Abstract
The rapid expansion of FinTech platforms has elevated the urgency of balancing predictive risk intelligence with stringent privacy and regulatory constraints. This paper proposes a hybrid, privacy-preserving early warning system that integrates sensitive information detection, federated learning (FL), and differential privacy (DP) to address the unique challenges of secure data analytics in financial systems. We construct a comprehensive risk modeling pipeline that detects sensitive entities using transformer-based natural language processing, applies risk scoring via privacy-compliant federated learning, and generates cryptographically auditable alerts. A hybrid synthetic dataset simulating financial transactions, session metadata, and communication logs was used to benchmark performance under GDPR-aligned conditions. The model maintains high F1-scores (>0.85) even under strong DP noise, with real-time alert latency averaging 187 ms. A regulatory-aligned sensitivity labeling taxonomy and feedback-driven alert refinement further ensure interpretability and compliance. Extensive evaluation highlights the feasibility of deploying real-time, privacy-preserving predictive systems in FinTech environments without compromising utility. Our findings support the broader adoption of integrated, regulation-aware security architectures for scalable and responsible FinTech innovation.
References
Dwork, C., and Roth, A. (2014). The Algorithmic Foundations of Differential Privacy. https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf.
Chandola, V., Banerjee, A., and Kumar, V. (2009). Anomaly Detection: A Survey. ACM Computing Surveys, 41(3), 1–58. https://doi.org/10.1145/1541880.1541882.
Javaheri, D., Fahmideh, M., Chizari, H., Lalbakhsh, P., and Hur, J. (2024). Cybersecurity Threats in FinTech: A Systematic Review. Expert Systems with Applications, 241, 122697. https://www.sciencedirect.com/science/article/pii/S0957417423031998.
Lample, G., et al. (2016). Neural Architectures for Named Entity Recognition. NAACL. https://aclanthology.org/N16-1030.pdf.
Devlin, J., et al. (2019). BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. NAACL. https://aclanthology.org/N19-1423.pdf.
Oyewole, A. T., Okoye, C. C., Ofodile, O. C., and Ugochukwu, C. E. (2024). Cybersecurity Risks in Online Banking: A Detailed Review and Preventive Strategies Application. World Journal of Advanced Research and Reviews, 21(3), 625–643. https://doi.org/10.30574/wjarr.2024.21.3.0707.
Abadi, M., et al. (2016). Deep Learning with Differential Privacy. https://dl.acm.org/doi/10.1145/2976749.2978318.
McMahan, H. B., et al. (2017). Communication-Efficient Learning of Deep Networks from Decentralized Data. https://proceedings.mlr.press/v54/mcmahan17a.html.
Kairouz, P., et al. (2021). Advances and Open Problems in Federated Learning. Foundations and Trends in ML, 14(1–2), 1–210. https://doi.org/10.1561/2200000083.
Truex, S., et al. (2019). LDP-Fed: Federated Learning with Local Differential Privacy. IJCAI. https://www.ijcai.org/proceedings/2019/0530.pdf.
Geyer, R. C., Klein, T., and Soltau, H. (2017). Differentially Private Federated Learning: A Client-Level Perspective. NeurIPS Workshop.
Singh, P., et al. (2021). Graph Neural Networks for Fraud Detection in Financial Transactions. arXiv:2103.08446. https://arxiv.org/abs/2103.08446.
Knyazeva, M., Tselykh, A., Tselykh, A., and Popkova, E. (2016). A Graph-Based Data Mining Approach to Preventing Financial Fraud: A Case Study. ACM SIGKDD Explorations, 17(1), Article 5. https://dl.acm.org/doi/10.1145/2799979.2800002.
Regulation (EU) 2016/679 (GDPR). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679.
PCI Security Standards Council (2018). Payment Card Industry Data Security Standard v3.2.1. https://www.pcisecuritystandards.org/document_library?document=pci_dss.
Regulation (EU) No 910/2014 (eIDAS). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32014R0910.
PSD2 directive. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L2366.
Act on the Protection of Personal Information (APPI), Japan. https://www.ppc.go.jp/en/legal/.
Act on the Protection of Personal Information (PIPA), Korea. http://www.pipc.go.kr/cmt/main/laws/enLawListPage.do.
Kadir, A. F. A., Stakhanova, N., and Ghorbani, A. A. (2018). Understanding Android financial malware attacks: taxonomy, characterization, and challenges. Journal of Cyber Security and Mobility, 7(3), 1–52.
Sicari, S., Rizzardi, A., Grieco, L. A., and Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146–164. https://doi.org/10.1016/j.comnet.2014.11.008.
Zyskind, G., Nathan, O., and Pentland, A. (2015). Decentralizing privacy: Using blockchain to protect personal data. In 2015 IEEE Security and Privacy Workshops (SPW), 180–184. https://doi.org/10.1109/SPW.2015.27.
Tian, J., and Wang, H. (2021). A provably secure and public auditing protocol based on the Bell triangle for cloud data. Computer Networks, 195, 108223. https://doi.org/10.1016/j.comnet.2021.108223.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2025 Journal of Cyber Security and Mobility