Visa has invested in data custodian Very Good Security (VGS), a four-year-old startup that holds private customer data for fintech companies and large enterprises, helps reduce their compliance risk and ultimately, ideally, lowers the potential risk of data breaches.

VGS acts as a storage vault for data so companies can serve customers without seeing or touching the information businesses are required to collect forcompliance measures (proof of identity) along with other sensitive information (like payment or medical information). When companies need to use that information, VGS generates aliases for the data to keep it protected and still allow clients to use it.

“Why should your social security number need to live inside everyone else's servers?” Peter Berg, vice president of business development and strategy at Very Good Security, told Cheddar. “There’s a way to exchange the value of the data without exchanging the data itself.”

Visa and VGS declined to disclose the sum of the investment.

“We continue to invest in and partner with companies that provide valuable capabilities for our clients and for the network,” Kevin Jacques, vice president of Visa Ventures, said in an emailed statement. With VGS “companies can reduce the scope of their data security and compliance requirements by eliminating the sensitive data in their systems, enabling them to develop innovative ways to pay without compromising security or functionality.”

The news comes on the heels of Visa’s $5.3 billion acquisition of data aggregator Plaid, which was announced Tuesday.

There’s a pattern of “Visa wanting to devalue data,” said David Sica, a partner at Nyca Partners, which was an early investor in VGS, and a former Visa director. He noted Visa’s efforts, starting around 2014, in tokenizing credit card numbers, a similar practice of replacing the 16-digit card number with a different, one-time-use number to reduce the risk of disclosing sensitive information.

Tokenizing sensitive data doesn’t ensure that companies are meeting the compliance requirements set by the Payment Card Industry, however; it ensures data is hidden, but if the company still stores the raw sensitive data it will be responsible for data leaks. That is, in theory, why it would want to offload that original data to a company like VGS.

“There are plenty of examples where something has gone wrong, where a company wasn’t handling data properly,” Sica said. “It’s very hard to operate in the fintech world; privacy is incredibly important, it’s become table stakes that you need to be secure and operate in a compliant fashion.”

VGS has raised $43.5 million to date. Other investors include Goldman Sachs, Andreessen Horowitz and Max Levchin, Affirm CEO and PayPal co-founder. It was also a launch partner for the U.S. launch of Visa’s Fintech Fast Track program, which lends startups access to Visa’s fintech partners and expertise to help them go to market faster.

Data as a liability

While data might be the most important asset of any company with a digital strategy (read: every company), it can also be its biggest liability. There were 5,183 breaches reported by September 2019 and 7.9 billion personal data records exposed, compared to 1,632 breaches in 2018 and 446 million records, according to the third quarter 2019 RiskBased Data Breach QuickView Report. Most were hacking incidents, it said.

Further, while just 6.5 percent of data breaches in 2019 happened in financial services firms, they exposed 62 percent of the year’s total leaked data records, according to a Bitglass report, compiled from data by the Identity Theft Resource Center and the Ponemon Institute. The cost per average breached record in financial services is $210.

It’s unrealistic to call a system unhackable, but segmentation of different types of data and different consumer inputs of data is a high priority for VGS, Berg said. Its engineers work to make the data hard to access in the first place, but even if a hacker managed to get through the system, the data wouldn’t be useful thanks to that separation.

“You’re reading about all these breaches — it’s happening because big companies and merchants are storing customer identity information alongside payment information, so it's a one-stop-shop for people to come in and get a treasure trove of data,” Berg said.

“By separating out those data stores and aliasing them, you're inherently more secure by having different places you need to go to be able to stitch all that together,” he added.

Share:
More In Business
Disney content has gone dark on YouTube TV: What you need to know
Disney content has gone dark on YouTube TV, leaving subscribers of the Google-owned live streaming platform without access to major networks like ESPN and ABC. That’s because the companies have failed to reach a new licensing deal to keep Disney channels on YouTube TV. Depending on how long it lasts, the dispute could particularly impact coverage of U.S. college football matchups over the weekend — on top of other news and entertainment disruptions that have already arrived. In the meantime, YouTube TV subscribers who want to watch Disney channels could have little choice other than turning to the company’s own platforms, which come with their own price tags.
Universal Music and AI song generator Udio partner on new AI platform
Universal Music Group and AI platform Udio have settled a copyright lawsuit and will collaborate on a new music creation and streaming platform. The companies announced on Wednesday that they reached a compensatory legal settlement and new licensing agreements. These agreements aim to provide more revenue opportunities for Universal's artists and songwriters. The rise of AI song generation tools like Udio has disrupted the music streaming industry, leading to accusations from record labels. This deal marks the first since Universal and others sued Udio and Suno last year. Financial terms of the settlement weren't disclosed.
Load More