Tokenization and the Value of Very Good Security for Credit Unions

In survey after survey, security tops the list of consumer priorities for digital banking technology. It beats convenience, UI/UX, and error-free functionality every time.

This is no small issue. In fact, it’s an issue that credit unions should be very, very aware of.

The member experience demands security. Whether from user-friendly apps, embedded finance technology, or simply issuing a debit card, information security is essential for success.

But a true information security strategy must be comprehensive. Here’s what we mean:

See more about VGS here:


Information Security at All Levels

For credit unions and other financial institutions, general information security is table stakes. Guidance and regulations require as much.

Credit unions are generally very careful about several layers of security:

  1. Vendor security. For example, PCI DSS compliance and other vendor-side protections keep credit unions, members, and other technologies safe.
  2. Network security. Firewalls, antivirus, SIEM, and other forms of network safety measures keep bad actors at bay.
  3. Organizational security. The people, policies, and procedures in place to maintain secure systems and culture.

But no combination of only the above can guarantee complete information security. And the fallout from data breaches costs institutions north of $40bn each year—not counting reputational risk.

Credit unions need a way to safeguard data and minimize the damage from a breach. That’s where Very Good Security comes in.

 

Who Is Very Good Security (VGS)?

Very Good Security, or VGS, offers payment data security and compliance infrastructure for credit unions. What this looks like in practice is simple:

VGS uses “redact and reveal” technology that enables credit unions to conceal sensitive data on their systems, and then reveal it on demand in select channels (like online banking).

So, credit unions can conceal or redact credit, debit, and sensitive PII on their systems…

And then reveal that data to internal or external systems, like online banking systems, identity verification providers, and credit bureaus.

VGS does this through a proprietary tokenization process known as aliasing. In short, tokenization is a step beyond encryption. Instead of using a mathematically generated cipher (encryption), VGS substitutes meaningful data with a meaningless string of non-relational characters.

That string of characters correlates to encrypted data in an exterior token vault—a vault outside of the credit union’s network.

For payments and other necessary transactions, the process is fast and seamless. The token accesses data in the vault, which then gets passed on to complete the transaction.

This results in several major benefits:

  1. Reduces risk from data breaches. In the event of a breach, threat actors gain access to less meaningful PII and meaningless financial data, plus zero access to any data stored in a VGS vault.
  2. Increases compliance. VGS helps credit unions meet PCI and SOC 2 compliance (while simultaneously decreasing scope due to tokenization).
  3. Allows immediate access to new debit/credit cards. Whether onboarding a new member or reissuing after a card loss, VGS enables credit unions to deliver virtual cards to their members instantly.

All this coupled together means that members are protected even if their password is “12345” or if you’re worried about insider threats.

Our main takeaway after speaking with VGS is this:

Credit union information security should be holistic, not piecemeal. While good vendor, network, and personnel security are great, they’ll be most effective with an overarching security strategy that limits the amount of and access to sensitive data on credit union systems (such as through tokenization).

Is this the information security of the future for credit unions? Most likely, yes.

 

Additional Resources

Like what you’ve seen so far? Sign up for our Fintech Call Program and get a personalized, 30-minute call each quarter. We’ll discuss the latest technologies and solutions, make key introductions, and offer early access to events, giveaways, and more!

And of course, please subscribe to our blog (if you haven’t already)!