October 6, 2021
No items found.
with the contribution of
You Might Also Be Interested In:
Related articles
No items found.
with the contribution of

Introducing the Fintech Data Privacy Vault

We’re excited to announce today the general availability of Skyflow Fintech Data Privacy Vault for PII and PCI data privacy. Delivered as a simple API with support for card issuance, card acceptance, money movement, customer onboarding, and customer data management, it can serve as the data privacy infrastructure for the most important fintech apps and workflows. Leading fintechs are already using the Fintech Data Privacy Vault to get to market faster while ensuring privacy, security, and compliance for sensitive customer data.

With new features, SDKs, and ecosystem integrations, the Fintech Data Privacy Vault is designed to meet the needs of fintechs of all stages and types. 

  • Card issuers want to be able to integrate with issuer-processors and issue debit and prepaid cards to their customers without directly touching any sensitive data. 
  • Merchants want to be able to securely collect PCI data on their front-end and directly integrate with processors to process payments, without handling any PCI data. 
  • Money movement providers want a secure way to store bank and card data and execute money movement workflows between multiple parties. 
  • Other fintechs want to securely and selectively share sensitive data with their partners while maintaining control of the data, letting them provide innovative services to customers while protecting data privacy. 

The new vault vastly expands the capabilities of its predecessor, Skyflow’s Payments Vault (all current Payments Vault customers will automatically be upgraded to the Fintech Data Privacy Vault).

Key Features of the Fintech Data Privacy Vault

The new vault was designed for financial data, with fast PCI compliance (including third-party certification) and use case-specific data schemas built in from the start. Other key features include: 

  • New client-side SDKs for iOS, Android, and JavaScript make it easy to securely collect and tokenize sensitive data from within mobile or web apps. These SDKs give you full control over the customer experience, so you can isolate your environment from sensitive data while controlling the customer experience. For example, you can use Skyflow Elements to securely reveal the primary account number (PAN), expiration date, and CVV of the newly issued card to the end user without exposing your front-end to any PCI data.
  • Pre-built integrations to key fintech ecosystem service providers and integration points, including Alloy, Experian, Moov, Mulesoft, Paystand, Plaid, Stripe, and Visa, all without directly handling any PII, PCI, or bank data. If you need more integrations, you can easily build your own custom integrations with Skyflow Connections. 
  • Skyflow Connections are simple way for developers to build their own custom connections to any internal or external service they need, including KYC and identity verification services, credit bureaus, card networks, and more. This means you can directly integrate and process payments with any payment processor, integrate and communicate with any third-party money movement API, integrate with any issuer-processor and their third-party API. Skyflow Connections lets you do all of this, and more, without directly handling any PII, PCI, or bank data. 

In addition, Skyflow’s unique governance engine allows fine-grained data access controls, so data can be used in carefully controlled and fully auditable ways. Skyflow’s global deployability and isolated VPC data architecture make meeting data residency requirements and compliance with laws like GDPR straightforward and efficient.

Support for Key Fintech Use Cases

Everything in the vault is designed with one or more fintech use cases or workflows in mind. You can learn more about the capabilities of the Fintech Data Privacy Vault by reading how it supports use cases and workflows like card acceptance, card issuance, customer data management, customer onboarding, and money movement.

Skyflow for Card Acceptance

Merchants and payment acceptors are increasingly looking to reduce their reliance on a single payment processor and avoid vendor lock-in. We’ve spoken with a number of companies who have stored their PCI data with a processor and then had to suddenly migrate their PCI data after the processor increased their fees or discontinued services. These projects are time-consuming, highly sensitive, and can cause a major disruption of service. To help payment acceptors reduce their PCI compliance burden, avoid vendor lock-in, and avoid costly migration projects, we’ve built the Skyflow for secure card acceptance solution. 

Skyflow lets fintech companies securely collect PCI data without exposing their front-end systems to any sensitive data, while letting them directly integrate and process payments with any payment processor. Most importantly, fintech companies can use the vault as a processor-agnostic third-party zero trust storage to securely store PCI data and avoid being locked into working with a single payment processor.

Skyflow for Card Issuance

Companies such as Marqeta, i2c, Visa, and others make it easier than ever for fintech firms to quickly spin up a card issuance program. One of the main challenges that fintech companies face when launching a new card issuance program is protecting sensitive PII and PCI data while still launching in a timely fashion. At Skyflow, we’ve been working closely with card issuers to provide the data security and privacy infrastructure they need to launch their programs faster than ever — by completely isolating their environment from any PCI data.

Skyflow for card issuance is a comprehensive solution that lets card issuers reduce PCI compliance scope, integrate with third party APIs, and accelerate their go-to-market plans. Skyflow’s client-side SDKs and Elements help to securely collect sensitive data, Skyflow Connections helps to integrate securely with any issuer-processor and third parties, and our unique zero trust vault architecture allows you to store and use sensitive data while always preserving privacy. 

Skyflow for Customer Data Management

Fintech companies don’t just collect sensitive data for one-time use. Customers need to update their bank account information, request new cards, update PII, and more. Additionally, a fintech company's various internal teams need access to PII for their workflows; for example, customer service reps need to update existing customer profiles, fraud teams need to access PII to check for potential fraud, and analytics teams may need access to data to uncover customer insights and growth opportunities. To accomplish this typically requires stitching together several different tools, which is expensive and difficult, can introduce new risks, and distracts product and engineering teams from delivering core features.

Skyflow’s support for customer data management solves these problems by providing fintech companies and their internal teams the capability to securely collect, update, and share PII and PCI data. With the robust governance engine and secure storage that Skyflow provides, teams can now define what data they share, with whom, and in what format — all from a single unified solution. So now it’s easy to share data with discretion: the customer support team has a masked version of a PII data set, the fraud detection team has a full plain-text version of that data set, and the analytics team can run queries on a redacted version of that data set. With Skyflow’s Fintech Data Privacy Vault, all of this is delivered through a simple API. 

Skyflow for Customer Onboarding

A key workflow for most fintech companies is the user onboarding process. As part of the onboarding process, they typically need to collect highly sensitive information and share that information with their partners for KYC verification, credit scoring, fraud checks, and more. To help them securely collect and share this data with their partners, we’re excited to introduce support for customer onboarding. 

A core part of this solution is that fintech companies can integrate with any third-party API to securely share sensitive data without directly handling it. To make this easy, we’ve pre-built a number of the most commonly needed integrations (Alloy, Experian, and Plaid), and we’ve also created Skyflow Connections, a framework and toolset for easily building custom integrations. Our goal is to provide you with the data privacy and security infrastructure to protect your data and the flexibility to easily build it into your workflows so you can focus on delivering a great customer experience.

Skyflow for Money Movement

Many fintech companies have introduced money movement features into their offering to facilitate peer-to-peer transactions, fund accounts, and even process payments. Typically, they accomplish this by collecting bank data — account numbers and routing numbers. To help them protect this highly sensitive data, we’re introducing robust new support for money movement. 

Fintech companies can use Skyflow’s money movement solution to securely collect bank data, facilitate money movement transactions, and store and use this information while always preserving privacy.