Debexpert blog – online debt trading platform that really cares

How does Debexpert protect customer data?


Back in the day, bad guys used guns to rob their victims. Today, it's way more common to rob people using a computer.
Hi. This is Thomas Edwards, Marketing Director at Debexpert. Today, I'm going to talk about how we protect our most valuable asset - customer data. And at the end of this episode, I'm going to give some simple tips that actually work. Trust me, they do.


If you think all cybercriminals are very smart, you're wrong. They’re just observant and skillfully exploit our mistakes. According to Splashdata, a provider of cybersecurity applications, the most popular password in the world is 123456. No one makes us use such passwords, this is our choice. That password didn't work? Well, let's try entering your name and birth year. Or a dog's name. Or just five 1s. Sooner or later, you’re going to crack the code.
If cybercriminals go to great lengths to crack the email password of an ordinary person, imagine how interested they are in what’s stored in corporate servers? They store terabytes of data, promising millions of dollars of "easy money." That’s why data protection is very important for any online service.


When selling a debt portfolio, the most valuable information is, of course, an electronic portfolio containing debtors data. Some lenders still use CDs or flash drives to transfer data to buyers. Some prefer file exchange services. We use end-to-end encryption. Today, it's the most reliable way to protect data from theft. And it's easy to do for the client - you just need to make a couple of mouse clicks.


End-to-end encryption is when a file is encrypted with keys that are stored in the seller's and buyer's computers. No one else - not fraudsters, not your competitors, not me, not even the sender of the file - can open your file. Even if someone else gets it by mistake, they can't do anything with it. 



At Debexpert, we use the Advanced Encryption Standard, or AES for short, to protect data. This is the most advanced encryption system in the world. By the way, this encryption is used by the U.S. government, and our country can afford the very best.
But more to the point. All bidders on Debexpert have their own unique encryption keys. These keys are either "public", meaning they can only encrypt a file, or "private", meaning - as you may have guessed - they can only open a file. When sending any file, the system encrypts it with the recipient's public key. And only the recipient can open it. But not with the public key, instead they use the private one which is stored in their computer.


Here we come to the main question - can we trust AES?
As I said, AES algorithms are used by our government. In addition, AES has been approved by the U.S. National Security Agency , or NSA, as a standard for the encryption of highly sensitive information.
It has already been calculated that to crack AES keys, you need to have several supercomputers and dozens of years of time. Hardly any criminals have such capabilities.



And now, as I promised, some tips
First, never store valuable data on public file-sharing or hosting websites. Uploading personal photos or music is one thing, but uploading documents of value is quite another. Such files should not be posted unencrypted.
Second, sending data via email does not guarantee security either. It takes only a couple of minutes for professionals to crack email accounts protected by a simple password. But even more complex passwords do not guarantee complete protection. Especially if your email address is linked to social media accounts.
Third, if you still transfer data on disks or flash drives, at least protect them with standard encryption systems. Of course,this won’t pose any problems for professionals, but it will at least keep your data out of the public domain if, say, you forget your flash drive in a bar on a Friday night.


That's all for today. Thomas Edwards of Debexpert signing off. Bye!





For debt sellers For debt buyers