Privacy-Preserving Federated Learning in Healthcare, E-Commerce, and Finance: A Taxonomy of Security Threats and Mitigation Strategies

Federated Learning (FL) transformed decentralized machine learning by allowing joint model training without mutually sharing raw data, hence being especially useful in privacy-sensitive applications like healthcare, e-commerce, and finance. Even with its privacy-focused architecture, FL is vulnerable to a range of security attacks such as data poisoning, model inversion, membership inference attacks, and communication interception. These attacks compromise the confidentiality of patients in healthcare, consumer data privacy in e-commerce, and financial safety in banking, thus necessitating effective privacy-preserving mechanisms. This survey presents a classification of security threats in FL, grouping them by their source, effect, and attack mode. We review state-of-the-art countermeasures, such as differential privacy, secure multi-party computation, homomorphic encryption, and resilient aggregation methods, their effectiveness, trade-offs, and real-world applicability to FL. In medicine, FL enables joint disease diagnosis without compromising patient confidentiality; in online shopping, it provides personalized suggestions without revealing customer tastes; and in banking, it improves fraud detection without violating regulatory requirements. In addition, we discuss future horizons in privacy-preserving FL, including adversarial robustness, blockchain-protected models, and tailored FL architectures, improving security and resiliency in these domains. We also discuss the balancing problems between security, accuracy, and computational efficiency with possible trade-offs in scaling privacy-preserving FL By analyzing threats and mitigation strategies systematically, this paper will provide direction to future research on designing secure, scalable, and privacy-preserving FL frameworks for the changing healthcare, e-commerce, and finance needs.