counterparty · bank_salt · regional_pepper )

The regional pepper is the trick. A shared regional_pepper means the same person at two different banks produces the same identity_mosaic — so the network detects one fraudster across institutions, while neither bank can reverse the hash back to a name.

04 — See it run

Send a transaction through the live gateway.

Type to preview the transform locally. Then send the raw transaction to a running Edge Gateway — it anonymizes server-side, forwards the signal to the Hub, and returns the real identity mosaic and round-trip time.

checking gateway…

Sending mirrors a bank core posting to the gateway: the raw fields go in, only the anonymized signal comes out and travels onward. The gateway holds no reverse map.

Anonymized signal no PII

computing…

Live gateway response —

Interior of a classical financial institution in navy and gold light.

05 — Deployment & security

Runs inside your perimeter. Nothing to trust but math.

Single static Go binary. No runtime dependencies, no outbound calls except the signal forward. Ships as a hardened container or bare binary.
Irreversible by construction. One-way SHA-256 with per-bank salts. The gateway holds no lookup table — there is no path from signal back to customer.
Auditable boundary. Every field that crosses the perimeter is enumerable and logged. Compliance can prove what left and what didn't.
PII resolution stays local. Only your own compliance officers can re-associate a signal, via /resolve-pii, inside your walls.

0PII fields forwarded

<1msmedian anonymization time

8identifiers hashed per signal

100%on-premise, your keys

06 — Interface

A surface small enough to audit in an afternoon.

GET/healthService health & readiness.
GET/metricsPrometheus-compatible operational metrics.
POST/processAccept a raw transaction, anonymize, forward to the Hub.
POST/resolve-piiLocal-only re-association for compliance officers.

POST /processedge.internal.bank

curl -s edge.internal.bank/process \
  -H 'authorization: Bearer $TOKEN' \
  -H 'content-type: application/json' \
  -d '{
    "customer_id": "CU-90381175",
    "name": "Marian Velasquez",
    "amount": 6420.00,
    "lat": 51.5074, "lng": -0.1278
  }'

# → 202 Accepted
{ "identity_mosaic": "9f2c…b41e",
  "amount_tier": "TIER_3",
  "location_zone": "gcpvj",
  "status": "forwarded" }

Get started

Deploy the privacy layer between your bank and the network.

We'll walk your security and compliance teams through the boundary model, the anonymization proof, and an on-premise pilot.

For financial institutions and their security teams. We reply within one business day.

Fraud intelligencewithout exposure.