Even Secures PCI with “10x Less Staff and 5x More Quickly” than DIY

Case Study LogoCase Study

Client

Even’s responsible earned wage access platform is provided as a benefit by forward-thinking employers who want to improve the financial health of their employees and boost productivity and retention. It combines the convenience and flexibility of on-demand pay, which helps employees cover unexpected expenses and bills that might be due before payday, with a suite of proven tools for planning, budgeting, and saving.

Client Photo

Will Maier
CISO

Region

United States

Industries

Payroll, financial services

Goal

Focus on core business to allow customers to offer bill payment services to their employees, by offloading PCI and SOC 2 compliance.

Challenge

Secure complex compliances quickly while keeping the engineering team focused on delivering core business applications. Enhance credibility with banking partners.

Solution

VGS Zero Data Platform and VGS Control

Result

Even used VGS to implement PCI with “10x less staff and 5x more quickly” than if they had done it themselves. According to Maier, when launching their new bill pay service, mentioning VGS to banking partners brought “an immediate de-escalation. ‘Oh great. We know [VGS]. We know they’re great at what they do’.”

Background image

Background

Even’s mission is to help companies reimagine the role of pay so people can create the lives they want. Even’s earned wage access platform takes a responsible approach to on-demand pay, pairing it with budgeting, automated savings, and visibility into daily earnings so users can safely resolve cashflow emergencies today while building financial resilience for the future. The result is stability and opportunity for employees, which is proven to result in more engaged and loyal workforces for employers. Even currently serves more than 600,000 active members.

As an earned wage access provider, Even handles extremely sensitive data for enterprise customers and their employees. Data security and compliance are a top priority. In addition, they offer a suite of financial services products to help their customers’ employees save, plan for the future, and become more financially healthy.

Challenge

Move Money, Securely

Earned wage access is tied closely to payroll services, which means Even handles sensitive personally identifiable information (PII), such as employees’ social security numbers. Employees trust their information will be safe with their employers, so it’s critical that data stay secure. For Even, that means their product has to be extremely secure and compliant with data privacy regulations and PCI. “We needed to help our customers deliver wages to their employees, and they would prefer that as few parties as possible have access to that data,” said Will Maier, CISO at Even. Obviously, data security and compliance are the top priority. But that doesn’t mean security can become a blocker to the innovations and service that customers and their employees need.

Since Will had previous experience building in-house data security and PCI compliance solutions, he knew first hand what a monster job it was. It would involve both expanding the engineering staff much more rapidly than he wanted to and taking their focus away from product development. Will said, “A larger engineering team amplifies the coordination cost and slows things down. We wanted to move quickly and keep momentum going without getting bogged down with things that aren’t core to our business.”

Stay Lean, Move Fast

“We wanted to move quickly and keep momentum going without getting bogged down with things that aren’t core to our business.”

Will Maier
CISO

Solution

Offload Data, Offload the Burden

Even chose VGS’ Zero Data Platform so they could keep their team lean and nimble, and keep sensitive data away from their servers. Using VGS allows them to meet their customers’ desire to keep data protected. VGS collects, protects, and exchanges all sensitive data by replacing the original information with an aliased version that is stored securely in VGS Vaults, never touching Even’s servers or letting anyone see the original information.

“VGS takes the really scary, sensitive, tricky compliance and security stuff and does it for us. They get it right. And then we get the benefit.” Will Maier, CISO

Secure Onboarding

Even’s application, powered by one of their banking partners, requires identity verification to onboard customers. By using VGS to collect, anonymize, and securely store PII needed to verify customer identities, Even ensures that the sensitive data will never touch their servers and that Even employees never see that data.

Soution image

Results

Peace of Mind for Even and Their Customers

“Our sensitive data is secure and we’re PCI compliant with 10x less people and 5x more quickly than if we’d built our own solution.” Will Maier, CISO

“Setting aside the business aspects of establishing the banking relationships necessary to offer the feature that we’re relying on VGS for—the card holder data acquisition—in my past experience, we had to create systems like VGS internally, manage them, and then certify them, get our own QSA, and complete our own PCI certification. All of that took, I would say, up to five times longer than what we’ve been able to accomplish with VGS,” said Will.

He went on to share that, thanks to VGS, Even has also been able to move quickly and keep their momentum going. This has allowed them to serve some of the largest companies in the world, including Walmart, Humana, and PayPal. Even’s engineering team is able to focus their efforts on integrating these customers and building new features to help their employees.

“Our engineers are focusing on the design and UX, rather than spending all their time getting the data security parts right. We trust VGS to help us make sure that happens.” Will Maier, CISO

Results image