Visa has invested in data custodian Very Good Security (VGS), a four-year-old startup that holds private customer data for fintech companies and large enterprises, helps reduce their compliance risk and ultimately, ideally, lowers the potential risk of data breaches.

VGS acts as a storage vault for data so companies can serve customers without seeing or touching the information businesses are required to collect forcompliance measures (proof of identity) along with other sensitive information (like payment or medical information). When companies need to use that information, VGS generates aliases for the data to keep it protected and still allow clients to use it.

“Why should your social security number need to live inside everyone else's servers?” Peter Berg, vice president of business development and strategy at Very Good Security, told Cheddar. “There’s a way to exchange the value of the data without exchanging the data itself.”

Visa and VGS declined to disclose the sum of the investment.

“We continue to invest in and partner with companies that provide valuable capabilities for our clients and for the network,” Kevin Jacques, vice president of Visa Ventures, said in an emailed statement. With VGS “companies can reduce the scope of their data security and compliance requirements by eliminating the sensitive data in their systems, enabling them to develop innovative ways to pay without compromising security or functionality.”

The news comes on the heels of Visa’s $5.3 billion acquisition of data aggregator Plaid, which was announced Tuesday.

There’s a pattern of “Visa wanting to devalue data,” said David Sica, a partner at Nyca Partners, which was an early investor in VGS, and a former Visa director. He noted Visa’s efforts, starting around 2014, in tokenizing credit card numbers, a similar practice of replacing the 16-digit card number with a different, one-time-use number to reduce the risk of disclosing sensitive information.

Tokenizing sensitive data doesn’t ensure that companies are meeting the compliance requirements set by the Payment Card Industry, however; it ensures data is hidden, but if the company still stores the raw sensitive data it will be responsible for data leaks. That is, in theory, why it would want to offload that original data to a company like VGS.

“There are plenty of examples where something has gone wrong, where a company wasn’t handling data properly,” Sica said. “It’s very hard to operate in the fintech world; privacy is incredibly important, it’s become table stakes that you need to be secure and operate in a compliant fashion.”

VGS has raised $43.5 million to date. Other investors include Goldman Sachs, Andreessen Horowitz and Max Levchin, Affirm CEO and PayPal co-founder. It was also a launch partner for the U.S. launch of Visa’s Fintech Fast Track program, which lends startups access to Visa’s fintech partners and expertise to help them go to market faster.

Data as a liability

While data might be the most important asset of any company with a digital strategy (read: every company), it can also be its biggest liability. There were 5,183 breaches reported by September 2019 and 7.9 billion personal data records exposed, compared to 1,632 breaches in 2018 and 446 million records, according to the third quarter 2019 RiskBased Data Breach QuickView Report. Most were hacking incidents, it said.

Further, while just 6.5 percent of data breaches in 2019 happened in financial services firms, they exposed 62 percent of the year’s total leaked data records, according to a Bitglass report, compiled from data by the Identity Theft Resource Center and the Ponemon Institute. The cost per average breached record in financial services is $210.

It’s unrealistic to call a system unhackable, but segmentation of different types of data and different consumer inputs of data is a high priority for VGS, Berg said. Its engineers work to make the data hard to access in the first place, but even if a hacker managed to get through the system, the data wouldn’t be useful thanks to that separation.

“You’re reading about all these breaches — it’s happening because big companies and merchants are storing customer identity information alongside payment information, so it's a one-stop-shop for people to come in and get a treasure trove of data,” Berg said.

“By separating out those data stores and aliasing them, you're inherently more secure by having different places you need to go to be able to stitch all that together,” he added.

Share:
More In Business
‘Chainsaw Man’ anime film topples Springsteen biopic at the box office
A big-screen adaptation of the anime “Chainsaw Man” has topped the North American box office, beating a Springsteen biopic and “Black Phone 2.” The movie earned $17.25 million in the U.S. and Canada this weekend. “Black Phone 2” fell to second place with $13 million. Two new releases, the rom-com “Regretting You” and “Springsteen — Deliver Me From Nowhere,” earned $12.85 million and $9.1 million, respectively. “Chainsaw Man – The Movie: Reze Arc” is based on the manga series about a demon hunter. It's another win for Sony-owned Crunchyroll, which also released a “Demon Slayer” film last month that debuted to a record $70 million.
Flights to LAX halted due to air traffic controller shortage
The Federal Aviation Administration says flights departing for Los Angeles International Airport were halted briefly due to a staffing shortage at a Southern California air traffic facility. The FAA issued a temporary ground stop at one of the world’s busiest airports on Sunday morning soon after U.S. Transportation Secretary Sean Duffy predicted that travelers would see more flights delayed as the nation’s air traffic controllers work without pay during the federal government shutdown. The hold on planes taking off for LAX lasted an hour and 45 minutes and didn't appear to cause continued problems. The FAA said staffing shortages also delayed planes headed to Washington, Chicago and Newark, New Jersey on Sunday.
Load More