Eliminate security threats by offloading and anonymizing sensitive data.
I had a great conversation with Mahmoud Abdelkader, CEO and Co-founder of Very Good Security, provider of sensitive data-as-a-service. Mahmoud and his partner, Marshall Jones, started Very Good Security after creating Balanced and spending a lot of time and money building a secure payment system just so they could handle payments.
As they were winding down Balanced, clients asked to buy the secure payment system they had created for their business. Their experience with Balanced and the requests from clients caused Mahmoud and Marshall to realize the real need and demand for a solution to help companies handle sensitive customer data like social security numbers, credit card information, and other personally identifiable information (PII).
In order to secure PII and remain compliant, companies have needed to create a hub and spoke architecture. This is expensive and time-consuming and is rarely a core competency of any company.
VGS stores sensitive data for other companies and substitutes dummy data. When the data needs to be moved or accessed, VGS injects the original information without their clients needing to change the code. There’s no PII data onsite for the client therefore no PCI compliance issues.
VGS eliminates security threats and enables retail platforms. Clients can get insights from their data without holding on to their data. Companies can charge credit cards and ship orders without retaining credit card numbers or shipping addresses. The complexity of building secure platforms is obfuscated while transactions are facilitated.
How It Works
Collect -- There are multiple methods to securely collect sensitive data, insulating end-user customers from ever having it touch client systems (i.e., Secure Web Form Collect.js, HTTPS or SFTP protocols, SIP and VOIP).
Exchange -- Operate on aliased data as if it is the sensitive data, and on outbound requests, the original data is re-inserted in place of aliased data in real-time, and the destination endpoint receives the original data.
Protect -- Sensitive data is replaced with an aliased version, which can be safely stored and used in the same way as the original data. The original data is stored in a secure VGS environment, thereby offloading liability and removing the risk of a data breach.
Integration -- There are currently 39 out of the box. These pre-configured routes enable clients to quickly get up and running with their payment partners using their own credentials. If you don’t see a service or a vendor on the list that you have an account with or are working with, VGS will provide support. VGS proxies work with any endpoint.
Case Studies
Brex is a fintech offering new innovative corporate cards to segments like venture-backed startups, and e-commerce companies. They did not want to spend months becoming PCI compliant. They off-loaded the bulk of their PCI and security responsibility to VGS so they could go-to-market more quickly. Brex is able to issue credit cards without having to achieve PCI compliance directly.
Yofii is a fintech company that helps people get out of credit card debt as such it has access to a lot of financial information from their customers. Zero data enables us to manage our clients’ information without worrying about the security of that information. VGS protects Yofii and our clients’ data.
Other use cases include personal finance, identity verification, payments, and credential storage.
To let users become familiar with this new security concept, VGS is providing access to its tokenization API for free through 2020.