Search results for ""

VGS is the universal translation layer for any agentic protocol. Through tokenization and protocol interoperability, VGS enables agents to communicate securely and seamlessly across any protocol stack.

Command-line commerce is redefining payments. As AI agents transact autonomously, payments must become programmable, identity-driven, API-native, and built for trust beyond the traditional checkout experience.

VGS and Dyneti have partnered to bring seamless card capture and PCI-compliant tokenization together in one stack, delivering optimal checkout experiences for your customers.

Artificial intelligence is rapidly becoming part of payment systems, fraud detection, customer support, and internal tooling. At the same time, PCI DSS 4.0.1 is now fully in effect, which raises an urgent question for security and compliance teams.

How does AI fit into PCI compliance?

Visa’s Digital Commerce Authentication Program (DCAP),  is scheduled to launch in the US, EU, Asia Pacific (AP), and Argentina (within the LAC region) on April 18th, 2026. The program launches in Canada, Central Europe, the Middle East and Africa (CEMEA) region, and the remainder of the Latin America and Caribbean (LAC) region (excluding Argentina) on October 24, 2026.

Traditionally, card network access was a middleman game. To reach Visa, Mastercard, American Express, and Discover, you had to use a Payment Service Provider (PSP). VGS has become the only agnostic vault and orchestrator that maintains direct connections to all four major card networks for network tokens, enabling control to return to merchants, fintechs, and all VGS clients.

At VGS, we believe in security and trust by design. That’s why we are proud to announce that we have officially achieved our ISO 27001 certification, the international “gold standard” for Information Security Management Systems (ISMS).

Whether it’s a customer support bot, an automated claims processor, an agent making a purchase, or a financial forecasting tool, the promise of AI is the competitive edge of the decade. The market doesn’t just need faster AI; it needs a secure infrastructure that handles the “dirty work” of data privacy automatically.

It is increasingly clear that AI agents need secure payment credentials and will likely turn to existing, trusted modalities (such as corporate cards). To make this a reality, we must find ways to securely hand those card details to agents without compromising data integrity.

A recent McKinsey piece on “The Automation Curve” in agentic commerce has been making the rounds, highlighting a shift we see every day at VGS. We are moving away from a world of “search and click” toward a world of “intent and execution.”

On March 3rd in San Francisco, VGS hosted its first-ever Agent Connect, a dedicated event to exploring the rapidly advancing world of agentic commerce and payments. As AI agents begin to browse, decide, and transact on behalf of users and businesses, the infrastructure powering commerce and payments must evolve just as quickly.

Agentic commerce is no longer theoretical. AI-powered agents are already researching products, comparing prices, and completing transactions on behalf of consumers. For merchants, this shift is bigger than just a new channel. It fundamentally changes how identity, intent and risk are established and managed.

With agentic commerce, payments are no longer confined to a single checkout page or even a single platform. As merchants expand into the agentic commerce channel and the customer journey evolves, the ability to securely accept and manage payment credentials has become a core part of building a resilient revenue strategy.

2026 is shaping up to be a pivotal year for payment leaders, with a focus on AI, regulatory pressures, and the growing complexity of global commerce. From flagship industry conferences to intimate executive dinners, the upcoming event calendar reflects where innovation, strategy, and real decision-making are happening.

We’re excited to share that VGS is now included in Stripe Forwarding documentation, making it even easier for Stripe customers to securely share payment method data with VGS and unlock the full power of payment portability.

We are excited to announce Agent Connect, a one-day, in-person event hosted by VGS, bringing together builders, platforms, merchants, and infrastructure leaders who are shaping the future of agentic commerce.

The facts and statistics are in, and companies are quickly adopting next-generation technology. For many, that transformation begins with agentic commerce. We break down the key trends and statistics to be aware of in 2026.

Regardless of how credentials are issued or stored, merchants today face an unavoidable reality: there are two ways credentials can reach a merchant in a transaction flow. That distinction matters more than it might appear, as it will shape how agentic commerce evolves, who controls it (or blocks it), and which merchants ultimately prevail.

The demand for secure yet seamless online payments has never been higher. With cybercrime and online fraud resulting in over $4 billion in losses and counting, businesses face growing pressure to protect both their customers and their bottom line. Enter 3D Secure (3DS), a widely adopted security protocol that plays a vital role in safeguarding card-not-present (CNP) transactions.

Autonomous agents have begun executing purchases on behalf of consumers, and merchants are being asked to accept a rapidly expanding set of payment credentials. At VGS, we’ve already seen merchants receive or prepare to receive at least six distinct credential types from agents and AI-driven commerce platforms.

From autonomous agents executing purchases to network-level credential transformations, the payments ecosystem is entering a moment of rapid realignment in agentic commerce. Networks, issuers, and merchants all recognize that agent-driven transactions represent a new revenue surface, a new fraud surface, and a new control surface. And they’re each lobbying, loudly, for the right to shape how these transactions are accepted, routed, and evaluated.

When major financial institutions make network changes, it can send ripples through the entire payments ecosystem. This year, Capital One announced it will migrate only its debit card portfolio from Mastercard to the Discover network, following the completion of its acquisition of Discover Financial Services.

Agentic commerce is here and continues to grow. To help merchants navigate this shift, we’re excited to launch our Agentic Commerce Guide for Merchants, a concise resource that demystifies the building blocks of agentic systems and shows merchants how to prepare for this new landscape today.

As agentic commerce becomes increasingly digital, protocol-driven interactions promise speed, privacy, and automation. However, somewhere between these mandates and emerging agentic protocols, a dangerous gap is forming, in which merchants are losing access to the data and context that have long powered fraud prevention, authorization intelligence, customer understanding, and overall business optimization.

As agentic protocols, such as AP2 and MCP, reshape how digital transactions are initiated, evaluated, and completed, merchants must understand the data elements being passed through these protocols and which data they don’t have access to.

As commerce becomes increasingly agentic, the shift toward protocol-driven interactions promises speed, privacy, and automation. Yet, somewhere between mandates and protocols, a dangerous gap is forming. Merchants are losing sight of their customer payment data altogether. Our goal is to help merchants prepare for the coming wave of agentic commerce.  At VGS, we believe that this is an incredible new channel.

In the age of AI-driven commerce, the concept of agentic payments is transforming the way buying and selling occur online. Instead of a customer manually browsing, comparing, and checking out, intelligent agents, powered by machine learning and large language models, act on the consumer’s behalf to discover, negotiate, and complete purchases. This shift represents a major evolution from traditional e-commerce toward an agentic commerce ecosystem, where trusted digital agents handle everything from product discovery to payment.

As agentic commerce continues to move at a rapid pace, agentic protocols and start-up consortia are at the center of the dialogue, often leaving merchants out of the conversation. One of the biggest unanswered questions remains: ‘How will agentic commerce impact merchants?’

It’s with great excitement that VGS is officially launching VGS 3DS, designed to deliver stronger security, smoother checkout experiences, and greater flexibility for businesses and their customers. As online transactions continue to grow, so do the risks of fraud and chargebacks. 3D Secure (3DS) adds an extra layer of protection by authenticating cardholders during online payments and is mandated and heavily regulated in many regions.

Network tokens are unique identifiers used in place of card details during transactions. They enhance security by keeping sensitive information hidden. This article from VGS explains how network tokens work, their benefits, and their importance in payments.

Payment tokenization protects your sensitive payment data by converting it into secure, non-exploitable tokens. In this article, we’ll explore what payment tokenization is, how it works, and why it’s essential for businesses and consumers.

The world of online commerce is undergoing a significant transformation, with a new paradigm emerging: agentic commerce. Agentic commerce is an AI-powered shopping experience that can understand complex user requests, browse products, and even complete transactions on behalf of the customer.

In today’s fast-moving digital payments world, data security and transaction success are more important than ever. As businesses scale, understanding the difference between PCI-compliant tokens and network tokens becomes critical for protecting sensitive cardholder data, optimizing payment performance, and reducing fraud.

Agentic payments are quickly becoming a transformative force in finance and technology. As AI-driven tools evolve from passive assistants to autonomous agents, the concept of agentic payments, where AI can initiate and execute financial transactions, is rapidly gaining serious traction.

VGS is thrilled to bring you our Summer 2025 Edition of product updates. These updates cover the latest developments from our product team. Here, we highlight the recent product releases, enhancements, and key improvements designed to deliver more value to VGS users.

As digital payments continue dominating the global economy, secure transaction methods are more critical than ever. One powerful solution driving this security shift is the token service provider (TSP).

Whether you’re building a new AI agent or are a payments AI enabler looking to optimize your payments processes in agentic commerce, this toolkit combines essential VGS products in one package.

Understanding digital payments is crucial in today’s fintech world. Two key terms you might encounter, especially within the realm of mobile wallets like Apple Pay and Google Pay, are DPAN (Device Primary Account Number) and MPAN (Merchant Primary Account Number).

What began as a bold mission to redefine how businesses manage and secure sensitive data has since evolved into a platform trusted by global enterprises and fast-growing innovators alike. Over the past decade, VGS has grown from an ambitious startup into a leader in tokenization and payment data security, driven by relentless innovation, unwavering resilience, and the incredible people who’ve made this journey possible.

In order for agentic commerce to truly scale, the payment experience has to be seamless for the consumer on the frontend and scalable for any merchant or platform on the backend.

In this blog post, VGS will walk you through a real-world scenario where our team resolved persistent Kafka consumer group rebalancing problems for a high-throughput application.

The spotlight has intensified on VGS’s innovative approach to empowering merchants to take control of their payment strategy.

Agentic commerce represents a transformative opportunity for companies poised to usher in the next era of e-commerce by using conversational AI. Especially when it comes to the payment process of agentic commerce.

The last few months have been a whirlwind of activity in the AI realm, with agentic commerce being a hot topic. We’re starting to slide towards calling this agentic payments, where agentic (being capable of acting independently) is really just a fancy word for an AI model acting on behalf of a user.

At VGS, we firmly believe that building closer, stronger relationships with our customers is the key to unlocking true success. Today, we are thrilled to announce a major milestone that embodies our core beliefs: VGS is expanding into the Asia-Pacific (APAC) geography with the launch of its Singapore region.

Agentic commerce is a term we have been using a lot lately at VGS. But what does agentic commerce mean? How do payments fit into the agentic commerce space? We broke it down for you so you can better understand agentic commerce as a whole and where payments fall into the AI commerce landscape.

AI is clearly mainstream. The skyrocketing user growth on the big AI platforms, the threat to Web 2.0 household names like Google and Meta, the roller coaster of the AI chip makers: AI has filled headlines for a few years now.

Today, one of the biggest payment challenges that exists is solving the last-mile of a purchase made using an AI agent. In agentic commerce, a truly universal platform needs to ensure a consumer can buy any product, from any merchant, using any payment method – and VGS has one of the only platforms that can make this possible.

For a long time VGS services have utilized common tools such as rate limiting and autoscaling to help meet the needs of our customers and elevate our infrastructure’s resilience to meet the increasing demands of our customers. This has meant tackling a crucial challenge: implementing a robust workload partitioning architecture that both improves developer velocity and provides improved resiliency.

In the last few years, we’ve recognized the need to invest and elevate our infrastructure’s resilience to meet the increasing demands of our customers such as building a platform that is able to recover when region level failure events occur.

At VGS, we’re the World’s Leader in Payment Tokenization for a reason. With over 4 billion tokens stored globally, we are always looking to make our customer experiences better. That’s why we are excited to announce several improvements to our network tokens.

The Fintech & Friends Fantasy Football League, proudly sponsored by VGS, just wrapped up its second season, scoring a major win for charity, donating $4,700 to 20 deserving causes. Founded by Clarke Mitzner, VGS’s Partnerships Director, and avid fantasy football enthusiast, along with VGS’s Sales Manager Austin Clark, the league bridges the gap between work and play while fostering connections across the fintech industry.

In the world of remote work and global partnerships, industry events are invaluable opportunities to be in-person, whether to make new connections, re-establish existing ones, or conduct meetings that are more effective face-to-face. With a host of events usually concentrated in (and often overlapping) the spring and fall months, knowing which events to prioritize can make life a lot easier when the event season gets in full swing.

GenAI tools offer immense potential to revolutionize daily workflows, streamline processes, and improve productivity. However, there’s no universal roadmap for implementing these tools, making it crucial for companies to explore and experiment to find what works best.

As the gig economy keeps growing, gig platforms face increased payment infrastructure challenges. Security, scalability, and compliance are more important than ever to ensure gig workers and customers have reliable, flexible, and secure payment experiences.

Learn how by combining these ensures a robust payment infrastructure that increases authorization rates, reduces costs, maximizes coverage, and retains access to the PAN.

VGS and PAAY are teaming up to bring seamless, secure payment solutions to merchants, combining tokenization with 3DS authentication to reduce fraud and enhance customer experience.

If you are in FinOps, a Cloud Infrastructure developer in payments, or just want to manage AWS infrastructure costs efficiently, check this out.

Optimizing your payments stack requires a focus on data centralization, improved payment outcomes, and faster time to market while delivering seamless user experiences.

Use the VGS Card Management Platform to Increase Authorization Rates, Streamline Operations, and Achieve Faster ROI.

The evolving landscape of cybersecurity threats and the increasingly stringent requirements of PCI DSS 4.0 can be overwhelming for online merchants. By partnering with companies like VGS and HUMAN, merchants can streamline the process of complying with these complex standards.

Payments can be intimidating. Get our recommendations of the top books, training programs, team exercises, and more.

Whether you are a PSP, Payment Gateway, Acquirer Processor, Fintech, PayFac, ISO/ISV, or FI, revenue growth and deeper relationships with your merchants are likely on your mind. How can you grow?

Payments are complex. What should you care about if you are in business, payments, or growth at an OTA or Insurer?

Merchants can avoid payment disruptions and complete more sales with VGS Account Updater. Choose from continuous or real-time account updates, on all cards or a select set. Our solution works across card networks and payment processors so you only need to purchase it once.

It turns out, card program management was unbundled only to be rebundled. VGS’s universal vault supports this trend by being the central data location that enables fintechs to be their own program managers while staying PCI-compliant.

Adding Vault Redundancy in your Payments Stack Ensures Uninterrupted Business Operations and Data Protection. At VGS, we work across merchants, banks, financial institutions, and fintechs. Regardless of their type, size, or location, all VGS customers have three common priorities.

When we work with merchants at VGS, they may work with one, a few, or multiple PSPs. Or, they may be in transition and moving to add multiple PSPs. Although each merchant’s situation can be unique, here are a few guidelines.

Integrating 3DS while accepting payments can create user friction.  Click To Pay offers an alternative to needing a separate 3DS integration.

It’s really important to align closely with business priorities and have a point of view on what’s coming in the way of your team’s effectiveness. As an engineering manager, you might take each of these phases and use the framing to establish and document your ways of working.

What if you could get a complete dataset without taking on the compliance liability, facilitating the switch from 6- to 8+ digit BINs, or sifting through inaccurate information?

VGS is pleased to announce that we successfully completed the SOC 2 Type II assessment after undergoing a comprehensive annual review that confirmed our fulfillment of all system requirements based on the trust services criteria outlined by the AICPA.

What are these, and what does this mean for the payments ecosystem? Ever wondered how your Apple Pay transactions happen smoothly without your card number ever leaving your phone?

This post documents some of the challenges we’ve faced as we’ve tried to upgrade our applications to Java 17 and we hope some of the lessons we’ve learnt will be useful to other engineers.

The newest evolution of the PCI Data Security Standards (PCI DSS) is almost upon us. After PCI DSS v4.0 was announced in Q1 2022, companies had two more years left to use the old standard of PCI DSS v.3.2.1. Once it is officially retired on March 31, organizations have just one year to be compliant with PCI DSS v4.0.

VGS is thrilled to announce a significant milestone in our journey as the World’s Leader in Payments Tokenization. We are honored to be the newest AWS Financial Services Competency Partner and are now part of an elite group of providers offering cloud-based solutions built on AWS.

As the number of users grows to add to an already massive base, gaming companies need a centralized hub for storing sensitive payment information.

Video Gaming is one of the hottest global growth stories we don’t hear enough about. Learn how to navigate the rapidly growing video game industry payment trends.

When the new CFPB rule - Section 1033 of the Dodd-Frank Act is passed, major banks will need to be ready in as early as 6 months. Will you be ready for Open Banking?

PCI compliance is an industry-standard set to keep sensitive payment data safe. Any business that handles credit or debit cardholder data must achieve PCI compliance. It was created by a council of major credit card providers – the PCI Security Standards Council, or PCI SSC – to help prevent credit and debit card data theft.

Unsure what exactly you need to know about PCI Compliance? Here’s a crash course on the PCI Data Security Standard, including the most cost-effective path to securing cardholder data, PCI compliance best practices and benefits, what it takes to get PCI certified, and much more.

The expanded focus on Card Not Present (CNP) transactions in the Durbin 2023 revision has implications across networks, merchants, issuers, and consumers, especially around security. That’s where tokenization comes in. With tokenization in the picture, there are two kinds of transactions merchants will need to manage.

The Durbin Amendment 2023 has created buzz and confusion in the payments ecosystem. The changes it brings have the Debit landscape shifting beneath our feet, especially for merchant acceptance. Let’s unpack its impact on digital payments (card not present) and the significant role that Network Tokens could play in this new era.

The Very Good Security (VGS) Collect iOS and Collect Android SDKs are powerful tools designed to enable the secure collection of sensitive user data. In an age where privacy, compliance, and data security are paramount, these SDKs play a crucial role in helping developers handle sensitive information like credit card numbers, social security numbers, and personal identification information.

We are excited to share that VGS has joined the Amazon Web Services (AWS) Independent Software Vendor (ISV) Workload Migration Program (WMP). This marks another strategic milestone in the relationship between VGS and AWS, enhancing the security and flow of our customers’ payments data globally.

In July’s release, we launched VGS Network Tokens for enhanced payment acceptance, the Vault Tokenizer Snowflake App for seamless data tokenization, a self-serve Larky Editor for direct code edits, our new PCI Compliance Checker, and much more…

Explore how to manage infrastructure environments at scale using Terraform and Terragrunt. We unpack the challenges of blast radius and time-to-deploy, and propose a solution that combines the benefits of both tools while minimizing statefile size and reducing plan and apply times.

Explore secure data warehousing using the VGS Vault Tokenizer Native App on Snowflake. We walk you through the process of tokenizing sensitive data, managing user roles, configuring data tiers, and integrating tokenization into your data pipeline on Snowflake for improved security and compliance.

Today, VGS reaffirms its commitment to delivering best-in-class payments infrastructure by announcing our partnership with Drata, the industry leader in risk and compliance automation. As the largest cloud-based tokenization platform, VGS powers the flow of the world’s sensitive data and our customers trust us to continue to deliver modern solutions to keep their data moving freely, securely, and compliant.

Introducing VGS Network Tokens for multi-processor, secure payment processing. Purchase Network Tokens from just VGS rather than from each processor, and use them across processors for higher authorization rates, lower processing fees, fraud prevention, and 90% cheaper costs. Discover the future of payment optimization with VGS.

Discover the power of Payment Orchestration and unlock hidden revenue streams by optimizing your online payment strategy. Learn how to easily expand into new markets, increase authorization rates, and improve your customer’s checkout experience, all while saving on processing fees. With our comprehensive guide, you’ll understand the benefits, implementation process, and architectures for both one-time and recurring payments. Don’t leave money on the table – elevate your payment game with a tailored orchestration strategy that grows your revenue and cuts costs.

In 2023, every company should think of itself as a FinTech company. Security, privacy, and trust are not just regulatory requirements – they are also a lucrative business model. In this blog, we cover numerous topics that will be hot in 2023, including open finance, the CFPB, FedNow, fraud protection, crypto, ChatGPT3, financial wellness, transparency, and trust.

Happy New Year (We can’t believe it’s already February) to our customers, partners, and everyone interested in improving the state of payment data security in 2023! This is the first of two articles: the first looking back at the security and compliance landscape in 2022, and the second will look at how last year’s learnings may shape what will happen in the year to come.

Despite rising inflation, U.S. consumers are ready to spend money. In fact, they spent 18 percent more in March 2022 than they did during the same time period in 2020, which was 12 percent more than anticipated, based on pre-pandemic projections. Here’s a brief look at how thousands of Fintechs & Paytechs are helping consumers maximize their capital mobility and continue to stimulate growth.

Since 2014, Lviv’s IT Arena conference has been the place where international researchers, developers, hackers, engineers, startups, and investors have met their Ukrainian counterparts. This year, there were also a few soldiers and spies.

Budgets are hard to balance. That fact remains true even when financial numbers can seem clear and reliable. In the real world though, decision makers are often forced to work with vendors – and sign contracts – that contain hidden costs. Over time, these unforeseen expenses can wreak havoc on your budget.

The U.S. Congress is once again focused on data privacy. This time, however, there may be sufficient bipartisan support to move things forward toward protecting American consumers and businesses. A new federal law, which is currently in draft, is the American Data Privacy and Protection Act (ADPPA). If it passes, this new bill would regulate how organizations collect, store, and use personal information (aka “covered data”), and it would take precedence over, and preempt a patchwork of data privacy regulation at the state and sector levels.

Role-based access control (RBAC) is a widely used mechanism for managing permissions. It is popular for the simplicity it offers in managing user permissions based on users’ roles within your organization. VGS customers who have long benefited from an organization-level RBAC have asked for fine-grained access control to their vaults.

Today, Very Good Security (VGS) reinforces an even greater commitment to protecting the world’s sensitive data by announcing support of the new Open Finance Data Security Standard (OFDSS). Since 2015, VGS has been committed to helping companies secure their most sensitive data and has always stood firm that the protection of consumer information is the preeminent security priority to any company operating in financial services.

For three years, VGS has partnered with Netlify to make it easy for developers to build scalable websites and apps – without having to worry about servers or data security. Today, we’re excited to announce the new VGS Plugin for Netlify! Now, for Netlify developers, VGS has made data security easier and more integrated within the developer workflow than ever.

As consumers increasingly shop online – especially during the pandemic – cybercriminals have turned their focus to e-commerce fraud, including exploiting credit card processing. According to the Nilson Report, over the next ten years, our industry will lose over $400 billion to fraudsters.

Information is life. Therefore, when nations go to war, information operations – including data theft, denial, and manipulation – are one of the keys to victory. Even in peacetime, governments run thousands of computer network operations (CNO) every day. Some are designed to support democracy and human rights, while others surveil, target, and terrify innocent civilians.

This blog is part of an ongoing series of content around our recently released Definitive Guide to Payments Orchestration. If you are interested in what you hear today or other concepts in the series, make sure to pick it up!

Very Good Security (VGS) enables its customers to accept and process mobile payments with Google Pay tokens. By integrating Google Pay with VGS as a payment gateway, a merchant can have the Google Pay token decrypted, vaulted, and revealed to their PSP securely in compliance with PCI without any heavy lifting on the merchant side. Thus, VGS offers merchants the ability to extract data from a Google Pay payment token and perform business transactions on those tokens while remaining out of PCI scope.

VGS enables customers to vault user-entered payment card data using VGS Collect and route processing to any payment processor/gateway of choice without adding any PCI scope. With the increased demand from our customers to support mobile payment methods, we are introducing the VGS Apple Pay solution. VGS and Apple Pay provides a merchant the ability to extract the data within the Apple Pay Token and route authorization transactions to a processor of choice while remaining out of PCI scope.

We are thrilled to share that Very Good Security (VGS) has been named a “Cool Vendor in Data Security” by Gartner, a leading research and advisory company. VGS is recognized for its unique, transformative approach to data security and protection capabilities as a service.

VGS is on a mission to protect the world’s sensitive data and at the same time transform data security and compliance from a business obstacle into an opportunity.

Securing sensitive data is the cornerstone on which VGS was built, and as such, we firmly believe in the democratization of tools to help businesses large and small protect their most valuable asset — their data. That’s why we’re excited to share that we have removed all barriers for anyone who would like to use our new and improved cloud Tokenization API, including our dedicated and redesigned application.

*This blog is part of an ongoing series of content around our recently released Definitive Guide to Payments Orchestration. If you are interested in what you hear today or other concepts in the series, make sure to pick it up!

Back it Up, Baby

We have all been there. In college, we lost the killer ending of our thesis. At work, we could not find our quarterly results. And right now, we are sure that we went on vacation in 2016, but we cannot remember where – because that was several phones ago. Fortunately, due to the miracle of autosaves, cloud storage, and more, such data loss happens less often than it used to.

It can be tough for the most progressive organizations to keep up with technology these days. The challenge is even harder for governments where politics, deliberation, and bureaucracy rule the day. Standards, norms, and regulation always lag behind the market curve, especially in IT. In the US, for example, there are no comprehensive, consent-based data privacy laws on the national level. Until that changes in the coming years businesses will continue to struggle with uncertainty and technological missteps

The VGS Payments Team is as excited as ever about our mission to secure the world’s payments data and maximize its value for companies around the globe. Those may be lofty objectives, but here at VGS we set ambitious, yet realistic goals - personally and professionally.

Our thoughts are with all citizens of Ukraine as they endure unprovoked military aggression from the Russian Federation. We are working around the clock to ensure the safety of our team members, partners, and customers impacted by the current geopolitical environment. We are actively assisting in the safe relocation of our employees and their families.

According to the Payment Card Industry (PCI) Security Standards Council’s (SSC) guide to “Best Practices for Securing E-commerce,” an iFrame (or Inline Frame) is a secure method of embedding content from one webpage into another webpage.

Envoy is a powerful open-source modern HTTP proxy server. It doesn’t just serve as a proxy; it’s also a swiss army knife widely used in current cloud infrastructure, thanks to the extensible filter design. The best part of Envoy’s filter is that you can define your own filtering, routing and transformation logic easily with Lua or WASM and plug them into the Envoy server to achieve things that cannot be done with the built-in filters.

Dismissing payments simply as a cost center will put any merchant at a significant disadvantage today. The reach and impact of payments has broadened extensively in recent years, transforming from just a function to be performed into a feature to be delivered. Payments now have direct input into the customer experience, geographic expansion and overall business performance. Indeed, many of the fastest-growing merchants and marketplaces around the world can draw a direct link between their success and their payments strategy.

For years now, tokenization has been the hot topic in the payments industry. Around the world, millions of businesses are now using tokenization to help secure payment data, sensitive transactions, and information such as credit card numbers, bank account numbers, and personally identifiable information (PII).

Today is Data Privacy Day, a global event recognized in over 50 countries to promote data privacy and protection best practices.

As society continues to ‘go digital,’ personal data is a goldmine for businesses. This doesn’t mean it’s a bad thing necessarily. It helps make the consumer experience better, and in some contexts like medical, can even save lives.

We’re excited to announce the launch of VGS Notifications to proactively inform customers about events in their live integration with VGS. The first delivery method we offer is via webhooks, which is one of the fastest ways to track events.

Time for an old joke: during the war, an Italian spy was captured, tied to a chair, and interrogated – unsuccessfully – for hours. The spy’s captors finally gave up and threw the spy into a jail cell. Fellow prisoners were impressed and asked how the spy could withstand interrogation. The Italian replied, “Well, I wanted to tell them everything … but I couldn’t move my hands!”

In the world of data security, keeping secrets is no joke. In espionage, your agent might be captured. In business, your data might be captured. Both are bad, whether you’re in Italy or anywhere else.

Today, we’re thrilled to announce our latest product development. Meet Starlarky!

VGS is proud to announce the new VGS Trust Center. Built-in collaboration with SafeBase.io, the Trust Center gives customers and partners a place to instantly search the entire VGS security program database, from network diagrams to access control, cyber insurance, penetration testing, and much more. It’s an all-in-one resource to answer almost any question about how VGS secures our environment to keep your data secure.

This week VGS has headed to the Fintech Talents Festival in London – a celebration of innovation in the rapidly evolving world of digital finance and technology. The global festival has me thinking of cross-border payments and how VGS is solving challenges merchants face in establishing a global customer base.

My Kingdom for a Horse!

In his play King Richard the Third, William Shakespeare wrote that the death of a single horse can bring down an entire kingdom. In 2018, hackers proved something similar in the world of cybercrime. By injecting a mere 22 lines of code into the supply chain of the British Airways website, the bad guys made off with 500,000 credit card numbers.

An All-In-One Checkout Experience for Optimized Secure Payments

VGS has simplified security and compliance for hundreds of businesses in the payments industry, helping merchants collect payments data both faster and more securely with our data security platform and libraries like VGS Collect and VGS Show.

This morning, the VGS Team at Money 20/20 in Vegas officially launched VGS Payment Optimization to the market. The flagship feature of this suite of products is Payment Orchestration, which allows clients to integrate easily with - and then route transactions among - payment gateways and Payment Service Providers (PSPs). A single, low-code integration to the VGS platform lets you set custom routing logic to reduce costs and increase transaction throughput while aggregating and owning all your payments data.

What It Is & Why It Matters

Many of us can remember our introduction to the power of compound interest at a young age. Maybe it was a grade school math teacher narrating the rice and chessboard fable or an early financial literacy course scaring you into saving for retirement by quoting Einstein: “Compound interest is the eighth wonder of the world. He who understands it earns it … he who doesn’t pays it.”

VGS is a Forbes 2021 Next Billion-Dollar Startup – WOAH! We’re thrilled to be one of only 25 companies selected for this distinction by Forbes and TrueBridge Capital Partners.

VGS has teamed up with Cobalt, an innovative Pentest-as-a-Service (PtaaS) company, to help businesses improve their security posture and achieve compliance easier by protecting sensitive data.

A recent report, The Privacy Paradox: Securing Data To Build Customer Engagement, developed in collaboration between PYMNTS and Very Good Security, found that while 85% of consumers are conducting more of their lives digitally, 87% refuse to do business with a company if they have doubts about the way the company handles their personal data.

When something goes wrong and there isn’t a clear root cause, it can seem impossible to find, understand, and fix the problem. But now with VGS Observability, you can determine when, why, and how an atypical event happened.

VGS has simplified security and compliance for hundreds of businesses in the payments industry, helping merchants collect payments data both faster and more securely with our data security platform and libraries like VGS Collect and VGS Show.

There’s no doubt about it: Compliance and data security are expensive, time-consuming, and stressful. And there’s a reason for that.

Traditional methods don’t make it easy for companies to become compliant and protect user data. For crypto startups like Gem or leading marketing platforms like Fivestars, securing customer data security is mandatory – but it’s often cost-prohibitive and distracting.

The basics of card programs as well as how to solve the biggest challenges with the least amount of work, risk, and cost.

Virtual and debit are an essential part of every card program. From complex pricing and risk management to ensuring easy integration into your existing payment infrastructure, there’s a lot to get right when issuing cards.

Penetration Tests, an Introduction

When your business is online, the front door of your business is directly in front of every potential customer. Unfortunately, it’s just as easy for attackers, fraudsters, and anyone who wants to prey on you and your customers to be at your doorstep too. With carefully architected locks and controls, you can make sure that your door only opens for your customers.

Penetration tests, or pen tests, are a critical part of making sure your controls remain as strong as you think they are. Specifically, it is important that your pen tests are conducted by a skilled external firm. And this is true even if your organization has a competent internal security team – even in our case, with a competent and specialized internal security team to support our data security business.

As we brought Payment Optimization to market, we regularly asked ourselves the all-important Why: Why this? Why now?

The short answer is that with the decade of evolution ecommerce has experienced in the last 18 months, firms have rushed to grow their payments functionality and now have the opportunity to tailor that payments ecosystem in innovative ways.

VGS + WAF = <3

“VGS + Web Application Firewall: Part 1” discussed the need for enterprises to invest in a Web Application Firewall, or WAF, as part of a defense-in-depth security strategy. This follow-up blog explores where to position your WAF, specifically in relation to your VGS proxy, so it can best protect your applications and enterprise. The goal is to educate and empower you to secure your systems against the widest possible array of vulnerabilities and attacks.

Today, web applications, or “web apps” for short, dominate the business landscape. They gather, store, and process the sensitive personal and financial data of millions of Internet users. We now spend the majority of our computing time in the cloud, accessing online services and resources, from e-mail to e-commerce, via our browser.

VGS congratulates four of our customers, Aspiration, Brex, Gemini, and TrueBill, that made the Forbes’ Fintech 50 2021 list of most innovative fintech companies.

Making this prestigious list is no easy feat and puts organizations in the company of notable ‘graduates’ (aka those who have gone public) like Coinbase and Affirm. We’re not at all surprised to see these four listed, with their focus on innovation extending all the way to security and compliance.

Quo Finance is a mobile subscription app that helps you easily set and achieve your lifestyle and financial goals. CEO Tucker Haas recently sat down with us to discuss the critical role data security plays in their product and why they decided outsourcing would keep customer data safest.

Note: The following has been edited for length and clarity. You can see the full discussion here.

Whether you run a payment channel, retail, or e-commerce platform, you are required to comply with the Payment Card Industry Data Security Standard (PCI DSS) in order to offer your customers a safe, quick, and easy-to-use system. In this article, we are going to explain to you some of the benefits of how to save time on building world-class, PCI compliant solutions on Android using one of our products - VGS Collect SDK.

Today, we are excited to announce our participation in Visa Fintech Partner Connect, a program designed to help Visa’s issuing clients quickly connect with a vetted and curated set of technology providers.

Now more than ever, cardholders expect best-in-class experiences from their issuers. Concurrently, issuers have evolved in recent years from exclusively traditional banks with brick and mortar branches to everything from food delivery platforms to crypto exchanges. Couple heightened cardholder expectations and the expanded issuer category with digital acceleration driven by the Covid-19 pandemic, and you have meaningful tailwinds resulting in more personalized and nimble card products.

Learn how to optimize App Clip size in iOS. Compared to a decade ago, we are much less constrained in our resources when it comes to secure application development. More efficient chips with brand new high speed technologies are continuously being launched, and developers’ focuses have been able to migrate elsewhere.

We’ve updated the look and feel of the Vault Dashboard and Documentation, including a new dark mode for Docs.

Given the array of threats and vulnerabilities that persist in modern information technology, data security and privacy have become competitive differentiators in today’s marketplace. They provide foundational building blocks for successful and ethical business practices, and they increase customer trust and loyalty over time.

Let’s talk about Personally Identifiable Information (PII). According to the National Institute of Standards and Technology (NIST), “If you collect it, you must protect it.” PII data breaches are defined as inappropriate disclosures, whether lost, stolen, or compromised, and whether the breach was intentional or accidental.

As divided as the U.S. may be in recent years, there’s at least one issue the vast majority of us seem to agree on: the price of healthcare is out of control.

As healthcare costs continue to inflate faster than other goods or services, healthcare premiums also grow. Whether through an employer or direct, people are often stuck with higher-deductible health plans just to be covered. Out-of-pocket costs for copays or the deductible can result in debt, unpaid bills, or perhaps worst of all, the person choosing not to get care.

Last year was volatile. Many industries struggled, while some found their legs. One space, in particular, found the spark to propel their own business and serve as a support system to the global economy. Meet Buy Now, Pay Later, known as BNPL in the payments industry – an afterpay financing option empowering consumers and merchants alike.

In 2010, Laszlo Hanyecz paid 10,000 bitcoins for two pizzas. Today, with one bitcoin selling for over $60k, those same coins are worth over half a billion dollars. Hopefully the delivery guy or gal hung on to those coins!

Learn what application accessibility is, how you can design accessible android apps, and how to check if your app is sufficiently accessible to users with disabilities or impairments.

What is a Payment Card Network? How Do Card Transactions Work? There’s a whole ecosystem involved in card transactions, including the issuing bank, (payment) card network, acquiring bank, merchant, and finally, the cardholder.

Very Good Security customer Flutterwave recently shared some excellent news! They raised $170 million in a recent Series C round, led by U.S. hedge fund and investment firm Tiger Global and New York-based private investment firm Avenir Growth Capital.

One truth we’ve all had to grapple with: COVID-19 forced almost every company to start working remotely.

Before the pandemic, our VGS team always believed it was more effective to work from the office. Although our company was distributed between two countries and had a positive attitude towards working remotely, we were an ‘office first’ culture.

Android was designed to be open and flexible and has made launching apps extremely accessible across the globe. This post describes some essential security tips that you can follow to make sure that your Android app is keeping your users’ data protected.

If you’re reading this blog, chances are you already know what PCI is and you may also have some inclination that it can be a pain in the you-know-what, too. Just how severe that pain can be is something else altogether.

Welcome to the new and improved VGS dashboard.

As part of our mission to constantly make sure our users have a simple and easy-to-navigate experience on our platform, we are thrilled to announce our new personalized user experience called Personalized Next Steps.

Have you ever wondered where your data really goes when you send it to the cloud? If you followed the bits, there is a good chance that you would find your scientific research, shopping carts, and personal emails on a hard drive in the world’s largest data depot, inside northern Virginia’s Data Center Alley.

Personalizing the developer experience is one way we’re making our product more accessible. Here’s how we did it.

As little as five years ago it was rare to see venture investment filtering through Africa, with seven-figure seed investment rounds happening as infrequently as spotting a bat-eared fox on safari. Fast forward to 2021… Early-stage startups in the region are bagging multi-million dollar deals and pre-seed rounds are taking off, paving the way for the world’s next household names.

So what’s changed, and why is fintech at the core of this shift?

Network security is a pillar of a secure compute platform, especially on multi-tenant clusters. In this blog, we will look into constraining network access of OpenFaaS functions and kubernetes pods to isolate them from each other as well as external services.

To simplify the experience of developing and packaging applications, we would like to make use of serverless functions. In this blog, we will demonstrate how we enhance this experience with OpenFaaS serverless functions, without compromising on security.

In this post, we want to build a platform that can run containers securely on an Amazon Elastic Kubernetes Service (EKS) Cluster. The first component we will look at is integrating a secure container runtime. We will explore the gVisor sandboxed container runtime environment and how to integrate it with EKS.

In the last year, the business world – particularly the tech industry – has seen a paradigm shift to remote work. While this transition has held some challenges for management, most teams have adjusted to this new model quite nicely. For security teams, the new norm has transformed access control to the point where the traditional perimeter-based model is no longer feasible as a defense-in-depth strategy.

In an era engulfed by the collection, storage and analysis of sensitive information, data privacy and security are among the foremost challenges to be solved. In this blog series, we are primarily interested in how we can compute securely on sensitive data using untrusted code on multi-tenant systems.

Very Good Security customer Stilt just made an exciting announcement. The rising fintech company, which offers financial services tailored to immigrants living in the US, just raised a $100 million debt facility from Silicon Valley Bank.

Data ownership of your payments data (particularly card data) is especially important because no other bank or financial product will generate as much insightful data about your customers as your card payment products. It can lead to insights that lead to making the right offers or even development of the right products and services.

We’re just a few weeks into the new year and let’s be honest - it doesn’t feel all that different than 2020. That said, vaccines are being rolled out and we’re all hopeful we’ll see an end to the pandemic this year. However, some of the radical changes it brought with it are likely here to stay.

Do you own your data?
Your journey of payments transformation and innovation starts and ends with data ownership. Access to your data is essential.

We’re thrilled to announce that Very Good Security (VGS) has scored the 28th spot on Growjo’s 100 Fastest Growing Companies in San Francisco 2020. It has been an exciting and rewarding journey for everyone on the VGS team, and we can’t wait to achieve even more growth and innovation in 2021!

It’s been said that necessity is the mother of invention, and that proverb certainly rings true for Very Good Security (VGS). The inspiration for VGS came from a problem my co-founder and I lived first-hand while building a large payments company: we spent nearly a year and $1 million to create the necessary infrastructure and compliance certifications to run our previous fintech business.

SolarWinds, an Austin-based IT management software company, was compromised via a software supply chain attack by suspected nation state adversaries. This was considered to be a sophisticated attack that exposed a vulnerability in many infrastructures. The attackers utilized novel attack vectors and tools, tactics, and procedures (TTPs) to target nearly 18,000 companies and government agencies.

Hackers make and break information technology (IT) for fun and profit. Marathon runners, paying homage to the spry Greek courier Pheidippides, run 26 miles – just for fun. Thus, a “hackathon” is an extended opportunity to show off your 31337 skillz.

When we think of where the bank stores our money, we think of a vault secured with high-tech locks and multiple doors. Unfortunately, data security has been handled much in the same way - with slap-on safeguards. Securing these digital vaults hasn’t changed much since 2010, with many more companies lagging behind in compliance and ill-equipped to handle cybersecurity threats. Hackers can access these vaults through brute force alone. Or they can simply work their way up the hierarchy, stealing credentials from employees until they hit the jackpot.

At this time of the year, the air becomes crisp and holiday excitement starts brewing. For online retailers, visions of jingle dollars dance in their head as the holiday season represents up to 30% of annual sales. But when sales go up, so does the activity of cyber criminals.

Secure Your E-commerce Transactions for Compliance and Monetize the Value of Your Data

As you consider how to collect payments for your e-commerce business, you will also have to consider which form of payments to accept. The most widely accepted form of payment for e-commerce is card payment. As a result, you’ll have to determine how to collect card payment information in a PCI compliant manner.

Please Vote!

If you are lucky enough to live in a democracy, you should always exercise your right to vote. Today, the U.S. Constitution guarantees every American over the age of 18 the right to choose their government, regardless of race, gender, religion, disability, or sexual orientation.

In a world of increasing data breaches, iOS App security and data protection has become more important than ever. Users are now familiar with how it can be easy to jailbreak iOS device and how some applications grab users’ data. Developers need to be able to easily and efficiently build user data protection into each application to prevent sensitive data leakage upon release and during future updates.

CB Insights today named VGS to the third annual Fintech 250, a prestigious list of emerging private companies working on groundbreaking financial technology.

Here at VGS, our mission is to secure the world’s sensitive data. The first step toward achieving that goal is to protect data where it’s collected.

With VGS Collect, developers can safely ask users for critical data, like credit card details, over the web or through IVR systems and limit security risk for both themselves and their users. Recently, we’ve added a new VGS solution for securing sensitive data collected from mobile applications - VGS Collect iOS and Android SDKs.

Data breach stories have been a fixture in the media for several years now, with large-scale breaches making the news on a regular basis. These data leaks have impacted every type of organization, from major airlines to global financial institutions – and the damage they leave behind is massive.

A company-wide shift to full-time remote work would typically take months or even years, but in the context of the Coronavirus pandemic, everyone was forced to do it almost instantly. Some companies found this transition quite easy, but the majority felt unaccustomed, to say the least.

Tokenization has been a hot topic in the payments industry for some time, now used by financial institutions in transaction processing all around the world. Companies use tokenization systems to keep sensitive data, like credit card numbers and bank account numbers, safe while still being able to store and use the information.

Today we are excited to announce that Very Good Security (VGS) has achieved Select Technology Partner status within the Amazon Web Services (AWS) Partner Network (APN). We are thrilled to work with AWS to provide customers modern data security and compliance solutions.

As every engineer knows, software advancements often come with novel risks, regardless of improvements in security. Every new technology that aims to ease the ever-increasing demands of IT operations teams also brings new security challenges along with it.

Cybersecurity is wildly unfair. A hacker only needs to succeed once to get what they want, while businesses need to succeed every day indefinitely to prevent that from happening.

We are happy to introduce Brian Whorley, CEO and founder of Paytient, an innovative health care technology company that leverages our solutions to protect sensitive patient data.

Today we are excited to announce that Very Good Security (VGS) has received a strategic investment from Visa, Inc. We are proud to add Visa to our list of incredible investors, including Andreessen Horowitz, Goldman Sachs, and Vertex Ventures US.

Visa’s founder, Dee Hock, once said: “Preserve substance; modify form; know the difference.” Sensitive financial and personal data are powerful keys to unlock value. However, if compromised, these keys cannot be reissued, and therefore require a proportional amount of protection.

New year, new you!

With the new year – and new decade – upon us, now is the perfect time to start thinking about what we want 2020 to look like.

For small business owners, or really any team member at a modern company, data privacy and information security present major challenges in the coming year. After an uptick in data breach incidents in 2019, we all need to be especially vigilant in the new year.

The second Payment Services Directive (PSD2), issued on September 14th, 2019, has introduced new requirements for banks to reduce fraud, called strong customer authentication (SCA) requirements. This new PSD2 SCA regulation will be critical to advancing cybersecurity in Europe, especially as the fraud rate continues to climb. In this brief guide, we’ll cover all the key facts you can’t go without.

Over the past year, the VGS team has doubled; to support that growth, we’ve had to evolve how we structure our engineering team. Here we detail the choice to adopt the squads structure as the one to scale with our team.

Very Good Security(VGS) is continuously looking for ways to facilitate security and minimize the potential risk for our users, including when it comes to identity management.

Security and Connectivity for the Fintech Ecosystem

In today’s rapidly evolving fintech ecosystem, foundational building blocks like data security and connectivity to financial institutions are prerequisites for building valuable fintech products. However, these building blocks are rarely companies’ core competencies. Just as modern fintechs are no longer expected to build their own one-off integrations with financial institutions, they shouldn’t be expected to build data security and compliance solutions from scratch when it isn’t their focus.

Embedded content is an ingrained part of the modern online experience – from YouTube videos and like buttons to advertisements and so much more. The average internet user may not realize just how much third-party content is embedded into each page they visit.
Apart from the dynamic user experience and revenue-generation that embedded third-party content can provide, there is an additional benefit that doesn’t get quite enough attention: data security.

Fintech security has become more important than ever as traditional data protection strategies continue to be out of reach for most startups.

Consumer data breaches are a dime a dozen these days, with massive, highly-public cyberattacks hitting our newsfeeds on a nearly weekly basis.

From social security numbers and credit card numbers to other types of sensitive data, it seems like several popular global corporations have failed to keep their customers’ sensitive personal information safe time after time.

And, unfortunately, earlier this month it was confirmed that enterprise-scale cybercriminals are successfully executing newer, sneakier, and increasingly dangerous cyberattacks that are becoming increasingly difficult to detect.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

In the context of data protection, modern digital businesses realize the dangers that come with using sensitive information in its raw form. Figuring out a way to collect and use the original data without putting it at risk remains a challenge, and organizations must channel a lot of their resources into IT security that protects their users’ sensitive data like credit card numbers and other cardholder information.

With so many highly-publicized data breaches hitting newspaper headlines in recent years, including a massive Capital One data breach in 2019, it has become more important than ever to protect sensitive consumer data and limit its exposure to data leaks.

In a previous article, we discussed how to authorize resource access in a distributed environment and what challenges doing so poses in terms of architecture. In this article, we detail how our engineering team dealt with some of these challenges to build a fine-grained permissions system.

Three years ago, Very Good Security (VGS) embarked on a mission to prove a novel concept in the data security landscape: the best way to protect sensitive data is to not possess it in the first place. Since 2016, we have enabled our customers to adopt our approach to de-scope their systems from interacting with sensitive data, while allowing them to maximize data utility and quickly achieve compliance certifications.

Imagine you need to get from your home to the airport to catch a flight. You open the Lyft app on your phone and see that Lyft is surging and the ride will cost you $75. You, almost subconsciously, open the Uber app and it’s $55 for the same ride. You then confirm your Uber ride and you’re on your way.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

TravelBank’s innovative, all-in-one trip expense platform - protected by VGS

Very Good Security is excited to announce its official membership in the American Chamber of Commerce (ACC) in Ukraine. The ACC in Kyiv is a non-governmental, member-funded, non-profit organization representing the largest investors and multinationals that operate inside Ukraine.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

Most companies don’t collect data for the sake of hoarding it – they collect it as an input to achieve some business objective. In other words, they need to do something with their data. This typically requires sharing data with a third party to operate on or enrich the data (e.g. processing a credit card; running a background check; getting a FICO score).

Very Good Security (VGS) is excited to announce its participation as a launch partner for Visa’s expansion of their Fast Track program to the U.S. The program is part of Visa’s global strategy to open its network and to support a broad range of players that are developing new commerce experiences. The Fast Track program makes it easier for fintechs to partner with Visa and access its global payments network. The VGS team is pleased to work alongside Visa and our fellow launch partners to provide premier services for emerging fintechs.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

United Naturals - With VGS, we take data security as seriously as your wellness. Learn how United Naturals smoothly integrated with VGS in record time.

In 2011, Google’s Alberto Savoia proclaimed that “Testing is dead.” Many tech trends have changed since that notable opening keynote at the Google Test Automation Conference 8 years ago, including the adoption of DevOps culture, and there’s one thing we can say for sure: testing is not dead. In many ways, it has actually evolved — the classical tester’s role has just become spread out between engineers while quality assurance has remained an essential part of the software development culture.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

“PCI, including our yearly certification, has now become a breeze”

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

Truebill - Securing customer data with “beyond bank-level” security.

Today’s hero is Idris Mokhtarzada, Founder & CTO, Truebill.

When it comes to a robust, open-source, and fairly secure database system, Amazon RDS PostgreSQL monitoring tools is often a top choice for developers. That’s why we wanted to get under the hood to better understand the PostgreSQL monitoring tool and its performance.

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

Streamline using VGS to differentiate itself and remove risk from its business

Today’s hero is Chris Spears, Executive Vice President and Chief Information Security Officer (CISO) of Streamline VRS.

“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.” - Tim Berners-Lee, Inventor of the World Wide Web

We’re excited to announce some improvements we have made to the accessibility of VGS Collect. But first some background on the topic of accessibility.

We’re excited to announce that we’ve partnered with our friends at Netlify to develop an add-on that effortlessly and securely collects data via webforms.

Design is the first thing a customer will notice when they visit your website. A beautiful design is not only attractive to the visitor, but it makes your business look more legitimate. As you build and improve your website, it is important that third-party UI elements work well with, and look similar to, your own user interface. To make the building and programming process easier, here at VGS we put in work to make our forms as flexible and user-friendly as possible for you.

It was just another Monday morning. Our engineering teams were getting ready for their standup meetings, the sales team was going through the customer priority list, and HR was checking the schedule of performance reviews and promotions for the week ahead. The sun was shining brightly (what a difference after the record rains in SF in February!), well the Spanish sun kinda always shines brighter.

It was just another Monday morning. The only thing that was different. We were all in the same room.

Today, we’re happy to announce the introduction of our new Compliance Academy, a resource where you can learn all about compliances and regulations such as PCI, SOC2, GDPR and CCPA.

In the last 2 years at VGS we’ve seen a significant uptick in interest regarding regulation. Every day we field multiple questions from people trying to understand if their company is “in scope” and if so, what they need to do about it. There are a number of reasons for this interest but primarily it appears to be driven by uncertainty. Both startups and established companies alike face the prospect of a world with increased regulation and significantly stiffer penalties for failure to comply.

Brex building the next generation of B2B financial services

Our Customer Spotlight series highlights the stories of VGS customers who have joined our mission to protect the world’s information.

If you had one million dollars in cash, how would you keep it safe? Would you leave the pile of money on your kitchen counter? Or, would you put it in a bank? Most people would choose to deposit their money in the bank for safekeeping, or at the very least put it in a safe. We immediately feel the power of its tangible value. But what about data? If the data your organization has accumulated was worth one million dollars, how would you store it? You may think that there’s no way your data could be worth so much, but the reality is that you are probably severely underestimating the value it truly holds - and is still waiting to be unlocked.

At Very Good Security (VGS), our seasoned engineering team works hard to successfully solve complex technical challenges - while keeping security our top priority. One of such security challenges is access control to resources we store in our microservice architectures.

With current payment card industry (PCI) regulations and growing numbers of sensitive and personal data leaks, there is increasingly high demand for dependable security solutions that protect your customers’ personal data. It’s imperative that companies shield their users’ information from the very first interaction with your application, when customers often enter their most sensitive data.

Do you think you deserve the right to privacy? The United Nations does. December 2018 marks 70 years since the U.N. ratified the Universal Declaration of Human Rights. Article 12 states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Is that even possible in an era of cyber attacks and data breaches?

Very Good Security (VGS) uses Kubernetes, hosted on AWS, to speed up application delivery and optimize hosting costs. A common issue is ensuring replicas are evenly distributed across availability zones making applications resilient and HA.

By default, the Kubernetes scheduler uses a bin-packing algorithm to fit as many pods as possible into a cluster. The scheduler prefers a more evenly distributed general node load to app replicas precisely spread across nodes. Therefore, by default, multi-replica is not guaranteed multi-AZ.

Imagine that a local library has hired you to help with the development of a web service to expose its library catalog (which, in essence, is an SQL database) on the Internet. Nothing fancy required — a simple REST API will do the job. It shouldn’t be too difficult for a seasoned Java developer like yourself, now should it?

Rotating access credentials such as passwords, certificates, or keys is a universally accepted best practice for security. Very Good Security’s new Access Credentials Rotation feature makes it easier for you to switch (or rotate) from one set of credentials to another to keep your cloud assets safe and secure.

We’ve enabled you to leverage VGS Access Credentials to manage/rotate access credentials, create new pairs or deactivate old ones, and send data to third parties faster. This makes it easier to manage multiple access credentials, leaving you with extra time to focus on more valuable business priorities.

Very Good Security CTO and co-founder Marshall Jones took to the stage at the National Press Club in Washington, D.C. on November 8, 2018 to present at the annual SINET Showcase. Each year the Security Innovation Network (SINET) evaluates the technologies and products of hundreds of emerging cybersecurity companies from around the world and selects the 16 most innovative and compelling companies. The winners are then invited to outline their company’s unique approach to addressing the most pressing needs and requirements in cybersecurity.

Access Logs are an essential aspect of the web environment. With so much information to distill, and so much to know about when it comes to eliminating bugs in the development process, they provide additional data that is useful for debugging and auditing. As you might imagine, with the growing popularity of VGS as a stand-out cyber security solution for startups, small businesses and other companies that are trying to do more with less, we are constantly innovating on our security paradigm and products. It’s time to explore VGS Access Logs at length. That is–what is it, how to read it, where it can be found, how to debug logs and even configure routes directly from the Logs page.

Wherever there is sensitive data, there is also motivation for malicious third parties to try and steal it. In order to ensure your company’s sensitive information never gets leaked, it’s essential to take steps for securing it.

Let’s consider the scenario of sending sensitive data from an Android mobile device to your API server. How do you make sure that the data is safely received by the server?

No one goes into business because they want to do data security. But whether you’re a brand-new startup or a Fortune 500 giant, effective data security is essential to be – and stay – in business. The only thing less fun than data security and compliance is a data breach.

If you’re anything like us, you’re tired of hearing about data breaches, and you’re tired of them happening, over and over, at the expense of your own privacy and security.

If you have an API that interacts with credit card data, before using your API in the wild you’ll need to make sure it is secure and PCI compliant.

One straightforward solution for this is to redact every credit card number that goes through your API. If you have a Java-based web application that uses the Spring framework, what would you do? Would you use a third party or find your own way to solve this problem?

Last month, we announced that we began working on a “3-Click Integration” feature which allows you to instantly integrate with VGS! Since then, we’ve been working on building a seamless, reliable integration. Today, we’re excited to launch it to the world!

Background:
Startups and small to medium businesses alike are faced with protecting information assets with limited resources. Laptops and mobile devices are a vector for sensitive and high value ex-filtration due to configuration. In this post we will cover the main use cases to address. We will also explore a straightforward solution design and set of procedures to manage a fleet of devices.

Wireless Sensor Networks (WSNs) are increasingly being deployed for various applications and you no longer need a degree in computer science to understand the benefits of them. A wireless sensor network is an interconnected group of devices that monitor the environment through sensors and communicate via wireless.

Should your DevOps team be threat modeling? The answer is definitely yes.

With data breaches on the rise, development teams need every tool available to create secure applications. This is especially true if your company handles sensitive customer data.

This month we’re pleased to announce the release of the user management feature that aims at giving you more control over your Organization. Take a look at these new changes.

Today we announce the first release of our Secure Logger feature designed to make debugging your VGS proxy integration experience simpler.

Essentially, a middle man. When dealing with computers the concept is largely the same. A web proxy is simply a bit of software that will relay a HTTP request for you.