Beyond Platform Achieves Commercial-Grade Security for Peer-to-Peer Lending Platform with Best-in-Class Encryption

Korea-based, Beyond Platform is an internet-based financial services technology company offering an innovative platform for peer-to-peer (P2P) lending. Beyond Platform entered into a memorandum of understanding with NongHyup Bank (NH Bank) an agricultural and retail bank in South Korea, to develop a mid-level interest loan product: the 30CUT-NH Loan.

The company jointly developed a credit evaluation model with NH Bank by analyzing the data of five million users of credit evaluation agencies and credit card loans, accumulated over three years. Beyond Platform was recognized for its technological capabilities on the project and obtained a venture company certification from the Technology Guaranteed Fund. It also signed a collaboration agreement with the Smart FinTech Research Center at Sogang University for the joint development of an unstructured credit evaluation model using big data. Through this project, Beyond Platform plans to combine a big data analysis engine with machine learning technology to develop a self-learning credit evaluation model. The analysis engine will be able to upgrade itself and identify correlations between diverse pieces of information.

Business Challenge

Beyond Platform had to implement a data security strategy that placed the solution in compliance with the Personal Information Protection Act in South Korea as well as being able to pass the stringent NH Bank security review. A key component of the strategy was a solution that could effectively encrypt unstructured personal data contained in both image and sound files. The data included scanned borrower’s income verification documents and audio recordings of consent being provided verbally.

With the upcoming service launch, fast and reliable implementation of the encryption solution was a major concern. Unlike other similar P2P companies, Beyond Platform needed to implement a security level commensurate with the requirements of a commercial bank, as opposed to the lesser standards for a lending company. This was critical for Beyond Platform in order to bolster its competitiveness and differentiate itself from other rapidly growing financial services technology companies.

Technical Challenge

Beyond Platform initially decided to develop and implement an encryption solution for structured and unstructured data in accordance with NH Bank’s security policies. However, having insufficient staffing to carry out the development task, the company began researching outside alternatives that could be deployed and managed with minimal resources. In addition, the solution had to be capable of being implemented without having to make changes to existing applications or to the database schema.

Solution

After reviewing a series of encryption solutions from foreign and domestic vendors, Beyond Platform decided to implement Vormetric Transparent Encryption from Thales. The company was impressed by the many positive references for the solution both in Korea and internationally.

The Thales solution encrypts all file types, including logs, images, and database information, eliminating the need to purchase separate encryption solutions for the database and for unstructured data. The solution also delivers privileged user access control that prevents other administrators from accessing the files.

Of the options Beyond Platform researched, Thales best suited the company’s needs. As a startup with a limited data security staffing, the solution is ideal because it is easy to maintain and has nominal performance impact after deployment. Beyond Platform’s decision also was influenced by the fact that the full implementation of the encryption technology could be achieved without making any changes to the existing systems, with an implementation time significantly shorter than that of other vendors. The fact that the solution has Common Criteria security certification gave the firm confidence in choosing the Thales solution.

Results

Using Vormetric Transparent Encryption from Thales, Beyond Platform is now efficiently encrypting and managing structured and unstructured data in its enterprise application, and achieving the security level of a commercial bank. Thales encryption facilitates full compliance with the Personal Information Protection Act.

The P2P application easily passed the NH Bank security audit, enabling Beyond Platform to begin developing and launching additional P2P services, in turn, further reinforcing its reputation as a creative and trustworthy financial services technology provider.

As Vormetric Transparent Encryption from Thales supports the same level of encryption for unstructured and structured data, Beyond Platform has flexibility to scale the protection to include other data formats. The company plans to expand the use of the solution as it adds more servers. Now Beyond Platform can realize its vision of becoming a next generation P2P service provider without having to worry about data security.

Having conducted the encryption of all target data, the promise of needing a shorter time for implementation was confirmed, as well as avoiding the need to modify applications. System performance is not impacted after encryption, creating a secure environment with no adjustments imposed on application users. Consequently, the company was able to eliminate additional maintenance and labor costs related to implementing a new solution, drastically reducing the total cost of ownership.

Beyond Platform chose Roltech as a partner for the implementation of the database encryption solution. Roltech is a data encryption and network security solution provider that offers consulting, implementation, outsourcing, and maintenance service for enterprise data protection and personal data compliance.

BEYOND PLATFORM CREATES A SECURE ENVIRONMENT FOR BUSINESS INFORMATION WITH THALES DATA SECURITY

Business challenge

  • Comply with the Personal Information Protection Act and implement an encryption solution that meets the personal data security level required by the banking sector
  • Implement a reliable encryption solution in time for service launch

Technical challenge

  • Encrypt both structured and unstructured data so that separate development efforts are not required
  • Reduce time and technology adoption costs by implementing encryption technology without having to make changes to the existing database schema
  • Minimize maintenance and performance impact so that no additional staffing is required

Solution

  • Vormetric Transparent Encryption from Thales

Results

  • Reinforced the brand value and partnerships by safely protecting customer information in all formats
  • Achieved simple, fast and reliable system operation and management without making changes to existing applications and systems, avoiding additional investment costs

About Thales e-Security

Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group.

Download