Coiney

Secure cloud infrastructure provides powerful solution for card payment innovator

Overview

“Unlike in the West, where card culture is firmly established, cash is still the dominant method of payment in Japan. Even in terms of retailers, credit cards can only be used at most large chains and department stores. Most small private stores do not accept them. I wanted to change that,” says Coiney founder and President, Naoko Samata, talking about of her company’s inception.

Coiney’s approach was simple. The company’s fundamental strategy was to use the information tools that we are comfortable with in modern life: smart phones. Smart phones can be used as credit card payment devices to promote “cashless enterprise” among businesses that up until now haven’t supported card payment, such as small retailers, restaurants , and salons.

There were a variety of hurdles when stores tried to support card payment in the past—credit checks performed by card companies and banks took a long time, and there were significant start-up costs to purchase dedicated terminals, implement dedicated lines, and launch operations. In contrast, the only pieces of equipment required for Coiney’s service were smartphones and “Coiney Reader,” a free miniature card reader. Once users create an account and install a dedicated application, they can start making card payments via their smartphone. This ease of use and convenience has caused the number of Coiney users to skyrocket.

Challenges

When Coiney was established, there was already a trend among startups to use the cloud to provide their IT infrastructure. The cloud offers easy scalability and high performance to support fast growth in services, as well as requiring only a small investment when launching services.

These cloud characteristics were attractive to Samata when she started Coiney. “For startups like us with little money and time, utilizing the cloud is the best strategy. It was impossible to consider any other option,” she recalls.

However, there were no other companies using the public cloud to develop and operate card payment services in Japan at the time. Consequently, Samata continued to negotiate with credit card companies while attempting to select a platform. She was particularly focused on compliance with PCI DSS (data security standards), since proving compliance with these standards was a requirement for starting the card payment service. Being able to fulfill this requirement promptly within a cloud infrastructure became the company’s greatest challenge.

Solution

After researching PCI DSS security requirements while utilizing cloud infrastructure, Coiney chose Amazon Web Services (AWS). The decisive factor in the selection was the platform’s compliance with PCI DSS. In short, AWS was the optimum cloud service to fulfill the requirements to obtain verified PCI DSS compliance.

But, because the security functions of AWS were not able to satisfy all of the approximately 360 requirements for PCI DSS, Samata adopted Trend Micro™ Deep Security™ to cover security needs not provided by AWS. Deep Security provided an Intrusion Detection System (IDS) and firewall, along with accompanying logs and records to satisfy the remaining PCI DSS security requirements.

"We chose Deep Security because we were focused on reliability and speed. Our selection was the correct choice and we have had zero reports of trouble."

Naoko Samata
Chief Executive Officer, Coiney, Inc.

“Initially, we examined open source tools and security as candidates but speed and reliability were of paramount importance to us. Therefore, we selected Deep Security as it has a great track record, we didn’t have to spend time testing it, and it offers a variety of functions and tools in one package,” says Samata.

Results

Coiney’s choice was a success. Cloudpack provided total support from the deployment and design on AWS to its operation and maintenance, and within a month, Coiney was able to completely implement its service in a production environment that included Deep Security. This allowed Coiney’s technical team to complete compliance work to acquire PCI DSS verification in only 3 months. The speed of this was astonishing as generally, “It’s a huge job that takes over a year,” says Samata. She adds that there have never been reports of trouble related to security management and operation and the company has high praise for the reliability and operability of Deep Security.

When moving to the public cloud, it’s critical to understand the shared responsibility model for security. Cloud providers will take care of infrastructure, but you are required to secure your workloads.

Deep Security efficiently solves high-priority security challenges in cloud environments, and features an exceedingly high return on investment. Coiney’s success story is a direct example of this.