Today, Very Good Security (VGS) reinforces an even greater commitment to protecting the world’s sensitive data by announcing support of the new Open Finance Data Security Standard (OFDSS). Since 2015, VGS has been committed to helping companies secure their most sensitive data and has always stood firm that the protection of consumer information is the preeminent security priority to any company operating in financial services.
As the leading Data Security as a Service (DSaaS) and Data De-identification solutions provider, VGS firmly believes that giving consumers control over their financial data, and implementing curated controls for providers who use it, will ultimately lead to a stronger ecosystem in Open Finance.
VGS's patented solution secures the most vulnerable consumer Personally Identifiable Information (PII) and has always stood firm that the protection of consumer, employee, and third party data sharing is the preeminent security priority for any company operating in financial services. With over a billion active records under management, supporting the Open Finance Data Security Standard (OFDSS), along with a consortium of leading financial technology and security compliance companies is a natural progression for VGS. We’re excited to see what the future will hold with the establishment of these new standards.
As a supporting member of OFDSS, VGS is joining a consortium of fintech infrastructure providers, including Codat, Flinks, MX, Plaid and Truework, as well as data security and compliance companies, like VGS.
What is OFDSS?
In November 2021, the first draft of OFDSS was published, establishing a common framework for consumer data security, privacy and control that also supports innovation among emerging cloud-native, digital finance companies that handle sensitive information. This framework was born to address the evolution of open finance which was the next progression from open banking. In open finance, financial data such as PII, mortgages, savings, pensions, insurance, and consumer credit, can be opened up to trusted third party APIs if consumers agree. Securing this data share is paramount to support evolving technologies and ecosystems. The framework is currently in development with plans to begin initial pilot programs in Q4 of 2022.
A new version of the framework (version 1.2) is updated to include 79 individual security requirements across 13 control domains that address common data security risks. These requirements are contextualized with implementation guides, along with audit steps for ensuring compliance. This update enhances the existing framework with application security controls that secure a company’s software development lifecycle.
“Very Good Security (VGS) is proud to be a supporting member of the new Open Finance Security Standard (OFDSS) consortium... Raising the bar on security with these new security controls will expand innovation, enhance trust and establish a baseline for ensuring trusted parties in the fintech ecosystem.”
The framework is not intended to exhaustively address all data security risks that may be material to any particular organization. However, the requirements address security risks that are commonly encountered by emerging financial technology companies when processing, sharing, or storing sensitive information. Companies with mature and audited information security programs that have the ability to provide reasonable assurance about the effectiveness of those programs, are likely already meeting the requirements captured in this standard.
“Very Good Security (VGS) is proud to be a supporting member of the new Open Finance Security Standard (OFDSS) consortium,” said Marshall Jones, co-founder of Very Good Security. As serial fintech entrepreneurs in the payment and compliance space, VGS’ business foundation was built on the imperative need companies have for securing sensitive data. Raising the bar on security with these new security controls will expand innovation, enhance trust and establish a baseline for ensuring trusted parties in the fintech ecosystem.”
How Very Good Security is Supporting OFDSS
VGS has revolutionized the way companies protect sensitive data. By employing zero-trust architecture for the handling, storage, and exchange of information, our end-to-end platform secures data at every step, helping organizations easily achieve expedited InfoSec compliances that ensure trust of ecosystem partners and customers by providing a sound security and compliance posture.
The VGS Platform securely collects, stores and exchanges sensitive PII, payment card (PCI), ACH, and KYC / KYB data by tokenizing risky plaintext on the fly, storing it in our encrypted token vault and seamlessly exchanging that tokenized data with 3rd-parties to perform routine business functions. Our customers enjoy the ironclad security infrastructure as code and associated freedom to grow their business and develop their products without the risk or liability associated with storing sensitive data themselves. VGS was purpose-built to solve Fintech, OpenFi and EmbeddedFi data security challenges and powers hundreds of organizations ranging from startups to F100. Through rigorous testing, VGS not only meets but exceeds commonplace security frameworks and like with many other compliances (such as PCI DSS, GDPR, CCPA), there is overlap between specific OFDSS controls; allowing VGS customers to instantly and seamlessly inherit OFDSS compliance; saving time, money and future-proof their security posture.
Very Good Security is eager to work alongside OFDSS and its supporters to foster a more secure fintech ecosystem. Our longstanding mission to protect the world’s sensitive information will only strengthen through this partnership, as we continue to learn, share and develop security best practices with the OFDSS community.
We look forward to championing the OFDSS framework with a variety of pilot partners and end customers. If you are interested in learning more, please reach out to partners@verygoodsecurity.com or adopt our VGS sandbox instance for testing, available on AWS marketplace.
