ADV CaseStudy Insurance Company

One of India’s largest General Insurance Company Implements JISA’s Aadhaar Data Vault and Encryption Solution connected to HSM for Encryption Key Management

The Organisation

The organisation is India’s one of the largest general insurance company. It is ranked 68th on the Fortune 100 list of largest corporations in the U.S. based on 2017 revenue with $39.4 billion annual consolidated revenue. They offer a wide range of insurance products and services, including personal automobile, homeowners, commercial multi-peril, property, general liability, commercial automobile, surety, workers compensation, specialty lines, and reinsurance. This organisation has collaborated with over 30 cooperative banks to assist them for vehicle and personal accident insurance particularly to farmers.

The Business Challenge

Insurance company has to collect and store personal and sensitive data of their customer and other parties as well.  The data collected by insurance company does not only include PII data of the individual but the data including their personal information, Aadhaar Number, family members & their relationship with the individual, employer details, witnesses etc. The data collected by Insurance Company may include PHI i.e. health data, criminal convictions including penalty points if any. It also includes financial data of a customer i.e. premium collected, claims paid. 

This data would be collected and stored in their system in plain text format i.e. in unencrypted format. If any unauthorized person accesses the data or there is data loss, it would lead a serious data breach. This not only risks harm to the individuals but also strict penalties.

As per Indian regulations and data protection act, the sensitive data should be managed under reasonable security practices and  the organisation  shall  be  liable  to  pay damages  by  way  of  compensation,  to  the  person affected by data loss or theft. 

Hence to manage the personal and financial data of their customer, this Insurance company wanted to store it in a secure vault. This would in turn eliminate the risk of data breach and store the data in a secure vault.

The Solution

JISA’s CryptoBind SecureVault (J-Vault Aadhaar Data Vault) is the complete software package that is needed to implement secure practices in organisation. It allows applications to tokenise and replace sensitive data with token values. In order to address business challenge and considering the security of sensitive data, JISA has developed this solution that will help agency to implement an encrypted secure Data Vault to securely store Aadhaar number and subsequently encrypt sensitive data.

It exposes SOAP/ REST API to directly and securely store the sensitive PII, PHI data in a Data Vault using the Tokenization method. The package supports database encryption for data protection connected to HSM.

Hence CryptoBind SecureVault has been deployed to encrypt the sensitive and store it in secure vault with tokens/reference key. The CryptoBind SecureVault is connected to HSM to manage necessary encryption keys required to encrypt the data in the vault.

ADV Admin Portal is hosted on client location which works in sync with tokenization engine services. It facilitates various operations like User Access Control and Management, Application Onboarding, Key Management, Token Management, Policy Management, ADV Instance Configuration for Tokenization or De-Tokenization.

The Result