Visa has invested in data custodian Very Good Security (VGS), a four-year-old startup that holds private customer data for fintech companies and large enterprises, helps reduce their compliance risk and ultimately, ideally, lowers the potential risk of data breaches.

VGS acts as a storage vault for data so companies can serve customers without seeing or touching the information businesses are required to collect forcompliance measures (proof of identity) along with other sensitive information (like payment or medical information). When companies need to use that information, VGS generates aliases for the data to keep it protected and still allow clients to use it.

“Why should your social security number need to live inside everyone else's servers?” Peter Berg, vice president of business development and strategy at Very Good Security, told Cheddar. “There’s a way to exchange the value of the data without exchanging the data itself.”

Visa and VGS declined to disclose the sum of the investment.

“We continue to invest in and partner with companies that provide valuable capabilities for our clients and for the network,” Kevin Jacques, vice president of Visa Ventures, said in an emailed statement. With VGS “companies can reduce the scope of their data security and compliance requirements by eliminating the sensitive data in their systems, enabling them to develop innovative ways to pay without compromising security or functionality.”

The news comes on the heels of Visa’s $5.3 billion acquisition of data aggregator Plaid, which was announced Tuesday.

There’s a pattern of “Visa wanting to devalue data,” said David Sica, a partner at Nyca Partners, which was an early investor in VGS, and a former Visa director. He noted Visa’s efforts, starting around 2014, in tokenizing credit card numbers, a similar practice of replacing the 16-digit card number with a different, one-time-use number to reduce the risk of disclosing sensitive information.

Tokenizing sensitive data doesn’t ensure that companies are meeting the compliance requirements set by the Payment Card Industry, however; it ensures data is hidden, but if the company still stores the raw sensitive data it will be responsible for data leaks. That is, in theory, why it would want to offload that original data to a company like VGS.

“There are plenty of examples where something has gone wrong, where a company wasn’t handling data properly,” Sica said. “It’s very hard to operate in the fintech world; privacy is incredibly important, it’s become table stakes that you need to be secure and operate in a compliant fashion.”

VGS has raised $43.5 million to date. Other investors include Goldman Sachs, Andreessen Horowitz and Max Levchin, Affirm CEO and PayPal co-founder. It was also a launch partner for the U.S. launch of Visa’s Fintech Fast Track program, which lends startups access to Visa’s fintech partners and expertise to help them go to market faster.

Data as a liability

While data might be the most important asset of any company with a digital strategy (read: every company), it can also be its biggest liability. There were 5,183 breaches reported by September 2019 and 7.9 billion personal data records exposed, compared to 1,632 breaches in 2018 and 446 million records, according to the third quarter 2019 RiskBased Data Breach QuickView Report. Most were hacking incidents, it said.

Further, while just 6.5 percent of data breaches in 2019 happened in financial services firms, they exposed 62 percent of the year’s total leaked data records, according to a Bitglass report, compiled from data by the Identity Theft Resource Center and the Ponemon Institute. The cost per average breached record in financial services is $210.

It’s unrealistic to call a system unhackable, but segmentation of different types of data and different consumer inputs of data is a high priority for VGS, Berg said. Its engineers work to make the data hard to access in the first place, but even if a hacker managed to get through the system, the data wouldn’t be useful thanks to that separation.

“You’re reading about all these breaches — it’s happening because big companies and merchants are storing customer identity information alongside payment information, so it's a one-stop-shop for people to come in and get a treasure trove of data,” Berg said.

“By separating out those data stores and aliasing them, you're inherently more secure by having different places you need to go to be able to stitch all that together,” he added.

Share:
More In Business
Al Sharpton to lead pro-DEI march through Wall Street
The Rev. Al Sharpton is set to lead a protest march on Wall Street to urge corporate America to resist the Trump administration’s campaign to roll back diversity, equity and inclusion initiatives. The New York civil rights leader will join clergy, labor and community leaders Thursday in a demonstration through Manhattan’s Financial District that’s timed with the anniversary of the Civil Rights-era March on Washington in 1963. Sharpton called DEI the “civil rights fight of our generation." He and other Black leaders have called for boycotting American retailers that scaled backed policies and programs aimed at bolstering diversity and reducing discrimination in their ranks.
A US tariff exemption for small orders ends Friday. It’s a big deal.
Low-value imports are losing their duty-free status in the U.S. this week as part of President Donald Trump's agenda for making the nation less dependent on foreign goods. A widely used customs exemption for international shipments worth $800 or less is set to end starting on Friday. Trump already ended the “de minimis” rule for inexpensive items sent from China and Hong Kong, but having to pay import taxes on small parcels from everywhere else likely will be a big change for some small businesses and online shoppers. Purchases that previously entered the U.S. without needing to clear customs will be subject to the origin country’s tariff rate, which can range from 10% to 50%.
Southwest Airlines’ new policy will affect plus-size travelers. Here’s how
Southwest Airlines will soon require plus-size travelers to pay for an extra seat in advance if they can't fit within the armrests of one seat. This change is part of several updates the airline is making. The new rule starts on Jan. 27, the same day Southwest begins assigning seats. Currently, plus-size passengers can pay for an extra seat in advance and later get a refund, or request a free extra seat at the airport. Under the new policy, refunds are still possible but not guaranteed. Southwest said in a statement it is updating policies to prepare for assigned seating next year.
Load More