Trusttester: the key to online privacy

17 February 2016 • 2 min reading time

Information validation without providing personal information: that is the advantage of TrustTester. TrustTester combines a patented algorithm with an authorization system. Together these ensure that organizations can trust that the information provided by the consumer in an online process is correct. Organizations will save on the verification process while consumers maintain their privacy.

Consumers wishing to take out a mortgage loan have to show that they have sufficient income. A company hiring a new employee might request a certificate of good conduct. A student hoping for an inexpensive healthcare insurance has to be able to prove that he or she is registered at an academic institution. While companies need to obtain this type of information, the owners of this information prefer to keep these details private.

Signatures and copies

Various online processes require reliable information to be submitted. A bank may not approach a customer's employer directly to find out whether this customer has sufficient income. In compliance with the Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens, Wbp), such a request may only be made of the consumer directly. However, as the consumer might provide fraudulent information, the information that is provided loses its veracity. This forces the bank to use its expert staff for time-consuming and costly verification processes that require signatures and copies.

Digital stamp

Organizations are often not concerned about the content of the information itself: they simply need to know that the information provided is correct. The bank does not need to know the exact salary of the consumer, but it does need to know whether the consumer earns enough to afford the mortgage loan that is applied for. This means that the banks can speed up the process if they can quickly confirm the veracity of the information, rather than having to first verify the accuracy of the information. TrustTester facilitates this process. TrustTester does not provide personal information, but validates the statement of income made by the consumer. This statement is given a digital stamp that the receiver of the information, such as a financial institution, can trust.

TrustTester does not provide personal information, but validates the statement of income made by the consumer

Homomorphic encryption

In practice, TrustTester works similarly to the e-commerce payment system iDEAL, used in the Netherlands. Once the consumer has filled in his or her income on the bank's website, a screen will appear requesting that the amount be confirmed. The consumer will then select the reliable source of confirmation for that information, such as UWV (the Dutch administrative authority providing labour market and data services), and will then continue to log in using DigiD, the Dutch identity management platform. TrustTester will then ensure that the income statement made by the consumer and the income registered at the UWV are encrypted using homomorphic encryption. This then initiates a secure data comparing protocol that compares the income stated and the actual income in this encrypted domain, until only one bit is left on each side. The result of this validation, which is based on both bits, can only be viewed by the consumer. If the consumer then grants permission to share this result, the bank will receive proof that the information is correct.


TNO is organizing an experiment of TrustTester in January. Consumers will validate certain aspects that come into play when applying for a mortgage loan such as income, whether you are currently leasing a car, and whether you are permanently employed. Other important aspects that will be tested are its user-friendliness and its compliance with existing laws and regulations. If the experiment is a success, TrustTester will be available as an operational service in 2017.