Blog

Company Updates,
Security and Technology News

Try VGS for free Contact Us

Hoang Leung Hoang Leung November 20, 2020
pci holiday

Don’t Let a Lack of Data Security Ruin Your Holiday Season.

At this time of the year, the air becomes crisp and holiday excitement starts brewing. For online retailers, visions of jingle dollars dance in their head as the holiday season represents up to 30% of annual sales. But when sales go up, so does the activity of cyber criminals.

Channin Gladden Channin Gladden November 9, 2020
crpa

CPRA (Prop 24), Data Compliance, and Data Security: Here’s What you Need to Know.

Last week, California voters passed Proposition 24, the California Privacy Rights and Enforcement Act (CPRA). The CPRA expands the existing online consumer privacy protections of the California Consumer Privacy Act (CCPA) that went into effect this year and clarifies some of its ambiguities.

Hoang Leung Hoang Leung November 5, 2020
Payments Gateway

Secure Your Ecommerce Transactions for Compliance and to Monetize the Value of Your Data

As you consider how to collect payments for your ecommerce business you will also have to consider which form of payments to accept. The most widely accepted form of payment for ecommerce is card payment. As a result, you’ll have to determine how to collect card payment information in a PCI compliant manner.

Irina Irina Ziakhor October 28, 2020
Card Scan

Securely Collect Data with the New VGS Collect CardScan Module for Mobile SDKs

Here at VGS our mission is to secure the world's sensitive data. We’re thrilled to announce the release of a new VGS Collect CardScan Module for our Mobile iOS and Android SDKs.

Ken Geers Kenneth Geers October 21, 2020
PII elections

2020 Election Security and PII Compliance

Please Vote!

If you are lucky enough to live in a democracy, you should always exercise your right to vote. Today, the U.S. Constitution guarantees every American over the age of 18 the right to choose their government, regardless of race, gender, religion, disability, or sexual orientation.

Robert Faba Robert Faba October 15, 2020
PCI violation

You’ve Been Notified of a PCI DSS Violation: Now What?

Payment Card Industry (PCI) compliance is a beast, and implementing data security best practices requires work from hard-to-acquire talent. This can lead to an unintended breach of privacy in even the most security-conscious company.

Robert Faba Rob Faba October 8, 2020
Compliance PCI QSA
QSA

Enhancing PCI Qualified Security Assessor (QSA) and Customer Relations

Have you ever considered the relationship between the PCI DSS QSA and your business? When you are looking to become PCI DSS compliant and protect your consumer’s sensitive data, your Qualified Security Assessor becomes invaluable. Not only does a PCI QSA conduct your PCI DSS audit, but they are also the only person capable of providing you with a Report on Compliance (RoC).

d Dmytro Khludkov October 1, 2020
IOS Code Engineering
ios

iOS App Security: 5 Tips to Prevent Sensitive Data Leakage

In a world of increasing data breaches, iOS App security and data protection has become more important than ever. Users are now familiar with how it can be easy to jailbreak iOS device and how some applications grab users’ data. Developers need to be able to easily and efficiently build user data protection into each application to prevent sensitive data leakage upon release and during future updates.

Ken Geers Kenneth Geers September 9, 2020
LGPD

LGPD - What to Expect from Brazil’s version of the GDPR

Brazil’s LGPD Privacy Law has brought additional attention to information security and data protection.

Europe and California are no longer alone in their recent concern for data privacy. In South America, Brazil will now enforce the Lei Geral de Proteção de Dados Pessoais (LGPD), which is similar in nature to the European GDPR (General Data Protection Regulation) and California Consumer Privacy Act (CCPA). Given Brazil has a population of over 210 million people, LGPD will have global ramifications.

Mahmoud Mahmoud Abdelkader September 1, 2020
CB insights

Very Good Security Named to the 2020 CB Insights Fintech 250 List of Fastest-Growing Fintech Startups

CB Insights today named VGS to the third annual Fintech 250, a prestigious list of emerging private companies working on groundbreaking financial technology.

Channin Gladden Channin Gladden August 28, 2020
EU-US privacy

Schrems II: EU-U.S. Privacy Shield Invalidated | Very Good Security

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield, a voluntary program that thousands of US businesses relied on for personal data transfers from Europe to the United States. For those of you who follow these things, the case is commonly referred to as Schrems II.

Irina- ziakhor Irina Ziakhor August 12, 2020
ios SDK collect

Collect sensitive data on iOS and Android with VGS Collect SDKs

Here at VGS, our mission is to secure the world's sensitive data. The first step toward achieving that goal is to protect data where it’s collected.

With VGS Collect, developers can safely ask users for critical data, like credit card details, over the web or through IVR systems and limit security risk for both themselves and their users. Recently, we’ve added a new VGS solution for securing sensitive data collected from mobile applications - VGS Collect iOS and Android SDKs.

Rahul Verma Rahul Verma August 6, 2020
Application PCI

3 Surprising Ways Your Application Can Bring You Under PCI Scope

How sure are you that your company’s data security falls outside of PCI scope? Did you know that even if your application never keeps cardholder data in persistent storage, you still might have to meet the PCI Data Security Standard’s stringent requirements.

Robert Faba Robert Faba July 16, 2020
Data breach

Data Breach Protection Best Practices

Data breach stories have been a fixture in the media for several years now, with large-scale breaches making the news on a regular basis. These data leaks have impacted every type of organization, from major airlines to global financial institutions – and the damage they leave behind is massive.

Channin Gladden Channin Gladden July 2, 2020
Bank security

How Today’s Data Security Solutions Are Failing Banks

When we think of where the bank stores our money, we think of a vault secured with high-tech locks and multiple doors. Unfortunately, data security has been handled much in the same way - with slap-on safeguards. Securing these digital vaults hasn’t changed much since 2010, with many more companies lagging behind in compliance and ill-equipped to handle cybersecurity threats. Hackers can access these vaults through brute force alone. Or they can simply work their way up the hierarchy, stealing credentials from employees until they hit the jackpot.

Peter-VGS-headshot-square Peter Berg June 22, 2020
payment-tech-hero

Payment Tech, Data Security Trends, & Fintech Predictions: Q&A with Peter Berg

Peter Berg is the VP of business development and strategy for Very Good Security (VGS). Peter joined VGS from Visa, where he created and led Visa Ventures, their global venture investment arm responsible for investments in early-stage payment and technology companies including Stripe, Marqeta, Klarna, Chain and more.

Before leading Visa Ventures, Peter helped shape Visa’s product strategy in new and emerging payments, and lead Visa’s relationship with Square. Prior to Visa, Peter was a co-founder or early employee of several successful startups in financial services and technology; two were acquired and one remains privately held today.

Alex Alexander Diatlov June 12, 2020
remote work

Work From Home: Life Hacks From Very Good Security

A company-wide shift to full-time remote work would typically take months or even years, but in the context of the Coronavirus pandemic, everyone was forced to do it almost instantly. Some companies found this transition quite easy, but the majority felt unaccustomed, to say the least.

Pete LaFond Pete LaFond June 5, 2020
Free tokenization

We’re Giving Away Tokenization for Free. Here’s What You Need to Know.

2020 has been a year like no other. In response to these unprecedented times, companies are needing help from wherever they can get it as they try to restart. This is why Very Good Security is announcing a special free tokenization solution offer.

David Scovetta David Scovetta June 1, 2020
PCI
TCO-pci-compliance-2

Cost of PCI Compliance: Can Saving Money on PCI Actually Make You Safer?

So, you’re a small business owner with a startup that needs to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Regardless of your business type, if your organization needs to become PCI compliant, that means you plan on operating on cardholder data and you have a responsibility to protect that sensitive credit card information.

Robert Faba Robert Faba May 28, 2020
-

What Is Tokenization And How Does It Influence PCI DSS Compliance?

Tokenization has been a hot topic in the payments industry for some time, now used by financial institutions in transaction processing all around the world. Companies implement tokenization systems to keep sensitive data, like credit card payment details, safe while still being able to store and use the information.

Amanda Amanda Heinemann May 21, 2020
Very Good Security Achieves Amazon Web Services Partner Network Select Technology Partner Status

Very Good Security Achieves Amazon Web Services Partner Network Select Technology Partner Status

Today we are excited to announce that Very Good Security (VGS) has achieved Select Technology Partner status within the Amazon Web Services (AWS) Partner Network (APN). We are thrilled to work with AWS to provide customers modern data security and compliance solutions.

Channin Gladden Channin Gladden May 14, 2020
CCPA CPRA Compliance
CCPA 2.0

CCPA 2.0 - Here’s What You Need to Know | Very Good Security

Dubbed “CCPA 2.0,” a proposed initiative called the California Privacy Rights Act (CPRA) is gaining traction – and will likely make an appearance on the November 2020 ballot in California.

The original legislation, the California Consumer Privacy Act (CCPA), only came into effect on January 1, 2020, but we are already seeing potential changes to this data privacy regulation looming on the horizon. If passed, these proposed changes like CPRA could mean businesses will need to further beef up their data security measures.

marshall-jones-r Marshall Jones May 5, 2020
Payment Card Industry Data Security Standard (PCI DSS) includes specific requirements for the transmission of cardholder information across open, public networks (including email and other messaging technologies).

Email And PCI Compliance: How to Stay Secure & Compliant

It’s common knowledge that sensitive information, like payment card data, shouldn’t be sent through email in an unencrypted state. There is simply too much information security risk, and too many opportunities for cybercriminals to intercept that data.

Maksym Kulish Maksym Kulish April 28, 2020
DevOps GitOps
gitops-vgs

Securing GitOps Deployments in AWS EKS | Very Good Security

As every engineer knows, software advancements often come with novel risks, regardless of improvements in security. Every new technology that aims to ease the ever-increasing demands of IT operations teams also brings new security challenges along with it.

David Scovetta David Scovetta April 1, 2020
PCI
PCI-compliance-in-under-7-days

Becoming PCI Compliant in Less Than 7 Business Days with VGS | Very Good Security

Do you know how long it takes to become PCI compliant?

Fulfilling all the requirements spelled out in the Payment Card Industry Data Security Standard (PCI DSS) is a complicated process with a ton of moving pieces.

marshall-jones-r Marshall Jones March 20, 2020
ISO8583 PCI
pci-complaince-with-iso-proxy

Achieving PCI Compliance with ISO8583

Is your organization connecting to a payment gateway, processor, or other financial institution – like FIS or I2C – that requires you to use ISO8583 to handle payment messaging?

If so, you likely already know that your business needs to achieve some form of PCI compliance in order to handle the sensitive data contained within those messages.

David Scovetta David Scovetta March 13, 2020
PCI + Logo

PCI Compliance for Small Businesses | Very Good Security

Attaining PCI compliance for small businesses is no small feat, but securing sensitive cardholder data in a PCI compliant manner is easier, faster, and more affordable with an end-to-end PCI compliance solution - like VGS.

Small businesses, from e-commerce merchants to service providers, all need to ask themselves the same question early in the lifespan of their company: do I need PCI compliance?

If you work with payment cards, including both debit and credit cards, then the answer is yes - you do need to comply with the Payment Card Industry Data Security Standard (PCI DSS).

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader March 12, 2020
VGS Logo

COVID-19 Precautions

We are taking seriously the risks to business continuity that could be caused by the COVID-19 coronavirus and would like to update you on the measures we are adopting.

David Scovetta David Scovetta February 19, 2020
what-is-pci-compliance

What is PCI Compliance? | Very Good Security

A simplified crash course on the Payment Card Industry Data Security Standard (PCI DSS), including the most cost-effective path to securing cardholder data and quickly obtaining PCI Compliance.

Unsure about PCI Compliance? Here’s everything you need to know about PCI DSS and what it takes to obtain – and demonstrate – your company’s compliance.

You can do this yourself or with the help of third parties, which we will cover at the end of this post.

Channin Gladden Channin Gladden January 30, 2020
CCPA am I selling data

Am I selling data? Why you may need CCPA compliance and not know it | Very Good Security

Think your business doesn’t need to worry about the California Consumer Privacy Act (CCPA) because you don’t sell any data for business purposes?

You may want to take a second look.

Under the broad definition of “sale” used in CCPA, you could very possibly be subject to CCPA requirements and unknowingly failing to achieve and maintain compliance. With the financial penalties associated with non-compliance, not to mention the data security risk that results from ignoring CCPA requirements, it’s absolutely vital to make sure that you know whether or not your business activities would be considered to be “selling data” under the CCPA.

Ena Kadribasic Ena Kadribasic January 28, 2020
data-security-vgs

The Importance of Having a Security-First Mindset and How to Build One | Very Good Security

Cyber security is wildly unfair. A hacker only needs to succeed once to get what they want, while businesses need to succeed every day indefinitely to prevent that from happening.

For cyber security professionals and other security experts, security is a day-to-day concern that touches many facets of your work life. After all, putting the data privacy of your customers at the top of your priority list is something that simply comes with the job nowadays. This is often true for professionals working for modern companies, as handling user data and ensuring privacy protection is table stakes in today’s data-driven market.

Channin Gladden Channin Gladden January 23, 2020
data-privacy-vgs

Importance of Compliance Early in a Company’s Lifespan | Very Good Security

Getting compliant with data protection laws and regulations as soon as possible is vital for startups, particularly if data privacy and information security are core features of the company culture you’re trying to build. Managing compliance at the first opportunity not only comes with a number of both short-and-long-term benefits, but also helps your company avert disasters down the road.

Ena Kadribasic Ena Kadribasic January 22, 2020
Paytient-zero-data-hero

Paytient - Zero Data Hero Customer Spotlight

We are happy to introduce Brian Whorley, CEO and founder of Paytient, an innovative health care technology company that leverages our Zero Data solutions to protect sensitive patient data

Tell us about Paytient

Brian: Sponsored by employers, Paytient is a payer for employees' out-of-pocket medical, dental, pharmacy, vision, or veterinary expenses. At a high level, our mission is to remove cost as a barrier to care for employees by offering an innovative way to pay for any out-of-pocket costs of care.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader January 15, 2020
visa-vgs-investment

Announcing Very Good Security’s Strategic Investment from Visa

Today we are excited to announce that Very Good Security (VGS) has received a strategic investment from Visa, Inc. We are proud to add Visa to our list of incredible investors, including Andreessen Horowitz, Goldman Sachs, and Vertex Ventures US.

Visa’s founder, Dee Hock, once said: “Preserve substance; modify form; know the difference.” Sensitive financial and personal data are powerful keys to unlock value. However, if compromised, these keys cannot be reissued, and therefore require a proportional amount of protection.

Ena Kadribasic Ena Kadribasic January 9, 2020
vgs-data-security

Data Security New Year’s Resolutions for You and Your Business

New year, new you!

With the new year – and new decade – upon us, now is the perfect time to start thinking about what we want 2020 to look like.

For small business owners, or really any team member at a modern company, data privacy and information security present major challenges in the coming year. After an uptick in data breach incidents in 2019, we all need to be especially vigilant in the new year.

Ena Kadribasic Ena Kadribasic December 19, 2019
can-duruk-vgs

From Uber to VGS, Introducing Our New Product Manager

We’d like to introduce our new Product Manager, Can Duruk, who just joined VGS! With experience helping roll out new app security features during his time working at Uber, Can understands what it means to build meaningful products that keep the end-user – and their sensitive data – in secure hands.

Ena Kadribasic Ena Kadribasic December 17, 2019
PSD2 PSD SCA
PSD2-and-SCA-vgs

PSD2 and Strong Customer Authentication: What You Need to Know

The second Payment Services Directive (PSD2), issued on September 14th, 2019, has introduced new requirements for banks to reduce fraud, called strong customer authentication (SCA) requirements. In this brief guide, we’ll cover all the key facts you can’t go without.

Channin Gladden Channin Gladden December 12, 2019
PCI DSS
pci-dss-compliance

PCI DSS and What It Means for You

Running a business in the digital age is no easy feat. This is especially true nowadays, when consumer data security is at the forefront of the conversation.

Data breaches have hit even some of the biggest multinationals out there, enabling the exposure of sensitive user data and compromising the privacy and trust of their customers. When it’s payment card data that leaks on a large scale like this, the damage goes far beyond consumer confidence.

Channin Gladden Channin Gladden December 9, 2019
eCommerce-pci-dss

PCI DSS Compliance: A Guide for eCommerce Businesses | Very Good Security

The digital era has unleashed endless possibilities for launching eCommerce businesses. From independent home-based Amazon merchants to large-scale online retail operations, the barriers to entry in the eCommerce space have drastically fallen.

Moreover, it’s never been easier for consumers to buy goods and services online. Shoppers send their credit card numbers and addresses to online retailers constantly, even saving their cardholder data in their web browsers for a seamless eCommerce checkout experience.

Julianna Lamb Julianna Lamb December 5, 2019
squads-structure

Embracing the Squad: How We Structured Our Engineering Team for Growth

Over the past year, the VGS team has doubled; to support that growth, we’ve had to evolve how we structure our engineering team. Here we detail the choice to adopt the squads structure as the one to scale with our team.

Ulyana Falach Ulyana Falach December 3, 2019
MFA
one-time-passwords

Beefing Up Our Identity and Access Management System (IAM) with One-Time Passwords (OTP)

Very Good Security(VGS) is continuously looking for ways to facilitate security and minimize the potential risk for our users, including when it comes to identity management.

Amanda Amanda Heinemann November 25, 2019
plaid-partnership-vgs

Announcing Very Good Security’s Partnership with Plaid

Security and Connectivity for the Fintech Ecosystem

In today’s rapidly evolving fintech ecosystem, foundational building blocks like data security and connectivity to financial institutions are prerequisites for building valuable fintech products. However, these building blocks are rarely companies’ core competencies. Just as modern fintechs are no longer expected to build their own one-off integrations with financial institutions, they shouldn’t be expected to build data security and compliance solutions from scratch when it isn’t their focus.

Ena Kadribasic Ena Kadribasic November 21, 2019
center

Iframes as a Security Feature

Embedded content is an ingrained part of the modern online experience – from YouTube videos and like buttons to advertisements and so much more. The average internet user may not realize just how much third-party content is embedded into each page they visit.
Apart from the dynamic user experience and revenue-generation that embedded third-party content can provide, there is an additional benefit that doesn’t get quite enough attention: data security.

Ena Kadribasic Ena Kadribasic November 19, 2019
HC3-zero-data-hero

HC3 - Zero Data Hero Customer Spotlight

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Ena Kadribasic Ena Kadribasic November 13, 2019
Fintech

Data Security Solutions for Fintech Startups | Very Good Security

The fintech sector has brought consumers an endless stream of modern offerings that have enabled them to ditch several outdated banking and lending products from legacy financial institutions.

Ena Kadribasic Ena Kadribasic November 12, 2019
holiday-season-vgs

Renewed Data Security Threats for the 2019 Holiday Season: How Businesses Can Prepare

Consumer data breaches are a dime a dozen these days, with massive, highly-public cyberattacks hitting our newsfeeds on a nearly weekly basis.

From social security numbers and credit card numbers to other types of sensitive data, it seems like several popular global corporations have failed to keep their customers’ sensitive personal information safe time after time.

And, unfortunately, earlier this month it was confirmed that enterprise-scale cybercriminals are successfully executing newer, sneakier, and increasingly dangerous cyberattacks that are becoming increasingly difficult to detect.

Ena Kadribasic Ena Kadribasic November 6, 2019
PCI CCPA Datasecurity
compliance-vgs

Data Compliance: How Modern Businesses Can/Should Approach Data Security | Very Good Security

These days, it seems that companies are having to navigate increasingly complex data compliance regulations. From following PCI DSS rules to maintaining HIPAA, GDPR, and CCPA compliance, the complicated web of global regulatory frameworks for data protection just keeps getting more and more tangled.

Ena Kadribasic Ena Kadribasic November 5, 2019
moonpay-zero-data-hero

MoonPay - Zero Data Hero Customer Spotlight

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Ena Kadribasic Ena Kadribasic October 30, 2019
Tokenization-vs-encryption-vs-aliasing

Tokenization vs. Encryption vs. Aliasing - How to Truly Minimize Compliance Risk

In the context of data protection, modern digital businesses realize the dangers that come with using sensitive information in its raw form. Figuring out a way to collect and use the original data without putting it at risk remains a challenge, and organizations must channel a lot of their resources into IT security that protects their users’ sensitive data like credit card numbers and other cardholder information.

With so many highly-publicized data breaches hitting newspaper headlines in recent years, including a massive Capital One data breach in 2019, it has become more important than ever to protect sensitive consumer data and limit its exposure to data leaks.

Bohdan Khablenko Bohdan Khablenko October 29, 2019
building-fine-grained-distribution-system

Building a Fine-Grained Permissions System in a Distributed Environment: Implementation

In a previous article, we discussed how to authorize resource access in a distributed environment and what challenges doing so poses in terms of architecture. In this article, we detail how our engineering team dealt with some of these challenges to build a fine-grained permissions system.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader October 24, 2019
GS + VGS

Announcing VGS’ $35M Series B Financing

Three years ago, Very Good Security (VGS) embarked on a mission to prove a novel concept in the data security landscape: the best way to protect sensitive data is to not possess it in the first place. Since 2016, we have enabled our customers to adopt a “Zero Data” approach to de-scope their systems from interacting with sensitive data, while allowing them to maximize data utility and quickly achieve compliance certifications.

Amanda Amanda Heinemann October 23, 2019
multiplexing-vgs

Multiplexing: The More the Merrier

Imagine you need to get from your home to the airport to catch a flight. You open the Lyft app on your phone and see that Lyft is surging and the ride will cost you $75. You, almost subconsciously, open the Uber app and it’s $55 for the same ride. You then confirm your Uber ride and you’re on your way.

Ena Kadribasic Ena Kadribasic October 22, 2019
point-app-zero-data-hero

Point - Zero Data Hero Customer Spotlight

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Channin Gladden Channin Gladden October 17, 2019
ССPA
ccpa-vgs

With CCPA amendments finalized, here’s everything you need to know about proposed verification rules

On January 1, 2020, the California Consumer Privacy Act (CCPA) will - at long last - go into effect. For anyone following the journey of this soon-to-launch privacy law, this has been a long time coming.

In recent months, major adjustments have been coming together as California regulatory authorities have been waiting on the approval of certain amendments to the core characteristics of the upcoming data privacy framework.

Ena Kadribasic Ena Kadribasic October 16, 2019
pci-compliance-aliasing

PCI DSS outsourcing - Compliance Without EVER Touching Sensitive Cardholder Data

The next era of data security is already upon us, and it involves washing our hands of sensitive user data entirely.

Imagine a world where your business doesn’t have to worry about managing its own Payment Card Industry Data Security Standard (PCI DSS) compliance, simply because sensitive cardholder data never passes through your systems in the first place.

It’s a concept we call Zero Data.

Ena Kadribasic Ena Kadribasic October 8, 2019
seekom-zero-data-hero

Zero Data Hero Customer Spotlight - Seekom

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Ena Kadribasic Ena Kadribasic October 3, 2019
pci-dss-compliance-solutions

PCI DSS Level 1 Compliance as Quick as 21 days | Very Good Security

Achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a lengthy and expensive process.

For Level 1 compliance, which is required for businesses that handle high volumes of payment card data, upfront costs can easily run you $1.1m and the journey to your certification can last between 9 and 12 months if you opt to build your compliant infrastructure by yourself.

Ena Kadribasic Ena Kadribasic September 24, 2019
travelbank-zero-data-hero

Zero Data Hero Customer Spotlight - TravelBank

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

TravelBank’s innovative, all-in-one trip expense platform - protected by VGS

Ena Kadribasic Ena Kadribasic September 18, 2019
GDPR CCPA Compliance
vgs-cppa-vs-gdpr-hero-3

GDPR vs CCPA Compliance, All in One Place

In our last blog post about CCPA, we went into the details of California’s comprehensive privacy law, more formally known as the California Consumer Privacy Act. Coming into effect January 1, 2020, the new privacy law pertain to companies that collect data from California residents, regardless of the location of the company - both within the United States and globally.

Ena Kadribasic Ena Kadribasic September 18, 2019
tokenization-vgs

To Tokenize Or Not Tokenize – The Truth About Scope And Compliance Risk

The hard-to-face reality is that billions of personal records are exposed each year. A commonly used, yet incomplete solution, is tokenization. Tokenizing sensitive data does not eliminate the need to achieve and certify PCI DSS compliance.
In order to completely descope from PCI, a business can partner with a data custodian (VGS) that handles 100% of data capture and vaulting – removing any compliance risk and completely avoiding data leaks.

Ena Kadribasic Ena Kadribasic September 12, 2019
ссpa-guide-vgs

California Consumer Privacy Act (CCPA): What You Need to Know | Very Good Security

What is the California Consumer Privacy Act (CCPA)?

The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that will go into effect on January 1, 2020. The new consumer information security framework will have a major impact on both consumers and businesses because the regulations apply to any companies – no matter their location – that collect personal information and other consumer data from residents of California. This includes handling names, addresses, social security numbers, credit card numbers, IP addresses, and more.

Ena Kadribasic Ena Kadribasic September 10, 2019
News
Ukraine and USA Flag

VGS Joins American Chamber of Commerce in Ukraine

Very Good Security is excited to announce its official membership in the American Chamber of Commerce (ACC) in Ukraine. The ACC in Kyiv is a non-governmental, member-funded, non-profit organization representing the largest investors and multinationals that operate inside Ukraine.

Ena Kadribasic Ena Kadribasic September 4, 2019
coverhound-zero-data-hero

Zero Data Hero Customer Spotlight - Coverhound

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Peter-VGS-headshot-square Peter Berg September 2, 2019
integrations-vgs

Introducing Integrations: Do More With Your Data

Most companies don’t collect data for the sake of hoarding it – they collect it as an input to achieve some business objective. In other words, they need to do something with their data. This typically requires sharing data with a third party to operate on or enrich the data (e.g. processing a credit card; running a background check; getting a FICO score).

Channin Gladden Channin Gladden August 27, 2019
CDE PCI
cde-vgs

How to Secure Your Cardholder Data Environment (CDE) and Gain PCI DSS Compliance with VGS

Learn how you can make sure that your company’s cardholder data environment (CDE) is compliant with PCI DSS.

Storing PCI cardholder data can make business much easier, for both you and your customers. Unfortunately, stored cardholder data puts your business at risk of a data breach - which is why the Payment Card Industry Data Security Standard (PCI DSS) was put in place.

Ensuring a company’s cardholder data environment (CDE) is compliant with PCI standards is no easy task, however, and often requires unanticipated additional resources and ongoing efforts to maintain.

Irina- ziakhor Irina Ziakhor August 21, 2019
3dsecure-vgs

3D Secure Simplified with VGS | Very Good Security

3D Secure (3DS) is a set of security standards in place to reduce fraud and add online payment security, while also creating a liability shift in terms of fraudulent activity and chargebacks.

Ena Kadribasic Ena Kadribasic August 19, 2019
SteadiPay - Zero Data Hero

Zero Data Hero Customer Spotlight - SteadiPay

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

SteadiPay optimizes cash management with data security from VGS. Learn more about how VGS helped SteadiPay seamlessly integrate their apps to be PCI compliant.

Channin Gladden Channin Gladden August 7, 2019
Brexit and GDPR

How Will Brexit Affect GDPR Compliance?

The General Data Protection Regulation (GDPR) is a set of laws regarding data security that affect companies based in the EU and those with customers in the EU. Brexit is the proposed withdrawal of the United Kingdom from the European Union.

You may be aware of one (or both) of these subjects, but what may not be completely known is how one will affect the other. Understandably, there are reasons for concern for those doing business in or with the EU — since, as you likely know, the UK is part of the European Union — so let’s take a further look at GDPR and Brexit to see what effect they may have on how you run your company.

Peter-VGS-headshot-square Peter Berg July 31, 2019
VISA Fintechs
VGS Compliance Graphs

Very Good Security Selected as a Launch Partner for Expansion of Visa’s Fast Track Program to the U.S.

Very Good Security (VGS) is excited to announce its participation as a launch partner for Visa’s expansion of their Fast Track program to the U.S. The program is part of Visa’s global strategy to open its network and to support a broad range of players that are developing new commerce experiences. The Fast Track program makes it easier for fintechs to partner with Visa and access its global payments network. The VGS team is pleased to work alongside Visa and our fellow launch partners to provide premier services for emerging fintechs.

Ena Kadribasic Ena Kadribasic July 22, 2019
united-naturals-zero-data-hero

Zero Data Hero Customer Spotlight - United Naturals

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

United Naturals - With VGS, we take data security as seriously as your wellness. Learn how United Naturals smoothly integrated with VGS in record time.

Diana Pinchuk Diana Pinchuk July 16, 2019
QA Testing

Is Testing Dead? QA approach at VGS

vgs-qa-approach-2

In 2011, Google’s Alberto Savoia proclaimed that “Testing is dead.” Many tech trends have changed since that notable opening keynote at the Google Test Automation Conference 8 years ago, including the adoption of DevOps culture, and there’s one thing we can say for sure: testing is not dead. In many ways, it has actually evolved — the classical tester’s role has just become spread out between engineers while quality assurance has remained an essential part of the software development culture.

Peter Curley Peter Curley July 9, 2019
apto-zero-data-hero

Zero Data Hero Customer Spotlight - Apto

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

“PCI, including our yearly certification, has now become a breeze”

Peter Curley Peter Curley June 24, 2019
truebill-zero-data-hero

Zero Data Hero Customer Spotlight - Truebill

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Truebill - Securing customer data with “beyond bank-level” security.

Today’s Zero Data Hero is Idris Mokhtarzada, Founder & CTO, Truebill.

Max Lobur Max Lobur June 19, 2019

PostgreSQL Deadlock Monitoring in AWS | Very Good Security

PostgreSQL-Deadlock-Monitoring-2

When it comes to a robust, open-source, and fairly secure database system, Amazon RDS PostgreSQL monitoring tools is often a top choice for developers. That’s why we wanted to get under the hood to better understand the PostgreSQL monitoring tool and its performance.

Peter Curley Peter Curley June 17, 2019
zero-data-hero-streamline

Zero Data Hero Customer Spotlight - Streamline

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Streamline using VGS to differentiate itself and remove risk from its business

Today’s Zero Data Hero is Chris Spears, Executive Vice President and Chief Information Security Officer (CISO) of Streamline VRS.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader June 12, 2019

VGS Hires Human Resources Leader and Startup Veteran, Karin B. Turchin

Karin-Turchin-vgs-head-of-people

We have news to share!

We’re thrilled to announce that Karin B. Turchin, former Vice President of People at Roostify, has joined Very Good Security as our Head of People to build and scale our people operations.

Anna Kudriasheva Anna Kudriasheva June 11, 2019
Collect
web-accessibility-vgs-collect

VGS Collect: Providing Accessibility for Everyone

“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.” - Tim Berners-Lee, Inventor of the World Wide Web

We’re excited to announce some improvements we have made to the accessibility of VGS Collect. But first some background on the topic of accessibility.

Peter-VGS-headshot-square Peter Berg June 6, 2019
PCI Netlify SOC2 Collect
Netlify and VGS logos for hero image

Securely Capture Sensitive Data with VGS & Netlify

We’re excited to announce that we’ve partnered with our friends at Netlify to develop an add-on that effortlessly and securely collects data via webforms.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader June 4, 2019
donotpay-zero-data

Zero Data Hero Customer Spotlight - DoNotPay

"DoNotPay is the hero the world needs." - TIME Magazine

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader May 21, 2019
trim-zero-data

Customer Spotlight Zero Data Hero - Trim

“To Infinity and Beyond” - Trim - Automatically improving the financial health of Americans at scale

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Alexandr Florinskiy Alexandr Florinskiy May 15, 2019
secure forms style

Styling Secure Form Fields with VGS Collect

Design is the first thing a customer will notice when they visit your website. A beautiful design is not only attractive to the visitor, but it makes your business look more legitimate. As you build and improve your website, it is important that third-party UI elements work well with, and look similar to, your own user interface. To make the building and programming process easier, here at VGS we put in work to make our forms as flexible and user-friendly as possible for you.

Christina Monets Christina Monets May 13, 2019
vgs fiesta 1

Lessons We Learned From Organizing Our 3rd Annual Company Retreat

It was just another Monday morning. Our engineering teams were getting ready for their standup meetings, the sales team was going through the customer priority list, and HR was checking the schedule of performance reviews and promotions for the week ahead. The sun was shining brightly (what a difference after the record rains in SF in February!), well the Spanish sun kinda always shines brighter.

It was just another Monday morning. The only thing that was different. We were all in the same room.

gordon-young Gordon Young May 8, 2019
Сompliance Academy

Introducing Compliance Academy — A resource to learn about PCI, SOC2, GDPR & CCPA

Today, we’re happy to announce the introduction of our new Compliance Academy, a resource where you can learn all about compliances and regulations such as PCI, SOC2, GDPR and CCPA.

In the last 2 years at VGS we’ve seen a significant uptick in interest regarding regulation. Every day we field multiple questions from people trying to understand if their company is “in scope” and if so, what they need to do about it. There are a number of reasons for this interest but primarily it appears to be driven by uncertainty. Both startups and established companies alike face the prospect of a world with increased regulation and significantly stiffer penalties for failure to comply.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader May 6, 2019
yofii zero data hero

Zero Data Hero Customer Spotlight — Yofii

Yofii is laser-focused on its mission to bring financial freedom to people in debt.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Peter Curley Peter Curley May 1, 2019
vgs_zerodata_logo

Opting Out of the Regulation Arms Race with Zero Data

Last month, Toyota disclosed that it had suffered its second data breach in just five weeks. The most recent breach exposed the personal details of over 3 million of its customers. This is but one of countless breaches that have affected the security of sensitive customer information in the past couple of years.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader April 25, 2019
Brex_hero

Zero Data Hero Customer Spotlight — Brex

Brex building the next generation of B2B financial services

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Today’s Zero Data Hero is Henrique Dubugras, CEO and Co-Founder of Brex, Inc. Henrique is an engineer who previously co-founded Pagar.me, one of the largest payment processors in Brazil reaching over $1.5 billion in GMV in its first three years. His new startup, Brex, is backed by Ribbit Capital, Y Combinator, Greenoaks, DST, and fintech insiders including Max Levchin and Peter Thiel (PayPal), and Carl Pascarella (former CEO of Visa).

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader April 23, 2019
zero_data_hero

Announcing Very Good Security’s Zero Data Mission

No one starts a business to get audited, but today, any company that comes in contact with sensitive data (like payment cards, health information, or personally identifiable info), is forced to do expensive, time-consuming work that is not core to their business so that they can achieve certifications like PCI, SOC2, HIPAA and more, just to stay in business.

What if companies didn’t actually have to deal directly with sensitive data? What if they could interact with sensitive data, exchange it, and use it to meet their business objectives, without having to actually possess the data themselves, thereby staying out of compliance scope?

Fang Pen Fang Pen April 2, 2019

Prevent a Million Dollar Data Breach with VGS in 10 Minutes

If you had one million dollars in cash, how would you keep it safe? Would you leave the pile of money on your kitchen counter? Or, would you put it in a bank? Most people would choose to deposit their money in the bank for safekeeping, or at the very least put it in a safe. We immediately feel the power of its tangible value. But what about data? If the data your organization has accumulated was worth one million dollars, how would you store it? You may think that there’s no way your data could be worth so much, but the reality is that you are probably severely underestimating the value it truly holds - and is still waiting to be unlocked.

Yuriy Yunikov Yuriy Yunikov February 13, 2019
fine-grained-permission-system

Building a fine-grained permission system in a distributed environment: Architecture | Very Good Security

At Very Good Security (VGS), our seasoned engineering team works hard to successfully solve complex technical challenges - while keeping security our top priority. One of such security challenges is access control to resources we store in our microservice architectures.

Irina- ziakhor Irina Ziakhor February 4, 2019
vgs-collect

How to securely capture your users’ sensitive data with VGS Collect

With current payment card industry (PCI) regulations and growing numbers of sensitive and personal data leaks, there is increasingly high demand for dependable security solutions that protect your customers’ personal data. It’s imperative that companies shield their users’ information from the very first interaction with your application, when customers often enter their most sensitive data.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader December 16, 2018
Data Security Privacy
data security

Preserve Privacy, Promote Progress: The New Data Paradigm

Do you think you deserve the right to privacy? The United Nations does. December 2018 marks 70 years since the U.N. ratified the Universal Declaration of Human Rights. Article 12 states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Is that even possible in an era of cyber attacks and data breaches?

Max Lobur Max Lobur December 4, 2018
DevOps Kubernetes K8s
kubernetes

Kubernetes Multi-AZ deployments Using Pod Anti-Affinity

Very Good Security (VGS) uses Kubernetes, hosted on AWS, to speed up application delivery and optimize hosting costs. A common issue is ensuring replicas are evenly distributed across availability zones making applications resilient and HA.

By default, the Kubernetes scheduler uses a bin-packing algorithm to fit as many pods as possible into a cluster. The scheduler prefers a more evenly distributed general node load to app replicas precisely spread across nodes. Therefore, by default, multi-replica is not guaranteed multi-AZ.

Bohdan Khablenko Bohdan Khablenko November 27, 2018
Java Maven OWASP
weak_link

How to Avoid Using Components with Known Vulnerabilities

Imagine that a local library has hired you to help with the development of a web service to expose its library catalog (which, in essence, is an SQL database) on the Internet. Nothing fancy required — a simple REST API will do the job. It shouldn't be too difficult for a seasoned Java developer like yourself, now should it?

Yuriy Yunikov Yuriy Yunikov November 20, 2018
access credentials rotation

Best Practices for Access Credential Rotation at VGS

Rotating access credentials such as passwords, certificates, or keys is a universally accepted best practice for security. Very Good Security’s new Access Credentials Rotation feature makes it easier for you to switch (or rotate) from one set of credentials to another to keep your cloud assets safe and secure.

We’ve enabled you to leverage VGS Access Credentials to manage/rotate access credentials, create new pairs or deactivate old ones, and send data to third parties faster. This makes it easier to manage multiple access credentials, leaving you with extra time to focus on more valuable business priorities.

VGS VGS November 8, 2018
sinner-award

VGS Wins SINET 16 Innovator Award

Very Good Security CEO and co-founder Mahmoud Abdelkader took to the stage at the National Press Club in Washington, D.C. on November 8, 2018 to present at the annual SINET Showcase. Each year the Security Innovation Network (SINET) evaluates the technologies and products of hundreds of emerging cybersecurity companies from around the world and selects the 16 most innovative and compelling companies. The winners are then invited to outline their company’s unique approach to addressing the most pressing needs and requirements in cybersecurity.

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader October 11, 2018

VGS Hires Former Visa Exec as it Expands into Enterprise

Peter-VGS-1-2000x1069v2

On the heels of our recent announcement of our series A funding led by Andreessen Horowitz, we have some more news to share:

We’re excited to announce that Peter Berg, former head of Visa Ventures, has joined Very Good Security as our VP of Business Development and Strategy. He will lead our strategic partnerships and new business initiatives.

Yura Shafranyuk Yura Shafranyuk September 11, 2018
vas-access-logs

How to Make the Most of VGS Access Logs

Access Logs are an essential aspect of the web environment. With so much information to distill, and so much to know about when it comes to eliminating bugs in the development process, they provide additional data that is useful for debugging and auditing. As you might imagine, with the growing popularity of VGS as a stand-out cyber security solution for startups, small businesses and other companies that are trying to do more with less, we are constantly innovating on our security paradigm and products. It’s time to explore VGS Access Logs at length. That is--what is it, how to read it, where it can be found, how to debug logs and even configure routes directly from the Logs page.

Yuriy Yunikov Yuriy Yunikov September 3, 2018
Android Kotlin
Secure-sensitive-data-from-android-apps

How to Secure Sensitive Data Sent From Android Apps

Wherever there is sensitive data, there is also motivation for malicious third parties to try and steal it. In order to ensure your company's sensitive information never gets leaked, it's essential to take steps for securing it.

Let's consider the scenario of sending sensitive data from an Android mobile device to your API server. How do you make sure that the data is safely received by the server?

Mahmoud Abdelkader Profile Image Mahmoud Abdelkader August 28, 2018
Security News
Image-for-blog

A Very Good Approach to Security

No one goes into business because they want to do data security. But whether you’re a brand-new startup or a Fortune 500 giant, effective data security is essential to be – and stay – in business. The only thing less fun than data security and compliance is a data breach.

If you’re anything like us, you’re tired of hearing about data breaches, and you’re tired of them happening, over and over, at the expense of your own privacy and security.

Oleg Yatskiv Oleg Yatskiv August 20, 2018
Java Spring
spring-vgs-java

How to Achieve PCI Compliance with 3 Lines of Code Using the Spring Framework

If you have an API that interacts with credit card data, before using your API in the wild you'll need to make sure it is secure and PCI compliant.

One straightforward solution for this is to redact every credit card number that goes through your API. If you have a Java-based web application that uses the Spring framework, what would you do? Would you use a third party or find your own way to solve this problem?