To illustrate the car loan application screening use case, BCA Bank and BCA Finance act as stand-ins for the roles of Data Issuer and Proof Verifier, respectively.
It should be explicitly noted here that all constituent elements of BCA Bank and BCA Finance in this use case, such as car loan eligibility criteria, customer profiles within the bank, and any other related artifacts, are purely hypothetical and fictitious and therefore designed exclusively for illustration purposes only.
BCA Finance, a prominent player in car loan solutions, manages a high-volume stream of applications on a daily basis. The application processing pipeline is segmented into two pivotal phases: Preliminary Screening and Comprehensive Evaluation. This use case is confined to defining the architecture and implementation methodologies for the Preliminary Screening phase, with a particular emphasis on privacy preservation and execution transparency using the zkPass architecture. The Comprehensive Evaluation phase, although crucial, falls beyond the scope of this use case.
To be eligible for car loan coverage through BCA Finance, applicants must meet the following hypothetical criteria as part of the initial screening phase:
Hold an active BCA Bank account with a minimum balance of Rp 55,000,000.
Have a credit score of 650 or above.
Fulfilling these prerequisites is imperative for advancing to the comprehensive evaluation stage of the application process.
BCA Bank and BCA Finance intend to develop a screening process that meets the following objectives:
Cost-Efficient Application Filtering The objective is to expedite the initial sorting of incoming applications, consequently lowering operational overhead. Utilizing an automated, secure, real-time processing system allows BCA Finance to substantially reduce the financial burden associated with manual intervention.
Privacy Protection for BCA Bank Customers In order to safeguard customer data privacy, BCA Bank will not directly transfer any sensitive information to BCA Finance. Rather, a proof-of-eligibility token, which confirms that the applicant satisfies the predefined criteria, should be sent to BCA Finance. This approach mitigates the risk of data exposure while maintaining the integrity of the application process.
Verifiable Loan Evaluation Ensuring transparency in the car loan application workflow is crucial. The evaluation result must be solely based on a quantitative analysis of the applicant's credentials. Specifically, the decision-making must be controlled by the business rules defined in a query, which lays out the particular criteria for car loan eligibility. BCA Finance requires that its query runs unmodified, retaining its original logic. Additionally, the query must be performed on the customer profile data and should correspond to the applicant under assessment.
The objective of this use case study is to provide a comprehensive blueprint for zkPass integration to implement a loan application screening mechanism that maintains a good balance between operational efficiency, user data privacy, and verifiable execution. Subsequent sections will delve into the intricate details of the technical architecture, data flow dynamics, and the integration strategies for each stakeholder.
To achieve full integration with the zkPass framework, all key stakeholders must adhere to the SDK integration guidelines. In the context of the car loan screening process, there are three primary parties involved, as detailed below.
BCA Bank (Data Issuer) BCA Bank assumes the role of the Data Issuer, as specified by the zkPass framework. In this capacity, the bank defines the attributes encapsulated within the "BCA Customer Profile," as previously described. Thanks to the format-agnostic nature of zkPass concerning user data, the articulated "BCA Customer Profile" is fully interoperable with the zkPass Service. This provides substantial flexibility for the Data Issuer, enabling it to work seamlessly with any data schema or format for its user data.
BCA Finance (Proof Verifier) Taking the Proof Verifier role within the context of the zkPass framework, BCA Finance defines the criteria for the "Loan Screening" Data Verification Request (DVR). This DVR encapsulates the eligibility requirements established by BCA Finance for assessing car loan applications. Before generating the DVR, BCA Finance has already ascertained the applicant's identity through alternative mechanisms, such as manual verification or AI-based OCR scanning. Having acquired and validated the applicant's full name and driver's license number, this data serves as a cross-referential check against the customer profile to ensure its attribution to the correct individual.
My BCA (Data Holder) Developed by BCA Bank, the "My BCA" mobile application serves as the main tool for account holders to access a multitude of banking features. This application represents the “User”, also called the “Data Holder,’ role in the zkPass ecosystem. In the zkPass workflow, the Data Holder is usually the user who is interested to answer or resolve the query posed by the Proof Verifier. My BCA is designed to securely retrieve customer profile data from BCA Bank's backend databases, implementing stringent authentication protocols to ensure that only authorized account holders gain access to sensitive information. The application collects the “Loan Screening” DVR from BCA Finance, and the user’s “BCA Customer Profile” from BCA Bank, and relays the information to zkPass Service to create the ZK proof for the loan eligibility.
All of the three stakeholders above, BCA Bank, My BCA app, and BCA Finance, are essentially the client components of the zkPass framework. Each client uses the zkpass-client library to interact with the ecosystem, as illustrated by the diagram.
As depicted above, BCA Bank circumvents direct access from external organizations to the user's exhaustive customer profile, which comprises various personal and sensitive attributes irrelevant to the car loan assessment. Instead, BCA Finance must outline the criteria in the "Loan Screening" Data Verification Request (DVR), which the "My BCA" app subsequently fetches. Upon collecting the user data and the DVR, the app employs the zkPass Service to generate proof. This proof, stripped of any personally identifiable information (PII), constitutes the sole data payload transmitted to BCA Finance, thereby preserving the privacy of BCA's customers.
Moreover, an implicit trust relationship exists between BCA Finance and BCA Bank, as demonstrated. BCA Finance relies on the assumption that the data encapsulated within the user's BCA Customer Profile is both accurate and verifiable.
Following the zkPass SDK guideline, BCA Finance which takes the client role of the Proof Verifier, defines the “Loan Screening” DVR for users who are applying for the car loan. The requirements for the car loan are encapsulated in a query, which is detailed in the Data Verification Request (DVR). This query is formulated using the zkPass Query language, which is JSON-based.
The DVR Query for Ramana Maharshi looks like the following.
All these conditions must be met for the overall criteria to be satisfied:
The Document ID (bcaDocID
) should exactly match "DOC897923CP", which is the document id for BCA Customer Profile.
The first name under personalInfo
should match "Ramana" (case insensitive).
The last name under personalInfo
should match "Maharshi" (case insensitive).
The driver's license number under personalInfo
should match "DL77108108" (case insensitive).
The credit rating from Pefindo, found under financialInfo
, should be equal to or greater than 650.
The balance in the savings account, under financialInfo
, should be equal to or greater than 55,000,000.
Take, for example, Ramana Maharshi, who is applying for a car loan via BCA Finance. He is a multi-account holder with BCA Bank, and his customer profile is structured in the following manner:
Document ID: DOC897923CP
Customer ID: BCA123756108
Name: Ramana Maharshi
Date of Birth: October 8, 1970
Driver's License Number: DL77108108
Phone: +62-856-685-0108
Average Monthly Balance: $200,000,000
Checking Account:
Account Number: CHK1238569
Balance: $89,000,000
Savings Account:
Account Number: SAV1231770
Balance: $380,000,000
Pefindo: 710
CreditKarma: 755
EquiInfo: 695
Loan Amount: $500,000,000
Loan Status: Closed
Overdraft Protection: Enabled
VIP Status: Not a VIP
Fraud Alerts: Disabled
As demonstrated by the above BCA Customer Profile, the user data contains sufficient information needed for the loan screening criteria set forth by BCA Finance. However, the profile also contains extraneous sensitive attributes that hold no relevance for BCA Finance's screening assessment. Transmitting the full profile to BCA Finance would not only result in superfluous data transfer but also introduce considerable risk to customer privacy. Once stored in BCA Finance's server database, such data becomes susceptible to a myriad of security vulnerabilities, ranging from advanced persistent threats (APTs) to unauthorized data access and insider attacks. This escalates the probability of data exfiltration events.
In this use case, BCA Bank keeps a "BCA Customer Profile" for each account holder, encompassing a variety of essential attributes such as driver's license particulars, current account balance, credit scores, and other relevant financial data.
Email:
The following call sequence diagram provides a visual representation of the programmatic workflow interactions among the zkPass client stakeholders and the zkPass Service.