Building The Credit Card Rails For Data Requires The Help Of An Alias

Very Good Security (VGS) CEO and Co-Founder Mahmoud Abdelkader told Karen Webster that data aliasing leads to payments optimization — and, eventually, to the connected economy functioning smoothly, with the safe exchange of information across a continuum of services.

At a high level, aliasing may be thought of as a super tokenization that enables payments optimization — and by extension helps companies fulfill their strategic imperatives.

“We’re building credit card rails for data,” Abdelkader said.

Aliasing, Abdelkader explained, allows companies to retain control of their data — and, as a result, work with any service provider they choose, without worrying about that provider’s data stewardship.

In the traditional model, he said, a company (in this case a merchant) may pick a payment service provider (PSP) — such as Stripe or Adyen, let’s say — and when they do, their data then becomes part of that partner’s platform.

The merchant may find they are growing over time — and once they hit a particular payments volume threshold, they may want to offer alternative payment methods. Or, said Abdelkader, they may want to embed payments in a bid to control the user experience a bit more actively — all in pursuit of their own business goals.

“The only way to do that is to unbundle their data from that service provider, so that they have the optionality to better service their customers with whatever vendor experience that they’d like to embed thereafter,” he said.

That means importing data back into the merchant’s own internal systems.

The minute that happens, he said, the merchant starts to encounter data privacy and compliance concerns.

Setting Up the Data Proxy

Using aliasing means that merchants (or other businesses) need not import the actual sensitive card data into their systems, where it may be vulnerable to attacks or misuse, he said. An alias mimics the underlying data — serving as a proxy of sorts.

Aliasing is a way to create a reference, or a proxy, to the underlying data structure that allows it to synthetically mimic underlying data without revealing any of the sensitive pieces, Abdelkader explained. The business that enlists VGS to create the alias is able to retain the value of the data without having any of the liability shifted onto its internal systems or platforms (the liability is, by way of contrast, shifted to VGS).

Aliasing has the advantages of safeguarding back-office operations that have traditionally been difficult to de-scope, he said.

He shared an example in which a fraud agent may be looking at transaction histories and may need to pull up more information about a particular payment. Prior to the availability of aliasing (and even with tokenization in general), firms would have to bundle a fraud monitoring system with the product tied to payments acceptance. The alias, he said, can be searched for “as if it were a real piece of data … you can search for it in a ‘search box’ and behind the scenes, VGS will translate that alias into the real data, query the system for them. And when it comes back, it will swap out the real data with the alias.”

The concept, creation and deployment of aliases, he continued, can be used in the real world across a variety of use cases, where an “aliased email” might be programmed to expire after 10 minutes.

An aliased Social Security number, he said, can be programmed to be revealed only to a certain party, such as Experian or TransUnion — but if it were to be sent to another party’s email account, the data would not be revealed. The idea of picking and choosing who — or where — the data can be revealed may hold particular appeal to the user or enterprise in California (where new privacy and data protection laws have been mandated) that might not want data making its way to China.

In other examples, that testing can be done to see which processors and parameters can be combined to maximize credit card authorization and acceptance. Companies that have cards on file may want to maximize recurring billing systems, testing to see if a desirable level of recurring transactions can be let through.

Abdelkader said that although VGS does not issue the data itself, his firm’s infrastructure, where the data are stored, also remains “automatically compliant” with regulations in the United States or Europe (with teams dedicated to the privacy and data storage protocols across the globe).

Powering the Connected Economy

In the connected economy, data and payments come together — where banks and other firms can view a consumer’s needs in context and offer relevant rewards (or loans or promotions) on the spot.

But those same consumers who benefit most from and want to be connected to the connected economy don’t want their data floating all over the internet. Data aliasing, he said, gives the consumer the option to associate credentials or other information with a certain vendor (even patient-level medical info that traverses healthcare) — and set up alerts to make sure that if anything gets used in an unauthorized manner, the individual is alerted. In a way, said Abdelkader, it’s a level of scrutiny and monitoring that typically is done for credit cards — but at a person-by-person level.

“Long term, consumers will have visibility in how their data are being used,” he said.

The Clearing House Effect

Performance improvements, he said, “can be unlocked faster without having to worry about all the checkboxes and undifferentiated heavy lifting that they would have to do to unlock value.”

“We’re like a data clearinghouse,” he told Webster, “clearing the value of the data so that users can exchange it with another third party without violating the privacy or security of that data itself.”