Compliant fraud-data exchange for EU financial institutions.
Tilda lets banks, payment institutions, and e-money issuers share fraud-related indicators with one another under a lawful, auditable framework aligned with the EU Payment Services Regulation and the GDPR — so fraudsters stop at the first institution they hit.
- Member institutions
- 30+
- Indicators in network
- 6.4 M
- Median lookup
- < 100 ms
Member institutions — banks, payment institutions, and e-money issuers
A shared source of truth on payment fraud — without sharing your customers.
Every capability is designed around the safeguards that PSR Article 83 and the GDPR require: lawful basis, data minimisation, purpose limitation, accuracy, and the rights of data subjects.
Lawful basis, enforced
Every exchange is gated on the Article 83 grounds and the GDPR legitimate-interest test — recorded, versioned, and attestable to your supervisor.
Privacy-preserving lookups
Counterparties are matched on salted, tenant-scoped hashes. Raw IBANs, identifiers, and device data never leave the submitting institution.
Bi-directional exchange
Submit confirmed fraud indicators and query the network in the same signed, idempotent API — with per-request purpose declarations.
Data-subject rights, built in
Native workflows for access, rectification, objection, and erasure requests — routed to the controlling institution with full chain of custody.
Immutable audit trail
Who queried what, why, and what was returned — recorded to an append-only log designed for supervisory review and incident response.
Tenant isolation
Strict per-institution data boundaries with Keycloak-backed SSO, role-based access, and scoped API clients for each integration.
Submit, match, act — with compliance baked into every step.
Plug into onboarding, payment initiation, or investigation workflows through a signed REST API — typically in days, not quarters.
- 01
Submit confirmed indicators
Your fraud team submits confirmed or strongly suspected fraud indicators — IBANs, device fingerprints, identifiers — with a documented basis and retention policy.
- 02
Query the network
At onboarding or payment initiation, query Tilda for a match. Responses are purpose-scoped and returned with the reason and timestamp of the contributing record.
- 03
Act and attest
Take a risk decision on your side, persist the outcome, and rely on the platform's audit trail to evidence compliance to supervisors and data subjects.
Designed around the safeguards your supervisor is about to require.
Tilda is engineered as a joint controller-ready platform: every submission, query, and rectification is documented, purpose-bound, and reproducible — so you can demonstrate compliance, not just claim it.
- Article 83-aligned purpose limitation and retention policies, per indicator type
- Data minimisation via salted, tenant-scoped hashing before any data leaves your perimeter
- Joint controller templates, DPIA support, and supervisory reporting artefacts
- End-to-end data-subject request routing between controllers, with SLAs