Comprehensive assessment of privacy security of financial services in cloud environment

Abstract

In recent years, the financial industry has become a disaster area for information leakage, which has serious implications for user privacy security. In the absence of risk identification and assessment, the risk will be difficult to prevent, and once the risk occurs it will directly cause serious losses. Therefore, this study plans to construct a comprehensive assessment framework combining fuzzy analytic hierarchy process (FAHP) and Dempster-Shafer (D-S) theory, aiming at assessing the weights and risk levels of the privacy security risks of financial services. (Privacy security risks refer to integrated factors in management, security, or other aspects that may lead to user privacy leakage, and they are considered an integrated concept.) The case study illustrates that the model and method proposed in this paper are effective and feasible. Finally, a comparison with the current mainstream privacy security assessment methods demonstrates that the method proposed in this paper is more capable of objectively and quantitatively reflecting the real privacy risks, providing users with more perspectives of the assessment results, and helping users to reasonably manage their personal privacy information, so as to effectively prevent and control the privacy risks.

Introduction

In June 2022, the World Bank released data from its latest Global Financial Inclusion Survey (The Global Findex Database 2021)¹. The database is based on a 3-year period. The data show that the proportion of people with bank accounts is growing globally, and account ownership in China has reached nearly 90%. 76% of respondents globally said that they have an account, an increase of 8% points from 2017. In China, the figure stood at 89%, representing an increase of 9% points compared to 2017. The significant increase in account ownership means that demand for financial inclusion and financial services continues to grow globally, highlighting the growing reliance of individuals worldwide on financial services to manage their finances, access banking services and participate in the economy.

With the development of the Internet and the financial industry, a large number of users enjoy the convenience and efficiency brought by financial technology services. But as financial markets continue to grow, an increasing number of users are facing more and more serious financial privacy security issues. Even though nowadays there are cryptography, double authentication (2FA) and multiple authentication (MFA), biometrics, blockchain and smart contract decentralisation and privacy-preserving consensus mechanisms² as approaches to financial privacy security protection. The financial industry involves a large amount of sensitive information, such as funds, transactions, customer identity, etc. This reality places extremely high demand on information security. The development of financial public clouds is still facing more serious challenges, including security issues in terms of information asset security and privacy protection, and trusted services³ .

Verizon released its 2023 Annual Data Breach Investigations Report in June⁴, in which Verizon analyzed 16,312 incidents, of which 5,199 were identified as data breaches. This breach count spanned 11 industries, with public affairs (582 breaches), financial services (477 breaches), and information technology (380 breaches) experiencing the highest numbers. According to the data in the report, 74% of the security incidents proved to have a human element, which means that in the past year, enterprise employees are repeatedly making mistakes, including misuse of permissions, abuse of privileges, phishing attacks, identity leaks, use of stolen credentials, etc., which poses a huge threat to the security of users’ personal information and privacy. These privacy security issues are not only caused by human factors, but are also caused by a combination of technical vulnerabilities, security risks of end devices, and the operating environment of the services provider.

In the research on enhancing data privacy security in the financial industry, Hazzazi et al.⁵ introduced a new encryption algorithm based on Turbo code, which eliminates the need to send keys through a secure channel and instead generates keys with preexisting data to achieve confidentiality in information exchanges among financial institutions. Most of the research is focused on blockchain technology, Alenizi et al.⁶ proposed a framework for integrating blockchain and artificial intelligence (IBAI), which enhances data protection and improves the accuracy of detecting suspicious behavior such as hacking. Su et al.⁷ combined blockchain and proxy re-encryption techniques to achieve secure data sharing among users by re-encrypting sensitive data. Wang et al.⁸ proposed a blockchain method combining Convolutional Neural Network and Transformer structure, which can effectively identify abnormal transaction behavior and ensure the security of user assets.

While many scholars have provided multiple ways to secure user privacy in conjunction with blockchain technology, it cannot prevent employees from leaking data through non-blockchain channels, or when the blockchain technology application costs are too high, enterprises may choose not to adopt this technology⁹, making the risks difficult to prevent. At this point, it becomes particularly important to assess the privacy risks of financial services provided by enterprises. Therefore, this paper establishes a comprehensive risk identification and assessment method that serves as an effective tool for platforms or third-party assessment institutions. When financial service providers intend to list their services on a platform, they are required to disclose relevant risk indicators to the platform. For users, who access corresponding financial services through the platform, they can choose appropriate services based on the platform’s assessment results. The main contributions of this paper can be summarized as follows:

1. (1)

   This paper proposes a comprehensive privacy security assessment method for financial services, which can provide users and financial institutions with comprehensive assessment results. This method helps financial institutions manage and mitigate privacy risks more effectively, and helps improve data protection across the financial services industry and user trust in the financial services industry.

2. (2)

   In this paper, we combine the Fuzzy Analytic Hierarchy Process (FAHP) method, Dempster-Shafer (D-S) theory and Fuzzy theory to establish a privacy risk model for financial services. Solving the problem of consistency testing of the AHP and the disagreement in the multi-expert evaluation process.

3. (3)

   Through case analysis and comparison with existing mainstream risk assessment methods, this study verifies that the method proposed in this paper has higher objectivity, comprehensiveness and scalability in evaluating privacy security in financial services.

Relevant studies

With the help of cloud computing technology, financial institutions can more easily access key information in all links of the industrial chain. However, the use of large-scale financial data comes with multiple potential risks. Zhao et al.¹⁰ pointed out that security and privacy issues have become the main obstacles to the development of financial cloud, including confidentiality and integrity protection of data, regulatory and legal risks, moral risks, and exit risks of financial public cloud services providers, and pointed out that a financial cloud security system should be built. In order to assess the privacy risks of financial services and better protect users’ financial privacy, different scholars have explored it from different perspectives.

In analyzing the causes leading to the leakage of users’ financial privacy, Peng et al.¹¹ analyzed the reasons for the leakage of users’ personal financial data in cross-border flow as hacker attacks, system infrastructure vulnerabilities, and sharing of consumer information with unaffiliated third parties, etc., and proposed that various types of risks in the cross-border flow of financial data should be assessed. Sun¹² pointed out that the illegal collection and use of users’ personal information by insiders of financial institutions have led to the leakage of a large amount of users’ personal privacy, and emphasized that the elemental governance of financial data should be strengthened and the classification and grading of data supervision should be done well. Liu¹³ pointed out that big data financial algorithms may also cause the leakage of users’ financial privacy, especially big data financial customer profiling algorithms are the hardest hit by privacy leakage. The algorithms, in order to obtain as much information as possible about their customers, may “extract” or “force” personal financial information through “overbearing terms” in e-commerce contracts, and it is suggested that big data financial algorithms must comply with the regulation of the law.

In terms of how to effectively protect users’ financial privacy, Huo et al.¹⁴ proposed a privacy protection model based on cloud computing, which provides four different levels of privacy protection measures according to the actual needs of users. Dhiman et al.¹⁵ achieved good results in securing financial privacy data through a federated learning approach with homomorphic encryption. Xu et al.¹⁶ developed an image-based financial services privacy-preserving blockchain model which is capable of storing users’ financial services data as images. This improves the security of user privacy by ensuring that users can understand the content and preventing the data from being recognized by machines. Qiu et al.¹⁷ propose a model called Privacy Preserving Smart Storage (PS2) that uses a novel distributed data storage method to prevent attacks based on massive data mining by financial institution insiders.

In terms of effective early warning and assessment of financial services risks, Zhong et al.¹⁸ designed a sensor network-based early warning system for cloud data storage security and financial risk management, which introduces a financial risk control module that can help users with financial risk warning and management. Luo et al.¹⁹ proposed a systematic financial risk assessment algorithm based on fuzzy clustering analysis of risk data. The financial systemic risk measurement method established in this study can identify risks to a certain extent and deepen the understanding of the nature of systemic financial risks, serving as a long-term mechanism for constructing systems to prevent and resolve systemic financial risks. Alqahtani and Moorsel²⁰ developed a risk assessment method for EMV trading systems. The method enhances the decision-making process by analyzing, modeling, and evaluating the risks that may occur during EMV payment transactions. Zhang et al.²¹ constructed a risk assessment model using big data indicators and integrated big data opinion indicators into traditional corporate financial risk assessment indicators, which effectively corrected the defects of the original assessment model and improved the risk assessment results. Ali-Eldin et al.²² introduced an effective model to evaluate privacy risks, which offers practical strategies for avoiding and mitigating privacy risks associated with open data. Yang et al.^23,24,25 quantify and evaluate privacy risks by analyzing the information uncertainty based on information entropy method.

Although the above-mentioned methods provide valuable solutions for enhancing the privacy security of financial services, there are still some deficiencies. To more systematically and clearly present the perspectives and shortcomings considered by the current methods, we have organized them into a table, as shown in Table 1 below.

Table 1 Summary of privacy security methods for financial services.

From the research in the above table, it can be seen that financial services face a complex risk environment regarding privacy security in the current cloud environment. Existing evaluation methods are one-dimensional and cannot fully meet the needs of assessing the risks and changes in financial services. At this point, there is a need for a method that can analyze privacy risks of financial services from multiple perspectives, quantify risk levels, and be widely applicable to better protect user privacy.

Therefore, this paper proposes an integrated evaluation method that combines FAHP, fuzzy theory, and D-S evidence theory. First, the FAHP method is used to construct a comprehensive risk attribute system and calculate the weights of each indicator, effectively highlighting the importance of risks. Second, by introducing fuzzy theory and D-S evidence theory, combined with two dimensions—risk frequency and severity of consequences—the method ranks different risks. This not only quantifies the impact of uncertain factors but also provides a comprehensive risk classification and identification of key risk elements, ensuring users receive clear and scientific risk level information. This method is applicable regardless of whether companies use blockchain, making it highly applicable in various scenarios. In addition, the method in this paper does not depend on user information but only requires considering enterprise risk indicators, thus avoiding the issue of directly identifying user identities. Secondly, our model design takes into account the flexibility and adaptability, and can timely update and adjust relevant indicators according to the latest laws and regulations, so as to ensure that they always comply with laws and regulations.

FAHP-based privacy risk weighting for financial services

In the process of financial services transactions, it is obvious that users’ private information is frequently accessed. The process is shown in Fig. 1 below.

Fig. 1

Financial business transaction process.

As can be seen from the figure above, user information can be at risk of privacy disclosure at all points in the transaction process, such as the three main bodies: apps, platforms, and financial services providers. In addition, there are risks in the transmission of data, as well as malicious external attacks on financial institutions. Therefore, this paper classifies privacy risks of financial services into five risk categories as follows.

1. (1)

   Platform risk β₁ is the risk arising within financial platforms.

2. (2)

   Technology risk β₂ is the risk from software or applications.

3. (3)

   External Attack Risk β₃ is the risk of malicious attacks from outside the financial platform.

4. (4)

   Services Provider Risk β₄ is the risk resulting from the services provider.

5. (5)

   Data transmission risk β₅ is the risk of data during transmission.

FAHP-based privacy risk attribute model for financial services

FAHP is a decision-making method that optimizes traditional analytic hierarchy process through fuzzy logic, effectively handling subjective ambiguity in evaluations. This study adopts this method to determine the weights of risk indicators, aiming to accurately quantify the relative importance of multi-dimensional indicators, reduce subjectivity in expert assessments, and provide a reliable basis for comprehensive assessment.

To construct the risk indicator system, this paper has collected and sorted out about 200,000 words of source data through forms such as literature review, report tracking, case analysis, and interview investigation. According to the Grounded theory²⁶, 3/4 of the data were used for data processing, and the remaining 1/4 was used to verify indicator integrity. 3/4 of the original data was first combed (First, the NVivo 15 tool was used to conduct unitization processing on the original text and decompose it into independent and complete semantic fragments; Subsequently, open coding was carried out. The initial concepts are extracted and similar terms are merged through sentence-by-sentence annotation) to get 265 initial concepts, and then refined again (First, axial coding was conducted to reclassify the scopes formed in the previous stage and to summarize them into higher-level scopes. Subsequently, selective coding was carried out to identify the core scope.) to get 12 indicators, as shown in Table 2 below.

Table 2 Meaning of the 12 financial risk indicators.

Finally, in order to verify whether the indicators extracted in this paper are complete, the remaining 1/4 of the information was summarized in this paper. No new concepts or categories were found, indicating that the evaluation indicators constructed in this paper are complete.

To use FAHP method for assessment, it is necessary to first identify the target, scheme and indicator layer, and construct a hierarchical model based on them²⁷. After sorting out the risk indicators in Table 2, taking into account the actual operation scenario, the relevant credible risk factors and each risk category are inseparable from each other, even if they are less related, they cannot be analyzed completely independently. Therefore, in order to maintain the objectivity of the assessment, this paper develops a cross-attribute model of privacy risks in financial services. The privacy risk model established is shown in Fig. 2 below.

Fig. 2

Cross-attribute model of privacy risks in financial services.

The model has three layers, the first is the Target layer, which focuses on the evaluation of privacy risks in financial services; the second is the Scheme layer, which includes risk categories\(\:{\:\beta\:}_{1}\) ~\(\:{\beta\:}_{5}\); The third layer is the Indicator layer, which contains risk indicators \(\:{I}_{1}\) ~\(\:{I}_{12}\). After building the model, the corresponding weights can then be calculated, including weights for individual indicators, risk categories and overall service risk, thus helping the user to better select the target.

Fuzzy consistency matrix-based risk weight assessment

The assessment of risk category risk indicator weights using the AHP method requires a pairwise comparison of the elements in each layer of the model in (Fig. 2). If there are M factors need to be assessed, comparing these factors pairwise would require a total of M(M-1)/2 judgments. When M is large, this will result in the experts to make more comparisons, potentially triggering inconsistencies in the judgment matrix that have been created. Additionally, if the judgment matrix is not consistent, experts must continuously adjust their evaluations to meet the matrix consistency.

To simplify the process of evaluating the AHP method, this paper employs a fuzzy consistency matrix for determining weights. This method not only reduces the influence of human subjective factors like the AHP method, but also effectively addresses inconsistencies²⁸.

Fuzzy consistency matrix construction process

Based on the concept of a fuzzy consistency matrix²⁹, the significance ratio \(\:P({I}_{i},{I}_{j})\) of element\(\:{\:I}_{i}\:\)and element\(\:{\:I}_{j\:}\)is shown as follows. This ratio reflects the relative importance of \(\:{I}_{i}\:\)compared to \(\:{I}_{j\:}\:\)as evaluated by experts.

1. (1)

   0 ≤ \(\:P({I}_{i},{I}_{j})\) <0.5 indicates\(\:{\:I}_{j}\:\)is more important than \(\:{I}_{i\:}\), the smaller the value, the greater the ratio of the importance of\(\:{\:I}_{j}\:\)and \(\:{I}_{i}\:\).

2. (2)

   \(\:P({I}_{i},{I}_{j})\) = 0.5 indicates\(\:\:{I}_{j}\:\)and\(\:\:{I}_{i}\:\)are of equal importance.

3. (3)

   0.5 < \(\:P({I}_{i},{I}_{j})\) ≤ 1 means\(\:{\:I}_{i\:}\)is more important than\(\:{\:I}_{j}\), opposite to the meaning of (1).

According to the meaning of \(\:P({I}_{i},{I}_{j})\), the steps for constructing the fuzzy consistency matrix are as follows.

1. 1.

   Constructing a judgment matrix between elements

$$\:{\left({F}_{ij}\right)}_{n*n}=\left(\begin{array}{ccc}P\left({I}_{i},{I}_{1}\right)&\:\cdots\:&\:P\left({I}_{i},{I}_{n}\right)\\\: \vdots &\:\ddots\:&\: \vdots \\\:P\left({I}_{n},{I}_{1}\right)&\:\cdots\:&\:P\left({I}_{n},{I}_{n}\right)\end{array}\right)$$

1. 2.

   The established fuzzy matrix \(\:{\left({F}_{ij}\right)}_{n*n}\)will be converted into fuzzy consistency matrix using the follow formula.

$$\underline{P} \left( {I_{i} ,I_{j} } \right)=\frac{{\sum\:}_{l=1}^{n}P\left({I}_{i},{I}_{l}\right)}{{\sum\:}_{l=1}^{n}\left(P\left({I}_{i},{I}_{l}\right)+P\left({I}_{j},{I}_{l}\right)\right)}$$

(1)

1. 3.

   \(\underline{P} \left( {I_{i} ,I_{j} } \right)\)is the weight ratio of the two elements. therefore, a fuzzy consistency matrix can be constructed, and this matrix\(\left( {\underline{F} _{{ij}} } \right)_{{n*n}}\)has full consistency.

$$\left( {\underline{F} _{{ij}} } \right)_{{n*n}} = \left( {\begin{array}{*{20}c} {\underline{P} \left( {I_{i} ,I_{1} } \right)} & \cdots & {\underline{P} \left( {I_{i} ,I_{n} } \right)} \\ \vdots & \ddots & \vdots \\ {\underline{P} \left( {I_{n} ,I_{1} } \right)} & \cdots & {\underline{P} \left( {I_{n} ,I_{n} } \right)} \\ \end{array} } \right)$$

(2)

After constructing the matrix\(\left( {\underline{F} _{{ij}} } \right)_{{n*n}}\), it is possible to calculate the weights of each element use the follow formula.

$$W_{i} = \frac{{2\mathop \sum \nolimits_{{j = 1}}^{n} \underline{P} \left( {I_{i} ,I_{j} } \right) - 1}}{{n\left( {n - 1} \right)}}, i = 1,2, \ldots ,n$$

(3)

\(\:{W}_{i\:}\) represents the weight of element i in the model. Based on the principle of pairwise comparison in FAHP³⁰, \(\:{W}_{i}\:\) has a certain degree of objectivity. A larger value of\(\:{\:W}_{i}\:\) indicates a greater influence of element i on the target evaluation in the model.

Assessment of privacy risk weight in financial services

According to the method in the previous section, and in conjunction with the model in Fig. 2, it is possible to construct the fuzzy consistency matrix from the bottom up.

1. (1)

   The weight calculation of the scheme layer relative to the target layer. By constructing a fuzzy consistency matrix, it is possible to calculate the weights \(\:W\left({\beta\:}_{j}\right)\) of risk categories within the entire privacy risk assessment. The larger the value of\(\:\:W\left({\beta\:}_{j}\right)\), the risk category\(\:{\:\beta\:}_{j}\) has a greater impact on the overall privacy risks of financial services.

2. (2)

   The weight calculation of the indicator layer relative to the scheme layer. As above, by constructing five fuzzy consistency matrices, it is possible to calculate the weights \(\:W({I}_{i},{\beta\:}_{j})\) of the 12 indicators in the indicator layer with respect to each risk category. The larger the value of \(\:W({I}_{i},{\beta\:}_{j})\), the indicator\(\:{\:I}_{i}\:\)has the greater impact on the risk category\(\:{\:\beta\:}_{j\:}\).

After determining the assessment weights through the method mentioned above, this paper will next concentrate on the evaluation of risk levels in financial services.

Assessment of risk levels in financial services

FAHP-based risk weight evaluation only can evaluate the significant of elements. In order to offer more comprehensive information of financial services, a further assessment of the risk levels is necessary. Here, “risk levels” refers to the quantified classification of risk for each indicator in the assessment system, which is determined based on the actual situation of indicators and expert evaluations to reflect the degree of potential privacy risks in terms of occurrence frequency or loss severity.

Risk classification

In order to make the risk assessment process more concise and more distinguishable, this paper initially define four risk levels from two aspects: risk frequency and risk loss, as illustrated in the following Table.

Table 3 Privacy risk classification.

Fuzzy and D-S theory based risk level assessment

While Table 3 divides the risks into four levels according to their frequency and degree of loss, it is not easy to precisely define the level of risk in reality. Meanwhile, experts’ determination of risk levels may vary from person to person. To overcome this challenge, this paper applies fuzzy theory³¹ to reclassify risk levels and uses D-S theory to integrate multiple expert opinions to improve the assessment results.

D-S evidence theory, as an artificial intelligence technique, was originally applied to the field of expert systems with the ability to deal with uncertain information³². The theory can effectively address the problem of conflicting results of multi-expert assessment and provide reasonable fusion results by calculation. In information fusion, a confidence level needs to be assigned to each expert’s assessment results, and then fuse the results using appropriate formulas. In this paper, the risk levels of financial services are assessed as follows.

This paper uses confidence level t(S) for describing the risk level, which indicates the probability of belonging to the set S, 0 ≤ t(S) ≤ 1. S is a set containing all possible risk levels, including {1},{1,2},{2},{2,3},{3},{3,4},{4},and\(\:\:\sum\:_{S\ne\:\varnothing\:}t\left(S\right)=1\). This is illustrated in Table 4 below.

Table 4 Results of the expert assessment of risk levels.

Table 4 shows an example of the results of the assessment by three experts, each of whom gave a different level of confidence. The next step is to fuse the assessment results of the three experts using the following formula.

$$\begin{aligned} t\left( S \right) & = \left( {t_{1} \oplus t_{2} \oplus \cdot \cdot \cdot \oplus t_{n} } \right)\left( S \right) \\ & = \frac{1}{k}~~\mathop \sum \limits_{{S_{1} \cap S_{2} \cap \ldots \cap S_{n} = S}} ~t_{1} \left( {S_{1} } \right)t_{2} \left( {S_{2} } \right) \cdot \cdot \cdot t_{n} \left( {S_{n} } \right) \\ \end{aligned}$$

(4)

Among them, k is a normalization factor, which can be calculated by the following two formulas.

$$k=1-\sum\:_{{S}_{1}\cap\:{S}_{2}\cap\:\dots\:\cap\:{S}_{n}=\varnothing\:}{\:t}_{1}\left({S}_{1}\right){t}_{2}\left({S}_{2}\right)\cdot\:\cdot\:\cdot\:{t}_{n}\left({S}_{n}\right)$$

(5)

$$k=\sum\:_{{S}_{1}\cap\:{S}_{2}\cap\:\dots\:\cap\:{S}_{n}\ne\:\varnothing\:}{\:t}_{1}\left({S}_{1}\right){t}_{2}\left({S}_{2}\right)\cdot\:\cdot\:\cdot\:{t}_{n}\left({S}_{n}\right)$$

(6)

Integrating expert evaluations requires dealing with various sets, making the computation quite complex. Therefore, this paper employs the Bayesian approximation method³³ to simplify set S. The specific methods are described as follows.

$$~t\left( {\underline{S} } \right) = \frac{{\mathop \sum \nolimits_{{\underline{S} \subseteq S}} t\left( S \right)}}{{\mathop \sum \nolimits_{{A \subseteq \theta }} t\left( S \right)*N}}$$

(7)

In the above formula, the\(\:\:S\:\)is the reduced set of the S, which includes only {1},{2},{3},{4}.\(\:\theta\:\) is the full set, and N is the number of levels included in the set S. Therefore, the evaluation results of the three experts can be calculated using the above formula with the following process.

$$t\left( {\underline{1} } \right)=\frac{t\left(1\right)+t\left(\text{1,2}\right)}{t\left(1\right)+t\left(\text{1,2}\right)*2+t\left(2\right)+t\left(\text{2,3}\right)*2+t\left(3\right)+t\left(\text{3,4}\right)*2+t\left(4\right)}$$

$$t\left( {\underline{2} } \right)=\frac{t\left(\text{1,2}\right)+t\left(2\right)+t\left(\text{2,3}\right)}{t\left(1\right)+t\left(\text{1,2}\right)*2+t\left(2\right)+t\left(\text{2,3}\right)*2+t\left(3\right)+t\left(\text{3,4}\right)*2+t\left(4\right)}$$

$$t\left( {\underline{3} } \right)=\frac{t\left(\text{2,3}\right)+t\left(3\right)+t\left(\text{3,4}\right)}{t\left(1\right)+t\left(\text{1,2}\right)*2+t\left(2\right)+t\left(\text{2,3}\right)*2+t\left(3\right)+t\left(\text{3,4}\right)*2+t\left(4\right)}\:$$

$$t\left( {\underline{4} } \right)=\frac{t\left(\text{3,4}\right)+t\left(4\right)}{t\left(1\right)+t\left(\text{1,2}\right)*2+t\left(2\right)+t\left(\text{2,3}\right)*2+t\left(3\right)+t\left(\text{3,4}\right)*2+t\left(4\right)}$$

(8)

The set \(\:\:S\) is calculated in Table 5 below.

Table 5 The calculated results of the expert assessment.

After obtaining the data in the table above, the value of k is then calculated using formula (6), and finally put them into formula (4) to obtain the fused confidence level t(S), and the fused results in Table 6 below.

Table 6 The confidence level after fusion.

From Table 6, it can be seen that t(2) > t(3) > t(1) > t(4), which means that the risk level for this element is most likely to be level 2.By querying Table 3, it can be seen that the risk may occur occasionally, and the probability of belonging to level 4 is very low. Similarly, the confidence level of other elements can be calculated according to this method.

Comprehensive privacy security assessment for financial services

Comprehensive evaluation process

In Sect. 3, we introduce a FAHP-based risk weight evaluation method. Section 4 introduces a risk level evaluation method that combines fuzzy theory with D-S theory. These two methods together provide a comprehensive assessment of privacy risks in financial services. The detailed implementation process is shown in Fig. 3 below.

Fig. 3

Comprehensive assessment process of privacy risks in financial services.

According to Fig. 3 and previous studies, the indicators’ risk fuzzy level \(\:f\left({I}_{i}\right)\:\)and \(\:l\left({I}_{i}\right)\) obtained based on D-S theory can realize the effective assessment of the indicator layer, and combined with the indicator risk weights \(\:W({I}_{i},{\beta\:}_{j})\)obtained based on the FAHP method can evaluate the risk category of the scheme layer, and finally realize the bottom-up assessment of financial services.

Assessment of the indicator layer

Firstly, we need to calculate the risk levels for each indicator \(\:{I}_{i}\) at the indicator layer, and the calculation formula is as follows.

$$Lv\left({I}_{i}\right)=f\left({I}_{i}\right)*l\left({I}_{i}\right)$$

(9)

In the above formula, the\(\:\:f\left({I}_{i}\right)\:\)and\(\:\:l\left({I}_{i}\right)\:\)respectively denote the fuzzy level of risk frequency and risk loss of the indicator\(\:\:{I}_{i}\:\). By multiplying \(\:f\left({I}_{i}\right)\) and \(\:l\left({I}_{i}\right)\), and combined with the risk matrix method³⁴, the comprehensive risk level \(\:Lv\left({I}_{i}\right)\:\)can be calculated in Table 7 below. Integrating risk frequency and loss severity through the risk matrix method makes the classification of risk levels more intuitive and objective.

Table 7 Comprehensive level of privacy risks based on the risk matrix Method.

In the above Table, the risk levels of financial services are divided into 4 levels. Level I means the element has high security and very low privacy risk; Level II indicates the element is relatively safe, but has a slight privacy risk that could reveal basic information such as the user’s location and interests; Level III denotes the element has more serious privacy security issues, with the risk of leaking sensitive data such as the user’s identity, health status, and so on; and Level IV indicates that the element has the most serious security risks, which may leak the critical information such as the user’s financial and monetary information.

Assessment of the scheme layer

Based on the D-S theory, after calculating the\(\:\:f\left({I}_{i}\right)\:\)and\(\:\:l\left({I}_{i}\right)\) for the privacy risk attribute model indicator layer risk indicators in Fig. 2, the risk indicator weights \(\:W({I}_{i},{\beta\:}_{j})\)calculated by FAHP method, \(\:Lv\left({\beta\:}_{j}\right)\) can be calculated using the following formula.

$$\begin{aligned} ~Lv\left( {\beta _{j} } \right) & = ~f\left( {\beta _{j} } \right)*l\left( {\beta _{j} } \right) \\ & = \left\{ {\mathop \sum \limits_{{i = 1}}^{{12}} f\left( {I_{i} } \right)*W\left( {I_{i} ,\beta _{j} } \right)} \right\}~*~\left\{ {\mathop \sum \limits_{{i = 1}}^{{12}} l\left( {I_{i} } \right)*W\left( {I_{i} ,\beta _{j} } \right)} \right\} \\ \end{aligned}$$

(10)

Assessment of the target layer

First, calculate the risk category frequency level \(\:f\left({\beta\:}_{j}\right)\) and risk category loss level \(\:l\left({\beta\:}_{j}\right)\:\)by the D-S theory, and then the risk category weight\(\:\:W\left({\beta\:}_{j}\right)\) calculated by the FAHP method, the risk level \(\:Lv\) for financial services can be obtained by the following formula.

$$Lv=\left\{\sum\:_{j=1}^{5}f\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}\text{*}\left\{\sum\:_{j=1}^{5}l\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}$$

(11)

Result representation using triangular fuzzy value

To characterize the level of privacy risks in financial services more objectively, this paper combines the fuzzy theory and proposes to use a triangular fuzzy value³⁵ to represent the level of a credible risk indicator to redescribe the level of privacy risk, as illustrated in (Fig. 4).

Fig. 4

Description of risk level using triangular fuzzy value.

in the above figure, the horizontal axis represents the level of risk\(\:\:Lv\) and the vertical axis represents the level of confidence level t(S) of the risk. The triangle consists of three points, which are:

1. (1)

   \(\:{Lv}^{min}\) means the minimum level of the risk, which is necessary for t(S) > 0 .

2. (2)

   \(\:{Lv}^{max}\) means the maximum level of the risk, which is necessary for t(S) > 0 .

3. (3)

   \(\:{Lv}^{mid}\)represents the highest confidence level of the risk, that is, the risk has the highest probability of belonging to the\(\:{\:Lv}^{mid}\) level.

As mentioned in the previous section, according to the fuzzy theory change formulas (9)–(11), we can obtain the following formulas (12)–(14).

$$\:{Lv}^{min}={f}^{min}\left({I}_{i}\right)*{l}^{min}\left({I}_{i}\right)$$

$$\:{Lv}^{max}={f}^{max}\left({I}_{i}\right)*{l}^{max}\left({I}_{i}\right)$$

(12)

$$\:{Lv}^{mid}={f}^{mid}\left({I}_{i}\right)*{l}^{mid}\left({I}_{i}\right)$$

In the above formula, \(\:{f}^{min}\left({I}_{i}\right)\) represents the lower limit level of the risk frequency of the indicator\(\:{\:I}_{i}\),\(\:\:{l}^{min}\left({I}_{i}\right)\) represents the lower limit level of the risk loss.\(\:\:{f}^{max}\left({I}_{i}\right)\) means the upper limit level of the risk frequency of the indicator \(\:{I}_{i}\), \(\:{l}^{max}\left({I}_{i}\right)\) means the upper limit level of the risk loss.\(\:{f}^{mid}\left({I}_{i}\right)\) Indicates the indicator\(\:{\:I}_{i\:}\)’s risk frequency level maximum confidence level.\(\:{l}^{mid}\left({I}_{i}\right)\) Indicates the indicator\(\:\:{I}_{i}\)’s risk loss level maximum confidence level.

$$\:{Lv}^{min}\left({\beta\:}_{j}\right)={f}^{min}\left({\beta\:}_{j}\right)*{l}^{min}\left({\beta\:}_{j}\right)$$

$$=\left\{\sum\:_{i=1}^{12}{f}^{min}\left({I}_{i}\right)*W\left({I}_{i},{\beta\:}_{j}\right)\right\}*\left\{\sum\:_{i=1}^{12}{l}^{min}\left({I}_{i}\right)*W\left({I}_{i},{\beta\:}_{j}\right)\right\}$$

$$\begin{aligned} ~Lv^{{max}} \left( {\beta _{j} } \right) & = f^{{max}} \left( {\beta _{j} } \right)*l^{{max}} \left( {\beta _{j} } \right) \\ & = \left\{ {\mathop \sum \limits_{{i = 1}}^{{12}} f^{{max}} \left( {I_{i} } \right)*W\left( {I_{i} ,\beta _{j} } \right)} \right\}*\left\{ {\mathop \sum \limits_{{i = 1}}^{{12}} l^{{max}} \left( {I_{i} } \right)*W\left( {I_{i} ,\beta _{j} } \right)} \right\} \\ \end{aligned}$$

(13)

$$\:{Lv}^{mid}\left({\beta\:}_{j}\right)={f}^{mid}\left({\beta\:}_{j}\right)*{l}^{mid}\left({\beta\:}_{j}\right)$$

$$=\left\{\sum\:_{i=1}^{12}{f}^{mid}\left({I}_{i}\right)*W\left({I}_{i},{\beta\:}_{j}\right)\right\}*\left\{\sum\:_{i=1}^{12}{l}^{mid}\left({I}_{i}\right)*W\left({I}_{i},{\beta\:}_{j}\right)\right\}$$

Same as the above, the\(\:{\:f}^{min}\left({\beta\:}_{j}\right)\) and\(\:{\:l}^{min}\left({\beta\:}_{j}\right)\) represent the lower limit level of risk frequency and loss of the risk category\(\:{\:\beta\:}_{j}\).\(\:{f}^{max}\left({\beta\:}_{j}\right)\) and\(\:{\:l}^{max}\left({\beta\:}_{j}\right)\) represent the upper limit level of risk frequency and loss of the risk category\(\:{\:\beta\:}_{j}\),\(\:{f}^{mid}\left({\beta\:}_{j}\right)\) and \(\:{l}^{mid}\left({\beta\:}_{j}\right)\:\)represent the risk category\(\:{\:\beta\:}_{j}\)’s maximum confidence level of risk frequency and loss.

$$\:{Lv}^{min}=\left\{\sum\:_{j=1}^{5}{f}^{min}\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}\text{*}\left\{\sum\:_{j=1}^{5}{l}^{min}\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}$$

$$\:{Lv}^{max}=\left\{\sum\:_{j=1}^{5}{f}^{max}\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}\text{*}\left\{\sum\:_{j=1}^{5}{l}^{max}\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}$$

(14)

$$\:{Lv}^{mid}=\left\{\sum\:_{j=1}^{5}{f}^{mid}\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}\text{*}\left\{\sum\:_{j=1}^{5}{l}^{mid}\left({\beta\:}_{j}\right)\text{*}W\left({\beta\:}_{j}\right)\right\}$$

The use of triangular fuzzy value in assessing risk level allows for a more realistic capture of risk uncertainties, providing a more comprehensive and accurate risk assessment.

Case study

To validate the effectiveness of the above assessment method, two financial services providers are evaluated in this paper. The first is a financial services provider specializing in financial investment and securities trading, whose services cover convenient digital payment and comprehensive mobile banking functions. The second provider, specializing in credit services, is committed to providing users with high-quality financial investment and wealth management services. Through a preliminary survey, this paper concludes the features of these two financial institutions, details of which can be found in (Table 8). This assessment aims to validate the applicability and effectiveness of the proposed method in real-world financial services scenarios.

Table 8 Risk features of the two financial institutions.

Risk weight assessment

The weights of the indicators and risk categories were calculated according to the method in Sect. 3 and are shown in Table 9 below.

Table 9 Weights of risk indicators and risk categories.

Risk level assessment

After assessing the weights, the next step is to assess the risk levels of financial services, based on the method covered in Sect. 4.2 of this paper. We invited 15 experts from diverse backgrounds to assess risk indicators, including academic experts in the fields of financial risk, management and cloud service security, as well as practitioners from actual financial institutions. Tables 10 and 11 show their assessment results of Company 2 and Company 1.

Table 10 Risk indicators frequency level assessment results of company 2.

Table 11 Risk indicators loss level assessment results of company 2.

After obtaining the above assessment data, the risk level assessment method in Sect. 4 is used to simplify the data in Tables 10 and 11 using Bayesian approximation, and then the approximated data are fused using D-S theory, and the outcomes of this fusion are presented in Tables 12 and 13 below.

Table 12 Fused results for company 2’s risk indicator frequency level.

Table 13 Fused results for company 1’s risk indicator frequency level.

Comparison of assessment results by layer

After obtaining the results from Tables 12 and 13, the results of privacy risk assessment of the financial services of Company 2 can be calculated by substituting them into formulas (12)-(14), and the same can be done to assess the financial services of Company 1. Finally, the risk of the financial services of the two companies is compared bottom-up.

(1) Comparison of risk levels of the indicator layer. The indicators’ fuzzy risk levels in the indicator layer can be expressed as\(\:Lv\left({I}_{i}\right)={\left\{Lv\right.}^{min}\left({I}_{i}\right)\text{,\:}{Lv}^{mid}\left({I}_{i}\right),\:{Lv}^{max}\left({I}_{i}\right)\}\), and the results of the calculations based on the data in Tables 12 and 13 are shown in (Table 14,15 and Figs. 5, 6) below.

Table 14 Risk frequency fuzzy level for each indicator of company 2.

Table 15 Risk loss fuzzy level for each indicator of company 2.

Fig. 5

Financial services indicators fuzzy risk levels of Company 2.

Fig. 6

Financial services indicators fuzzy risk levels of Company 1.

According to the hierarchical definitions in Table 7, some of the indicators for company 2 in Fig. 5, \(\:{\:Lv}^{mid}\left({I}_{1}\right)\)=9.\(\:{Lv}^{mid}\left({I}_{12}\right)\) = 9, which belong to the III risk level. It indicates that Company 2’s indicator I₁ and indicator I₁₂ have a large privacy security problem, may leak important information such as user’s identification details, contact logs, and health status and other important information when using the company’s services. It also poses a serious threat to the privacy security of the financial services of Company 2, and both the company and the users need to focus on this issue. Especially the indicator I₁ “Malicious behavior of internal employees”, its risk level\(\:{Lv}^{max}\left({I}_{i}\right)\) =16, which belongs to the IV risk level, the highest of all indicators, may disclose critical user information and requires special attention. In addition to this, the other risk indicators for Company 2 \(\:{Lv}^{mid}\left({I}_{i}\right)\) ≤ 6, belongs to the I or II risk level, indicating that these indicators are relatively safe and have a low probability of privacy security issues, with \(\:{Lv}^{mid}\left({I}_{8}\right)\) = 2, indicates that the company has a high level of security in its operating system or end devices.

In Fig. 6, Company 1’s risk indicator level \(\:{Lv}^{mid}\left({I}_{i}\right)\) ≤ 6, belongs to risk level I or II, representing that the company’s risk indicators are all relatively safe and do not pose much of a threat to the user’s privacy risk. There are only two indicators\(\:{\:Lv}^{max}\left({I}_{3}\right)=12\) and \(\:{Lv}^{max}\left({I}_{12}\right)=12\),this means that the company’s risk indicators for “third-party apps collecting information” and “secret key management” are still likely to result in a serious threat to users’ privacy, users need to pay attention to this point. The company’s risk indicators\(\:{Lv}^{mid}\left({I}_{4}\text{,}{\:I}_{7},\:{I}_{8}\right)=\)3, which fall into risk level I, represents that the company’s platforms and operating systems, as well as services providers, are highly secure.

(2) Comparison of risk levels in scheme layer. Also, according to Tables 9, 12 and 13 and formula (13), The risk categories’ fuzzy risk levels in the scheme layer can be calculated as the following Figs. 7, 8 below.

Fig. 7

Risk categories’ fuzzy risk levels of Company 2.

Fig. 8

Risk categories’ fuzzy risk levels of Company 1.

From the above two graphs, it can be seen that the two companies are in risk categories 4<\(\:{Lv}^{mid}\left({\beta\:}_{j}\right)\) < 6, which belongs to the II risk level, indicating that the two companies’ risk categories are probable to be in a relatively safe situation. However, Company 1 has a risk category 6<\(\:{Lv}^{max}\left({\beta\:}_{j}\right)\) < 8, which belongs to the III risk level, while all of Company 2’s risk categories \(\:{Lv}^{max}\left({\beta\:}_{j}\right)\) > 9, which belongs to the IV risk level, suggests that Company 1’s highest risk class belongs to the III risk level, while Company 2’s highest risk class belongs to the IV risk level, which makes Company 1 more privacy safe than Company 2 in comparison.

(3) Comparison of risk level in the target layer. As before, the financial services’ fuzzy risk level of two companies can be calculated according to formula (14) as the following Table 16 below.

Table 16 Comparison of the risk level of financial services between the two Companies.

The above table shows that the risk level range of company 2 is [1.752, 9.159], and the risk level range of company 1 is [1.699, 7.861]. In this case, both the lowest and highest values of the risk range for Company 2 are larger than those for Company 1, which indicates that company 1 is relatively safer than company 2 in terms of financial services as a whole. However, in general, both companies have a risk value of 4 <\(\:{Lv}^{mid}\) < 6, which is in the level II, demonstrating that both companies are more secure in their services.

The case study demonstrates that the method accurately identifies high-risk indicators (e.g., Indicators I1 and I12 of Company 2), which are highly consistent with the privacy leakage scenarios described in the introduction—fully validating the feasibility of the method. Additionally, the case study provides users with comprehensive risk assessment information, enabling them to conduct detailed analyses based on their unique needs and thereby make more informed choices of financial services that best align with their privacy protection requirements.

Comparison of methods

The method used in this paper is suitable for assessing privacy security issues in financial services. It provides users with information about the risk weights and levels of the indicators related to financial services, and helps users choose and use financial services rationally, and it is also a kind of security and risk assessment method. To have a better understanding of its characteristics, there should be a comparison with other common methods of risk assessment. These common methods include AHP-based risk weight assessment method^36,37,38, risk level assessment method based on risk matrix^39,40,41, risk uncertainty assessment method based on information entropy^23,42,43,44, which are more practical risk assessment methods that offer users with valid evaluation results. These methods are compared in the following ways.

1. (1)

   Cost: This item considers the investment of resources necessary to conduct the assessment and includes factors such as the ease of expert assessment, the total number of tasks to be performed, and the complexity of the calculations. Higher costs mean that more resources are required to conduct the assessment.

2. (2)

   Objectivity: This indicator measures how objectively and accurately the assessment results describe the privacy risks in financial services. Assessments with a higher degree of objectivity provide a more accurate picture of the privacy risks in the services.

3. (3)

   Comprehensiveness: This indicator reflects the comprehensiveness and completeness of the privacy risk assessment results. The ability of a method to provide more dimensions of privacy risk assessment information indicates that the method performs better in terms of comprehensiveness.

4. (4)

   Decision support: This indicator measures the extent to which the results of the assessment actually help users to manage their private information wisely. The higher the value of the reference information provided by the assessment, the stronger the support it provides to users in making informed decisions.

5. (5)

   Scalability: This indicator measures the ability of the method to adapt as it encounters new problems or expands its application scenarios.

In this paper, we use {1,2,3} to indicate the level of the above aspects, 3 means good performance in this aspect, 2 means average, 1 means poor. For the cost aspect, 3 means the required cost is larger, 2 means average, 1 means lower cost, and the comparisons of these methods in the above aspects are shown in Tables 17, 18, 19, 20 and 21 below.

Table 17 Comparison of this paper’s method with others in terms of cost.

Table 18 Comparison of this paper’s method with others in terms of objectivity.

Table 19 Comparison of this paper’s method with others in terms of comprehensiveness.

Table 20 Comparison of this paper’s method with others in terms of decision support.

Table 21 Comparison of this paper’s method with others in terms of scalability.

With the above situation analysis and rating, we use radar map to compare them together, Fig. 9 shows the results of the comparison.

Fig. 9

Comparison of the characteristics of this paper’s method with others.

The above comparison indicates that the method has good performance in scalability, objectivity, comprehensiveness and decision support. However, due to the combination of multiple methods, in order to improve the comprehensiveness and decision support of this paper’s method, it must be lacking in other aspects, so it may not perform very well in terms of cost.

Summary

In this paper, Firstly, the privacy risk categories and risk indicators of financial services are sorted out, and a privacy risk attribute model for financial services is constructed to assess the weights of each layer of the model. Secondly, this paper realizes the effective assessment of privacy risk class by combining D-S theory and fuzzy theory. Finally, a comprehensive assessment method that combines FAHP and D-S theory is proposed. The method breaks through the limitation that traditional assessment models are not comprehensive enough to assess financial services, and it can offer users the comprehensive and objective assessment results of financial services and assist them in effectively managing their privacy information. The method also significantly improves the ability to handle complex data and uncertain information, thus enhancing the efficiency and objectivity of the assessment, especially in financial environment with high multivariate and uncertainty. However, the method used in this paper has some limitations, it can only give a “static” assessment result, but the privacy security of financial services may also change over time. Therefore, in future research, we will further determine the confidence level of risk level and explore efficient dynamic risk assessment methods.