New Product Launched 80% Quicker with VGS

Case Study LogoCase Study


Stilt is a mission-driven fintech company that provides financial services to immigrants and the underserved. They build products to improve financial inclusion and democratize access to credit.

Headshot of Priyank Singh

Priyank Singh,


United States




Get a new product to market, fast.

The Challenge

Secure PCI level 2 compliance quickly to launch a new debit card product that allows users to see their debit card numbers in Stilt’s application.

Solutions Summary

Using Very Good Security’s (VGS’) data security infrastructure, Stilt was able to secure PCI Level 2 compliance in less than a week and launch their new product.


Stilt’s business partners were willing to accelerate timelines as soon as they integrated with VGS and achieved PCI Level 2 compliance in just one week. Stilt launched their new product 80% quicker than they could have without VGS.

Background image


Expanding from Loans to Banking Products

Imagine transferring to a new country. You arrive in a new world carrying all of the money you have, on your person—in cash (we’re talking thousands; you can’t open a bank account before you get there).

Fast forward 3 months, 6 months, a year… You’re working for a large enterprise, being well paid, but because you’re not a citizen and have no in-country financial history, not a single financial institution will give you the credit you need to grow your new life. You’ll have to wait SIX years to get a loan at a decent rate; to buy a car, further your education, etc.

Depending on your life experience, this may sound like a far-fetched scenario. But it’s painfully true for the hundreds of thousands of immigrants who arrive, live, and work in the United States each year.

With an intimate understanding of this problem, the founders of Stilt set out five years ago to make financial products simple, fair, and honest for immigrants. By offering unsecured personal loans on their lending platform, they grew to have customers from 150 countries.

As their customer base grew, the Stilt team got clear feedback that they needed even more banking services. Top among the demands: access to a bank and debit / credit card.


Quickly and Compliantly Get a New Product to Market

“We had to show customers their debit card number on the app. To show that number, we needed PCI compliance—and we wanted it done fast.”

- Priyank Singh,

When someone moves to the US, day one, they don't have a bank account, debit, or credit card. They have to use cash for everything, from an apartment deposit to transportation to groceries and so on. As mentioned before, that’s thousands of dollars in cash people are forced to carry around.

To solve this challenge for their customers, Stilt developed the idea for a bank account immigrants could open without visiting any branch and without showing any extra documentation. In five minutes, users would have their new bank account and receive their debit card number immediately, in the Stilt app. This is where Stilt met a challenge.

To show customers their debit card number in app, Stilt needed PCI level 2 compliance. Priyank said, “For a company of our size, the priority is to create a great product and user experience. We don’t want to spend time on PCI compliance.” In addition, he shared that speed was their priority. “Our aim was to be up and running as soon as possible,” said Priyank.

Challenge image
Solution image


PCI Level 2 Compliant in a Week

“We knew if we did PCI by ourselves, it would take at least 2-3 months... And what I have learned from experience is that compliance is a headache. With VGS, we were able to get running on the platform and become PCI level 2 compliant in less than a week, with very little effort on our part.”

- Priyank Singh,

The most important thing for the Stilt team was achieving PCI Level 2 compliance quickly. Having gone through other compliances internally and having the infrastructure in place for PCI, they knew they would need 2 - 3 months to get PCI compliance if they built it on their own.

Priyank said, “For our case, our infrastructure is ready to get PCI, but the process of hiring a third party and getting auditing done, and going through that painful and time consuming process remained. Not to mention the time engineering associates would be pulled away from their core work.”

By using VGS, Stilt was able to secure PCI Level 2 compliance and go live in just one week, without the pain or diverted internal resources. In addition, VGS had the javascript Stilt needed to actually show the debit card numbers to their customers.

Strong Customer References Key Decision Making Criteria

Stilt evaluated 8 or 9 vendors as they looked for the right PCI solution. But as a Y Combinator company, they had an extensive network to draw on for guidance and reference in the selection process. The feedback Stilt received for other companies similar to VGS was that their APIs weren’t up to par.

With VGS, it was another story. Priyank says, “We reached out to a bunch of folks who are using VGS. The feedback that we got was that VGS was the best way to move forward since we were optimizing for speed. From all over the place, we got good feedback. That's why we went ahead with VGS.”

He went on to share a story about reaching out to their customers as they were developing their banking product. Among other questions, he asked what they were doing to fix compliance and card data. Their answer? “Oh, we use VGS.” Priyank said, “We heard it from our customers who are using it. For me, a referral like this is the best endorsement.”

Strong Technical Support

“We worked closely with the VGS engineers and support team. They helped us a lot to get up live and running,” said Priyank. “Responsiveness was above expectations. If I had to rate it on a one to five scale, I’d give support a five.”


Stick to Core Focus, Hire Experts for Compliance, Move Fast

“I rely on you guys for PCI. What if something changes in PCI tomorrow? I don't want to get into it. We are a start-up and we don't have the luxury of spending time on things that are not necessarily going to add value.”

- Priyank Singh,

Stilt’s debit card product is live and they are seeing the business scale. Their business partners accelerated timelines as soon as they integrated with VGS and achieved PCI Level 2 compliance in just one week. Stilt launched this new product 80% quicker than they could have without VGS. Looking to the future, Stilt knows they will need to upgrade to PCI Level 1 and, again, know VGS will make this happen much faster than if they had to build it themselves. In addition, they saved all the internal engineering time that would have been dedicated to PCI processes and paperwork, both up front and on an ongoing basis that is now being put into building business solutions for their customers.

Results image