PRIVATE.ME PLATFORM

xCredit: Credit Scoring Data Isolation

XorIDA splits credit profiles across independent bureaus so no single bureau holds a reconstructable profile. A breach at one bureau exposes zero usable credit data.

Financial / Credit COMING SOON XorIDA Powered

Section 01

The Problem

Credit profiles concentrated at single bureaus create catastrophic breach risk. The Equifax breach exposed 147 million complete credit histories from a single point of failure.

The global credit reporting industry concentrates complete consumer credit histories at individual bureaus. Each bureau independently holds enough data to fully reconstruct a consumer's financial identity. A single breach at any bureau exposes the entire credit profile -- Social Security numbers, account histories, payment records, and inquiry logs.

Current credit infrastructure provides no mechanism for data isolation between bureaus. Each bureau is a complete, independent copy of the consumer's financial identity. This architecture means the blast radius of any breach is always 100% of the data. Encryption at rest protects against physical theft but not against compromised application layers or insider threats.

The Old Way

Section 02

The PRIVATE.ME Solution

xCredit splits credit profiles across independent bureaus using XorIDA. No single bureau holds a reconstructable profile. Scoring requires threshold cooperation between bureaus with HMAC verification.

Credit profiles are split via splitProfile() into N HMAC-signed shares distributed across independent bureaus. Each bureau stores only an unintelligible share. Credit scoring operations use scoreSafely(), which collects threshold shares, verifies HMAC integrity, reconstructs the profile ephemerally, computes the score, and destroys the reconstructed data.

A breach at any single bureau exposes only shares that are information-theoretically useless without the threshold. The blast radius drops from 100% to 0%. No attacker can reconstruct a credit profile from below-threshold shares regardless of computational resources.

The New Way

Section 03

How It Works

Credit scoring operates through a three-phase protocol: split-and-distribute, threshold-collect-and-verify, and ephemeral-score-and-destroy.

Key Security Properties

Zero blast radius: A breach at any single bureau exposes only unintelligible shares. Ephemeral scoring: Reconstructed profiles exist only in memory during scoring and are immediately destroyed. HMAC integrity: Every share is verified before reconstruction to prevent tampering or substitution.

Section 04

Use Cases

Consumer

Consumer Credit Protection

Credit profiles split across bureaus ensure no single breach exposes complete financial identity. Consumers protected by math, not policy.

Breach Prevention

Financial

Cross-Bureau Data Isolation

Bureaus hold only partial shares. Eliminates the single-bureau concentration risk that enabled the Equifax breach.

Data Isolation

Regulatory

Fair Lending Compliance

Threshold scoring ensures no single bureau can bias results. Multi-party verification supports fair lending audit requirements.

ECOA / FCRA

Security

Credit Freeze Enhancement

Credit freezes backed by threshold cryptography. Unfreezing requires multi-bureau cooperation, preventing unauthorized access.

Identity Theft

Section 05

Integration

Quick Start

import { splitProfile, scoreSafely } from '@private.me/xcredit';

// Split credit profile across 3 bureaus (2-of-3 threshold)
const shares = await splitProfile(creditProfile, bureaus, {
  n: 3,
  k: 2
});

// Score safely: collect, verify, reconstruct, score, destroy
const result = await scoreSafely(consumerId, {
  model: 'FICO_9',
  purpose: 'mortgage_prequalification'
});
console.log(result.score); // 742 -- ephemeral, no data retained

splitProfile(profile: CreditProfile, bureaus: string[], config: { n: number, k: number }): Promise<CreditShare[]>

Splits a consumer credit profile into K-of-N HMAC-signed shares using XorIDA and distributes them across the specified bureaus. No single bureau can reconstruct the profile. Returns an array of CreditShare objects with distribution confirmations.

scoreSafely(consumerId: string, config: ScoreConfig): Promise<ScoreResult>

Performs a credit scoring operation by collecting threshold shares from bureaus, verifying HMAC integrity, reconstructing the profile ephemerally in memory, computing the score, and immediately destroying the reconstructed data. Returns only the score and metadata.

Section 06

Security Properties

Property	Mechanism	Guarantee
Profile Confidentiality	XorIDA K-of-N threshold	Information-theoretic
Breach Blast Radius	Distributed bureau shares	0% per bureau
Score Integrity	HMAC-SHA256 per share	Tamper-evident
Data Minimization	Ephemeral reconstruction	No persistent exposure
Quantum Resistance	GF(2) operations, no keys	Unconditional security

<1ms

Typical payload

K-of-N

Bureau threshold

Single-bureau blast radius

Keys to manage

VERIFIED BY XPROVE

Cryptographic Proof of Correctness

This ACI's computations can be cryptographically verified by xProve — so regulators, auditors, and counterparties can confirm results without re-running the computation or accessing the underlying data.

XPROVE INTEGRATION

Tier 1: HMAC audit trail — always on, ~1.3x overhead.
Tier 2: Commit-and-reveal — anti-equivocation for Beaver triples.
Tier 3: IT-MACs — malicious-security detection between parties.
Tier 4: KKW zero-knowledge proofs — publicly verifiable, ~50 KB, post-quantum.

Read the xProve white paper →

GET STARTED

Ready to deploy xCredit?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xCredit generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xcredit
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xCredit is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →