Good Contents Are Everywhere, But Here, We Deliver The Best of The Best.Please Hold on!
Your address will show here +12 34 56 78

“A great overview by Gigster CEO Chris Keene on how the gig economy is transforming work in the enterprise by making it more customer-centric and high performance. Don’t miss the stories of companies actually doing this.”  Dion Hintchcliffe, Vice President and Principal Analyst, Constellation Research

As software continues to eat the world, companies must find ways to build more innovative teams. For these companies, The Future of Work is here today. How companies reshape the way they engage digital talent will have a huge impact on their ability to innovate. Here are six ways digital leaders are creating The Future of Work now.

  1. Remote workers and work from home teams are the new normal

The best talent is not always located where you are. Even within a company, silos can prevent the right people from working on the most critical innovation projects. Making it possible for team members to work remotely is the only way to liberate talent across the company. This is also the only way to source critical skill gaps that are not available inside the company, like AI/ML engineers. Supporting distributed teams calls for adopting a common set of processes and collaboration tools, including Slack, Github and Jira.

  1. Hybrid teams beat monoculture teams

Innovation requires a diverse mix of talent. The most innovative teams blend in-house employees who have industry context with expert global talent who have advanced technical skills. This is the opposite of the traditional systems integration model that outsources innovation. Hybrid teams also have the value of helping companies build in-house skills by working side by side with expert freelance talent. 

  1. Elastic Staffing beats fixed staffing

Many companies adopt agile team processes but staff teams inefficiently — they follow a fixed staffing model that allocates each role as a full-time position for the duration of a project.  This is only half agile. Because it makes experimentation too expensive to try, and reduces employee mobility and satisfaction. Compare this to Elastic Staffing, which allocates resources based on the workload for each project phase. For example, developers can join a project after the detailed design is complete, and technical architects may only be needed part time. Elastic Staffing can reduce the total hours to deliver innovative products by over 50%. 

  1. Employees want to be treated more like freelancers

Top employees want the freedom and flexibility to choose how they work and what they work on. This doesn’t have to require radical organizational changes. For example, applying the Google 20% rule, where workers can choose their own projects 20% of the time, can boost morale and build skills. This lets more senior employees peer review deliverables from other projects to reduce risk. It also helps more junior employees grow by being exposed to new business and technology challenges.

  1. Freelancers want to be treated more like employees

Top freelancers want stability and work benefits without sacrificing their flexibility. Companies that learn how to work effectively with freelancers will have their pick of the best global talent. This includes setting up projects for success with distributed teams, incorporating advanced technologies, and providing predictability for freelancers that helps them  plan effectively. In California, laws like AB5 are beginning to mandate providing more benefits for freelance workers, and putting them more on par with the benefits that full-time employees receive.

  1. Automated team and talent assessments are here

Technology will ultimately reshape jobs, but today, technology is reshaping talent ratings. Every collaborative tool – from Slack, to Jira, to Github – has open APIs that can automatically collect data about the productivity and quality of work being produced by people and teams. Tools like Pinpoint can collect this data. Applying analytics to this data enables the creation of “karma scores” by person and by team, to provide objective and trusted evaluation of skills.

Examples of The Future of Work today

A global telco created hybrid teams that mix in-house staff with top global experts to accelerate their machine learning and predictive analytics initiatives. They manage these distributed teams following Silicon Valley best practices and have been able to deliver new applications that leverage AI up to twice as fast as traditional in-house development teams.

One of the world’s largest digital agencies created an entirely new digital transformation business unit using hybrid teams that blend employees and global freelance talent. This approach enabled them to onboard over 100 engineers in less than six months, with minimal recruiting costs.


The Future of Work describes a cultural shift that companies must adopt to grow their innovation capacity. The pace of those changes is accelerating as more companies adopt new work from home rules that support remote workers. Companies that embrace a Silicon Valley-style culture of innovation can become more customer-centered, more able to tap new talent pools, and to dramatically reduce risk.

This article is originally posted on


Culture affects every aspect of your company, from the public’s perception of your brand to your employees’ job satisfaction to your bottom line. Because there’s so much at stake, it’s important that your corporate culture is adaptable and open to improvement – which starts with being able to articulate just what kind of culture your company has.

While no two cultures are exactly alike (the nuances are too great!), there are defining characteristics that tend to place organizational cultures into one of five categories, or types, which we’ve outlined below. Often, the industry of a company will dictate its culture to some degree, but that doesn’t mean your culture can’t be changed. Thankfully, culture is not static, but rather evolving.

So which of these five corporate culture types sums up your company best? Or do you have some elements of each? While no one culture is the best or worst of the bunch – each has its pros and cons – there’s something to learn from companies that fall under any of these categories.

1. Team-first Corporate Culture

aka “the comrade”

Team-oriented companies hire for culture fit first, skills and experience second.

A company with a team-first corporate culture makes employees’ happiness its top priority. Frequent team outings, opportunities to provide meaningful feedback, and flexibility to accommodate employees’ family lives are common markers of a team-first culture. Netflix is a great example – their recent decision to offer unlimited family leave gives employees the autonomy to decide what’s right for them.

Team-oriented companies hire for culture fit first, skills and experience second. Why? Because they know happy employees make for happier customers. It’s a great culture for any customer service-focused company to embody, because employees are more likely to be satisfied with their work and eager to show their gratitude by going the extra mile for customers.

Zappos is famous for its fun and nurturing culture, as well as its stellar customer service. As their CEO once famously said, “Zappos is a customer service company that just happens to sell shoes.” And the way they keep employees satisfied with their job is by not only letting them express themselves with whacky desk decor (which everyone loves), but by giving employees the autonomy to help customers the way they see fit, rather than following strict guidelines and scripts. Customers appreciate the straightforward, personable service.

Possible pitfalls: The larger the company, the more difficult it is to maintain this type of culture. That’s why having a team member dedicated to cultivating culture is a great strategy for any company.

You may have a team-first culture if:

  • Employees are friends with people in other departments
  • Your team regularly socializes outside of work
  • You receive thoughtful feedback from employees in surveys
  • People take pride in their workstations

2. Elite Corporate Culture

aka “the athlete”

Companies with elite cultures are often out to change the world by untested means.

An elite corporate culture hires only the best because it’s always pushing the envelope and needs employees to not merely keep up, but lead the way (think Google). Innovative and sometimes daring, companies with an elite culture hire confident, capable, competitive candidates. The result? Fast growth and making big splashes in the market.

Companies with elite cultures are often out to change the world by untested means. Their customers are often other businesses that need their products to remain relevant and capable in a new environment—one often of the elite-cultured company’s creation. (That’s how trailblazing we’re talking.)

SpaceX is a high-profile example of an innovative (and relatively young) company doing big things in aerospace manufacturing and space transport. Employees report feeling elated to literally launch rockets, but expectations are extremely high and 60 to 70-hour work weeks are the norm. Still, knowing that they’re doing meaningful, history-making work keeps most employees motivated.

Possible pitfalls: Such intensity can lead to competition between employees and people feeling pressure to always be on. Perks like team outings, peer recognition programs and health initiatives can combat this.

You may have an elite culture if:

  • Employees aren’t afraid to question things that could be improved
  • Employees make work their top priority, often working long hours
  • Your top talent moves up the ranks quickly
  • You have many highly qualified job applicants to choose from

3. Horizontal Corporate Culture

aka “the free spirit”

Titles don’t mean much in horizontal cultures.

Horizontal corporate culture is common among startups because it makes for a collaborative, everyone-pitch-in mindset. These typically younger companies have a product or service they’re striving to provide, yet are more flexible and able to change based on market research or customer feedback. Though a smaller team size might limit their customer service capabilities, they do whatever they can to keep the customer happy—their success depends on it.

Titles don’t mean much in horizontal cultures, where communication between the CEO and office assistant typically happens through conversations across their desks to one another rather than email or memos. This is the experimental phase, where risks are necessary and every hire must count.

Basecamp is the perfect example of a successful company that maintains a startup-like mindset. Originally founded as 37Signals, Basecamp announced last year that it would focus exclusively on its most popular product and maintain its relative small size rather than grow into something much bigger and broader.

Possible pitfalls: Horizontal cultures can suffer from a lack of direction and accountability. Try to encourage collaboration while still maintaining clearly defined goals and a knowledge of who’s primarily responsible for what. Horizontal structure shouldn’t mean no structure.

You may have a horizontal culture if:

  • Teammates discuss new product ideas in the break room
  • Everybody does a little bit of everything
  • The CEO makes his or her own coffee
  • You still have to prove your product’s worth to critics

4. Conventional Corporate Culture

aka “the traditionalist”

Traditional companies have clearly defined hierarchies and are still grappling with the learning curve for communicating through new mediums.

Companies where a tie and/or slacks are expected are, most likely, of the conventional sort. In fact, any dress code at all is indicative of a more traditional culture, as are a numbers-focused approach and risk-averse decision making. Your local bank or car dealership likely embodies these traits. The customer, while crucial, is not necessarily always right—the bottom line takes precedence.

But in recent years, these companies have seen a major shift in how they operate. That’s a direct result of the digital age, which has brought about new forms of communication through social media and software as a service (SaaS). Today, traditional companies still have clearly defined hierarchies, yet many are grappling with the learning curve for communicating through new mediums that can blur those lines. Facing this challenge can be a big opportunity for learning and growth, as long as it’s not resisted by management. While new office technology is often low on management’s list of concerns, more traditional companies are starting to experiment with it as more millennials enter higher-up positions.

Founded in 1892, GE is about as traditional as they come and is well-known for its cut-and-dry management practices. Just recently, however, it eliminated its traditional performance review in favor of more frequent conversations between management and employees and is even launching an app to help facilitate feedback. It’s the perfect example of an old-school company embracing technology and change.

Possible pitfalls: This very cut-and-dry approach leaves little room for inspiration or experimentation, which can result in a lack of passion or resentment from employees for being micromanaged. Getting employees to understand the company’s larger mission—and putting more trust in employees to work toward it—can combat that.

You may have a conventional culture if:

  • There are strict guidelines for most departments and roles
  • People in different departments generally don’t interact
  • Major decisions are left up to the CEO
  • Your company corners the market

5. Progressive Corporate Culture

aka “the nomad”

Uncertainty is the definitive trait of a transitional culture, because employees often don’t know what to expect next.

Mergers, acquisitions or sudden changes in the market can all contribute to a progressive culture. Uncertainty is the definitive trait of a progressive culture, because employees often don’t know what to expect next (see almost every newspaper or magazine ever). “Customers” are often separate from the company’s audience, because these companies usually have investors or advertisers to answer to.

But it’s not all doom and gloom. A major transition can also be a great chance to get clear on the company’s shifted goals or mission and answer employees’ most pressing questions. Managing expectations and addressing rumors that pop up through constant communication are the best things a company can do to prevent employees from fleeing or cowering. Change can be scary, but it can also be good, and smart employees know this. They embrace change and see it as an opportunity to make improvements and try out new ideas. And hopefully, they rally their colleagues to get on board.

LinkedIn’s $1.5 billion acquisition of is one recent example of companies in transition. Ultimately, it’s a match that makes sense—the companies’ goals are in alignment with one another, and LinkedIn’s users benefit from the partnership. LinkedIn still has a lot to prove to its stockholders (their shares fell after the company attributed its annual revenue forecast to the acquisition), and it recently reorganized its sales team and changed its advertising methods. But by being straightforward and showing how these changes will ultimately lead to greater benefits, both LinkedIn and can thrive.

Possible pitfalls: Progressive culture can instill fear in employees for obvious reasons. Any change in management or ownership—even if it’s a good thing for the company—isn’t always seen as a good thing. Communication is crucial in easing these fears. It’s also a good opportunity to hear feedback and concerns from employees and keep top talent engaged.

You may have a progressive culture if:

  • Employees talk openly about the competition and possible buyouts
  • Your company has a high turnover rate
  • Most of your funds come from advertisers, grants or donations
  • Changes in the market are impacting your revenue

So which type of corporate culture does your company identify with most? Or does it have characteristics from a couple different types? Either way, taking the elements of each that work best for your company are a good bet, and if something doesn’t align with your company’s goals, leave it. Your culture isn’t merely passive, and with effort, it can be modified to suit your team.

Check out our 37 Company Culture Quotes for some more inspiration for your organization.

This article was originally published at

Get noticed with the right digital signage content creation tools

Digital signage content can help you get your message out, but it only has an impact on your business and team if it’s relevant and compelling. Luckily, turning your content strategy into memorable visuals that get noticed doesn’t have to cost a lot or take hours of time.

Want to know the secret to creating great content, even if you don’t have a graphic designer on staff? Use the right tools. That’s why our list of 27 digital signage content creation tools is a must-have for anyone managing screen content. 

Types of Signage Content

You probably already have some of these content tools, but have never thought of using them for screen content. Others are free and low-cost applications that take the headache out of creating original content like videos, graphics, web pages, analytics and social media. And others help you repurpose the content you use elsewhere to share it in a screen-friendly format.

TV screens showing a variety of digital signage content creation tactics

Static & Dynamic Brand Content

Whether you start from scratch, use templates included with your software, or prefer online image and video editing tools, it’s easy to create a sign that captures your message. Static content like graphics and videos do not change after they are uploaded to your displays. Dynamic content automatically changes based on factors like time, weather and location.

Curated & Aggregated Content

Creating new content exclusively for a TV screen doesn’t have to be time-consuming. And yet, communicators know that curating existing content leads to a higher return on investment. The latest digital signage integrations make it easy to display content from social media feeds, websites and more.

Interactive & User-Generated Content

Screen content should capture the attention of your audience. So why not involve them in the content creation process? Interactive content changes based on user input to deliver highly relevant messaging. User-generated content is created and submitted by your audience.

Image Creation & Editing Tools

Turn any idea into an attractive sign with tools that can tweak images, add text and more.

1. Canva

Screen shot of Canva's content creation tool
Export your Canva designs to share them on TV screens around your business.

Canva is an intuitive web-based tool that you can use to design for all of your marketing needs. Part of the reason it’s so popular is that anyone can use it. Use our Canva Tutorial to get started with ads, flyers and social media posts. Depending on the size and orientation of your TV screens, you can set the aspect ratios to fit 1920×1080 for landscape and 1080×1920 for portrait.

2. VSCO for iPhone and Android

Screen shot of VSCO photo editor
Use VSCO to edit photos for your displays.

VSCO is a powerful mobile app you can use to easily edit photos for professional quality images. The filters in VSCO are much more natural than other editing apps which makes them perfect for digital signage content creation and give you more control over the manipulation of your photos. Export your edited photo from VSCO to upload it to your digital signage platform.

3. Adobe Photoshop

Whether you take your own photos, hire a professional, or use stock images, you’ll want to make sure they look right for your brand. Photoshop is an advanced tool that will let you do everything from remove objects in a photo, to change out the background color of an image.

If you don’t already have this program and you want to invest in it, you can purchase the Adobe Creative Cloud photography plan for $9.99 a month. With Photoshop, you can export your work in any number of signage-friendly formats.

4. Pixlr

Pixlr is a free web-based platform that offers similar features to Photoshop. You can download the mobile app to directly edit photos you take for your digital signage. 

5. Place It

Place It website image of mockups that can be used for digital signage content creation
Try Place It for easy mockup creation

Showing potential customers what it will look like when they use your product helps them envision its use and is an effective psychological marketing tactic. Place It, a stock image platform that allows you to easily drop your business images into devices like iPads, iPhones, and Mac screens in stock images, lets you do just that. Export your images and use them in your digital signage.

Bonus Tool: Stock Photo Sites

An Unsplash free stock photography collection
Find beautiful images on Unsplash, a free stock photography site

Sourcing photos can require extra time, but using stock photos is an affordable (or even free) alternative to taking your own or hiring a professional. When you purchase a stock image, you gain the license rights to original professional photography. You can also take advantage of straightforward free Creative Commons licensing. Just be sure to check the attribution terms.

Paid stock image websites:

Free stock image websites:

Presentation & Chart Tools

6. Powerpoint

Screenshot of Powerpoint software used for digital signage content creation
Try Powerpoint if you’re already familiar with the software

If you prefer the simplicity of classic Microsoft tools, Powerpoint will let you create designs in a setting you’re most likely familiar with. Export a single static slide as a JPEG or PNG. To show off text transitions and embedded content, export your slides as video files.

7. Google Slides

Google’s free cloud-based presentation maker is an easy way to create content. For example, build digital menu boards, graphics to announce special promotions, or signs that celebrate a team member who has gone above and aboard. With the same functionality as Powerpoint, you can download the slides from Google Slides to share them on your TV screens.

8. Prezi

Prezi dynamic presentation template
Move seamlessly from one presentation element to the next with Prezi

You can get much more creative with Prezi, an alternative tool to Powerpoint and Google Slides. Working in one large canvas in Prezi allows you to pan and zoom. Zoom in on each detail and add emphasis to points in your presentation. 

When you’re finished designing, share your Prezi masterpiece via a link that can be uploaded to your digital signage.

9. Venngage

Venngage homepage with sign up button to create signage infographics
Visualize your data with Venngage

Venngage is a popular option that helps anyone visualize and share their data in a beautiful way. With a built-in brand kit, it’s even easy to make sure all your designs are consistent. The free option gives you access to many of the tool’s key features, but if you want to change the size of your design or other advanced options, you’ll need to upgrade to a paid plan.

10. Visme

Visme homepage, a solution for digital signage content creation
Turn your data into presentations with Visme

Similar to Venngage, Visme offers a solution for transforming data into compelling presentations. According to the product’s documentation it distinguishes itself from the competition with even more templates and advanced features like animation.

11. Google Drawings

A free Chrome add-on, Google Drawings makes it easy to create charts and diagrams to display on your digital signage. You can use these in conjunction with any data tools you use to communicate metrics to your employees. Plus, the flow charts and graphs can be easily inserted into other documents or embedded into a website.

12. Piktochart

Piktochart social media infographic maker
Create attractive infographics with Piktochart

Piktochart makes it easy for content creators with limited design skills to create compelling infographics, charts, maps and more from their data. To get started all you need to do is upload your data, then choose from the many customization options. Export your design to share your final product.

Video Creation & Editing Tools

Video is a powerful format for digital signage, but creating it doesn’t have to be complicated. These tools will let you edit and export videos for upload to your digital signage platform.

13. iMovie/Windows Movie Maker

Whether you have a Mac or a PC, your computer likely came equipped with a video editing tool that you can use to make simple videos. Add text, logos and even retouch the color on your footage with these tools. 

14. WeVideo

WeVideo online video editor homepage
Collaborate with your team on video projects using WeVideo

WeVideo is a cloud-based software that lets you collaborate with your team on video projects. You can shoot, upload and edit videos from anywhere and your entire team can access the files during all stages of your project.

15. Magisto

Magisto video template library
Use Magisto’s video templates and more for easy video content creation

If video editing seems like too much work, think about using a tool like Magisto. All you have to do is upload your footage. Magisto’s software then runs a visual analysis to detect facial expressions, speech, and camera motion. After automatically sourcing all of the engaging points in your footage, Magisto asks you to choose an editing style and automatically brings your brand story to life.

16. Biteable

Biteable video maker interface
Search Biteable’s library of stock footage and music to bring your content idea to life

If you don’t know where to start, Biteable puts a variety of video templates organized by use case at your fingertips. From colors to text, there are tons of customization options that are easy to navigate in a step-by-step builder. Plus, Biteable includes a library of stock footage and music so you don’t have to leave the app to find the right elements for your video.

17. DaVinci Resolve

Da Vinci Resolve 16 software download page
Use DaVinci Resolve 16 for motion graphics and advanced features

If you’re looking for a video tool that’s more powerful, check out DaVinci Resolve. This non-linear editing (NLE) software lets you edit video offline, so the original content isn’t modified. While there’s a bit of learning curve with some advanced features, overall the interface for editing functions is very intuitive. And it’s rare to find such powerful editing software that offers free versions for Mac, Windows and Linux.

Live & Dynamic Content Feeds

Signage apps offer powerful integrations that make almost any digital signage idea a possibility.

18. Social Media Aggregators

Instagram post on TV screen in hotel lobby
Repurpose your Instagram and other social media posts as digital signage content

Social media is free word-of-mouth marketing for your brand. Better yet, it’s content that always stays up to date. Use a social media aggregator like Tint or Enplug’s Social Media Collage App to show the latest social media posts on displays in your offices or stores. 

19. Web pages

Screenshot of Live Coin Watch Cryptocurrency Tracker
Share anything from Salesforce data to a cryptocurrency tracker with web page apps

Many digital signage solutions can display web pages in fullscreen. Think bigger than just displaying your homepage: You can use web pages as an exciting alternative to static digital signage graphics. Display a website to pull in real-time waitlists, polls, spreadsheets and dashboards. 

20. Live Streaming

If your digital signage platform includes a live-streaming functionality, you can show live video on your displays. This is a great way to broadcast important events, share announcements, or show feeds from conferences or sermons. 

21. Analytics & Dashboards

Two coworkers looking at a business dashboard on a digital display
Share real-time metrics and information with your employees

As more companies become data-driven, digital signage is a powerful tool HR directors and business managers can use to increase productivity and motivation. Use a native app or web url to display content like key performance metrics, Google Analytics and Salesforce data to keep your team informed and focused on goals.

Bonus Tool: Dashboards

  • Geckoboard: connects to all your data sources (e.g. Salesforce, Zendesk, Basecamp, Excel) and displays your most important metrics. See our tutorial on how to do this here.
  • Google Sheets: use the free Google Sheets as a digital signage content creation tool for graphs of your most important data and metrics. See how you can create automatically updated graphs like this here.

22. News Feeds

Enplug's Newsfeed app for technology news
Curate news that’s relevant to your business

Keep your customers engaged and your employees informed on breaking news. Source relevant industry blogs like Wired, The Wall Street Journal or ESPN and stream their RSS feeds to your displays.

Use an RSS-to-HTML tool to show the latest news as a web page and stream it to your screens, or use Enplug’s built-in News App.

23. Weather

Enplug's Weather App for digital signage
Weather content not only can be automated but also is useful to your audience

Nothing beats weather for a conversation starter. It’s also content that as we your employees and guests check at least once a day. Display the current forecast from anywhere in the world and give your guests a look into next week’s conditions as well.

Many digital signage solutions like Enplug offer a built-in Weather app or scrolling weather feed. You can also use a web url to display a weather website for your location.

Interactive & User-Generated Content Tools

24. Dynamic Interactive Videos

Wirewax’s YouTube page has exciting examples of interactive video content

Although these require a touch screen enabled display and compatible software, interactive videos are popular marketing tools. Give the viewer control over what happens in the video and show how the action unfolds from their perspective. It’s an innovative way to engage your audience with your brand storyline while showing off your products. 

Bonus Tool: Interactive Video

25. Polls

Poll your employees on workplace preferences or your customers on their favorite products. Sharing polls with your audience demonstrates that their opinions matter to you and offers specific insight into what your customers need or like most about your business.

Bonus Tool: Polling Platforms

  • Twitter: Twitter’s native polling capability lets you get started composing polls right away.
  • Poll Everywhere: A more extensive tool that offers features like “text to vote”

26. Review Sites

Enplug's TripAdvisor App
Share TripAdvisor reviews to convert more customers

You likely work hard to manage positive reviews for your business. Get more from that investment by sharing accolades on digital signage throughout your workplace. Highlighting positive reviews can encourage customers to buy more in store and also show your employees that their hard work is paying off.

Share review site content through a web page display or a direct integration with one of the more popular review sites. For example, Enplug has apps for Yelp and TripAdvisor. While either method works, apps will give you the advantage of being able to pre-approve only those review you want to highlight.

Customizable Templates

You don’t want to wait to get the most use out of your digital signage investment. That’s why more and more software providers are including content that their customers can use from day one.

27. Templates

An employee work anniversary template from Enplug's Templates App
Enplug’s Templates App makes it easy to automate employee recognition content

Templates are professional designs with text and colors that can be customized to your business. Common use cases include employee recognition announcements, holiday announcements and sales promotions.

In most cases, digital signage providers offer either templates that can be downloaded, customized and then re-uploaded to a platform or an interface that allows users to customize signs without ever leaving the platform. With Enplug’s Templates App you can even upload a spreadsheet of names and dates to automatically trigger sign customization.

Conclusion: Make your content creation ideas reality!

As you outline your content strategy, get inspired by the many options you have to entertain shoppers, set the environment for your office, inform your guests, and drive sales.  Consider the digital signage content creation tools we’ve included above to get started creating both static and dynamic options for your digital signage solution.
This article was originally published at


The fintech sector has brought consumers an endless stream of modern offerings that have enabled them to ditch several outdated banking and lending products.

Companies now have advanced B2B payment solutions at their fingertips, and online financial solutions have never been more convenient – largely thanks to the progress made by fintech startups.

But, despite being on the cutting edge of digital financial products, young fintech companies are at a disadvantage in a wildly important arena: data security.

Table of Contents

What is Data Security?

The Importance of Cyber Security in Fintech

Data Security Challenges Faced by Fintech Startups

Modern Fintech Data Security: Trends and New Innovations

With limited resources, growing compliance regulations around the world, and a constantly-evolving list of increasingly dangerous cyber threats, fintech startups face a uniquely difficult uphill battle.

And, with data breaches continuing to leer as an ever-present security threat, fintech firms are turning to new and advanced approaches to data privacy.

But, first, what do we mean when we talk about data security for startups?

What is Data Security?

Data security is the process of protecting digital assets – like information stored in a database – from unauthorized access by unapproved actors.

When we refer to data security, we’re simply talking about the set of standards and technologies that protect your business’ data. These days, data security is a fundamental aspect of IT at any modern organization.

From encryption and tokenization to cloud storage, data security technologies run a wide spectrum – and a number of advances have been made in recent years. This progress has been in response to, though not quite as speedy as, the growing sophistication of large-scale cybersecurity threats – like data breaches.

In the healthcare sector, for example, Black Book Market Research found that 96% of healthcare IT professionals agreed that data security attackers are outpacing their medical enterprises.

Healthcare data breaches will cost the industry $4 billion by the end of the year. Next year, by Black Book’s estimates, will be even worse.

And that’s just the healthcare sector.

Organizations from all industries are vulnerable to data breaches – especially in the age of ID verification, endless online payment methods and 1-click purchasing.

Even multinational tech giants have fallen prey, in extremely public ways. Yahoo just reached a $117.5 million class-action settlement with the victims of its infamous 2016 data breach.

That announcement came on the heels of a $700 million settlement that Equifax reached to deal with the aftermath of a 2017 data leak that exposed the Social Security numbers of almost 150 million consumers.

We could keep going down the list – data breaches happen, and they happen to organizations with ample resources invested in information security.

What about smaller organizations?

The Importance of Cyber Security in Fintech

Financial technology companies have revolutionized the way that consumers bank, how startups reach their customers and how businesses all over the world can run more smoothly.

Fintech investments took off in the past five years – providing us with simple alternatives to slow, conventional financial solutions.

Advances in the industry has brought us instant P2P payments, purely-online banking, seamless B2B solutions, innovative lending approaches and products that many businesses and consumers can’t even imagine living without at this point.

But the global fintech ecosystem’s consistent growth, potency and complexity make it inescapable that some solutions won’t be secure enough to guard against sensitive data exposure. It’s likely that these vulnerabilities will keep getting identified by attackers, then exploited.

This is a harsh reality that modern businesses are realizing – and starting to invest against.

We can see this when we look at application security spending. Businesses are pouring money into protecting their applications and the data flowing through them.

According to Market Research Future (MRFR), the worldwide application security market is expected to reach a staggering $9.64 billion by 2023 – up from just $2.56 billion in 2017. That’s an annual growth rate (CAGR) of 24.95%.

Within this market, SMEs are estimated to be the fastest growing investors in application security, when broken down by type of organization.

Unfortunately, when it comes to data privacy and protecting sensitive information, fintech startups face a unique set of challenges that make growing their core business an even more difficult endeavor than it already is.

Data Security Challenges Faced by Fintech Startups

In the world of securing sensitive data and avoiding data breaches, younger organizations in the fintech space have it especially hard.

Why is that so?

  1. Reliance on sensitive user information

These days, fintech and data analytics go hand-in-hand. From robo advisors to AI-powered saving apps, data-driven technologies have been at the heart of the fintech revolution.

With fintech products deeply intertwined in modern retail banking, asset and wealth management, capital markets and insurance, organizations in this space are inevitably going to have to handle and store sensitive information from your users.

From ID verification to processing credit card payments, large volumes of sensitive data will make its way onto the databases of fintech organizations. The mere possession of such sensitive consumer information puts them both at risk of sensitive data exposure and places them within the scope of any number of data privacy laws.

  1. New, updating and evolving data privacy laws

The nature of how fintech startups do business make it so that a lot of sensitive data hits their systems, which attracts the interest of government regulators – who are increasingly focused on protecting consumer data.

In the last few years, governmental regulatory institutions around the globe have started to take greater steps in protecting the rights of consumers when it comes to their personal information.

From Europe’s General Data Protection Regulation (GDPR), effective since 2018, to the soon-to-be-implemented California Consumer Protection Act (CCPA), businesses are suddenly needing to juggle compliance certifications for new regulatory frameworks.

Not only that, but fintech companies that accept or process credit card transactions have already been saddled with the burden of needing to maintain compliance with PCI DSS – a set of requirements that are aimed at preventing credit card fraud.

  1. Limited resources for securing personal data

To successfully prevent data breaches and – simultaneously – meet the complex requirements set forth by legal frameworks like the GDPR, the CCPA and PCI DSS, you’re going to need a team of information security experts and compliance specialists that can create data flow maps, secure your networks and sensitive data storage solutions, ensure that you’re meeting regularly compliance rules… the list goes on.

Conglomerates have the resources to put towards a large-scale data security effort, but fintech startups have much less at their disposal.

  1. Increasingly sophisticated cyber threats

As mentioned above, even some of the most widely-recognized tech brands have suffered from data breaches. From increasingly sneaky malware to highly-targeted phishing attacks, which skyrocketed 250% higher last year, there are simply too many ways for threat actors to gain access.

It just takes one team member on the wrong end of a phishing campaign to trigger a sensitive data exposure event – which can ruin a startup-stage business overnight.

And it’s not just unauthorized malicious actors that fintech startups need to be worried about, as there are threats coming from all angles – even some unexpected ones.

According to Verizon’s Insider Threat Report, 57% of database breaches involved some kind of insider threat from within an organization. Add that to the possibility of accidental sensitive data sharing and ransomware attacks, and covering all your bases becomes a costly and complex endeavor.

Modern Fintech Data Security: Trends and New Innovations

Thankfully, advances in the realm of data security have sprung up in recent years, helping relieve much of this pressure faced by fintech startups that need to secure their sensitive data.

From tokenization to data encryption, fintechs have employed a number of tried-and-true data security methods. Even with innovative approaches like these, however, data breaches are still a probable threat.

If sensitive data is stored in your database, there is a chance it will be exposed, and there are several avenues through which this could happen.

Fortunately, VGS has been securing fintech startups’ sensitive data for years using a next-generation data security approach that enables businesses to evade storing sensitive information on their systems altogether – while still enabling businesses to reap all the benefits of the original data.

This approach is called data aliasing, which is a technique that redacts sensitive information in real-time and replaces it with a synthetic data alias, enabling organizations to offload their data security responsibilities entirely by keeping the original data off their systems.

Businesses simply put their data security burden in the hands of VGS, which takes care of all sensitive data collection, storage and transfer on their behalf.

With their systems significantly freed from sensitive data, businesses’ data security and compliance scope is drastically minimized – enabling them to spend time focusing on innovating their products instead of designing a complex data privacy policy.


This article was originally posted on Very Good Security.

Here’s a question for you. Between this morning and right now, how many times did your computer or phone chime at you to let you know you just got another email?

Chances are, your number is somewhere around a dozen or more.

Many advisors think that keeping those alerts turned on is no big deal. After all, who would want to miss a critical, time-sensitive message? What if a journalist on a deadline wanted to get a quote from you? Or what if a client had an urgent question about his portfolio?

And so, “new message” alerts continue to ping throughout the day. Some of those emails are informative. Others are fun. Many are a complete waste of time. But here’s what unites them all: they kill your productivity.

Two reasons to stop email notifications from ruining your day

There are at least two reasons why you should turn off your email notifications right now and never look back.

One, chances are that any given new email is more exciting, interesting, or entertaining than whatever project you are slogging through. And so, your brain welcomes the distraction.

Two, it’s easy to rationalize that one little email won’t hurt your productivity that bad. Besides, taking short breaks is good for you!

Put those two reasons together, and you begin to see that email notifications will conspire with your brain’s natural chemistry, causing you to get distracted dozens of times before lunch. And yes, that one email might be short enough. But the truth is that it will take you a long time to get back into the working groove!

What’s even worse, allowing your email inbox to drive your workflows is a big strategic mistake. It’s a certain path to doing busywork instead of focusing on important projects and deadlines that will move you and your practice forward.

Disable email notifications to boost your productivity

Email should be your means of connecting with the world, collaborating with your team, and helping your clients.

To accomplish that, email does not need to generate any reminders, unread badges, or pings. However, it does need to take its place as a tool in your toolbox — not your boss, whip, entertainment, or treat.

So, go into your email settings and turn off notifications. Don’t worry, you won’t forget that you have an email inbox. You don’t need anything to remind you to check your messages periodically!

Now, designate a couple of time slots per day when you will work with your email. That’s right. You won’t scroll through it looking for the most exciting or fun email while skipping over any messages that look hard or boring. Instead, once or twice per day, you will methodically read every email, take (or note) your next action, and move the email out of your inbox.

But what about emergencies?

In my experience, the fear of missing an extremely time-sensitive message is over-rated.

Think about it. How often is an email so important that you absolutely must stop what you are doing and read it immediately?

The truth is that you get many important emails every day. Most of them can wait until you are finished with whatever you are focusing on. If it’s a true emergency, it shouldn’t be in your e-mail at all! 

And, if you are worried about missing something time-sensitive, add a couple of email scans to your daily schedule. During a scan, you are simply monitoring your inbox for anything that might demand your immediate attention. And, you guessed it, scans aren’t happening throughout the day whenever you feel like taking a break. These are scheduled interruptions that allow you to get in and out of your inbox quickly — so that you can get back to work.

I leave you with this reminder.

Your attention is even more valuable than your time. Guard it like it’s priceless.

This article was originally published on

Author Bio:


Chris Belfi is the founder and CEO of MaxPotential Coaching.

His company works with executive-level leaders and business owners and who are drowning in their own success and feel underwater in a sea of things they are supposed to get done. Through proven techniques, MaxPotential Coaching allows executives to take control of their endless to-do list and the other details of their lives and work, go home on time, and create the space to do what matters most to them.


The Truth About Scope And Compliance Risk

The hard-to-face reality is that billions of personal records are exposed each year. A commonly used, yet incomplete solution, is tokenization. Tokenizing sensitive data does not eliminate the need to achieve and certify PCI DSS compliance.

In order to completely descope from PCI, a business can partner with a data custodian (VGS) that handles 100% of data capture and vaulting – removing any compliance risk and completely avoiding data leaks.

Massive data leaks, at this point, are becoming a frequent occurrence – with headlines regularly popping up highlighting cybersecurity disasters that have impacted millions of consumers.

Earlier this summer, news of a cybersecurity disaster rattled North American consumers. The highly-publicized Capital One data breach of 2019 led to the sensitive data exposure of 100 million Americans and 6 million Canadians – including hundreds of thousands of social security numbers and bank account numbers.

Similarly, in July, we learned about the whopping $700 million settlement as a result of the Equifax data breach. Now, years later, the 147 million customers impacted by that disaster all get a piece of that pie.

It only seems like a matter of time until the next multi-million-dollar data breach settlement will be announced, and another consumer data-handling organization will have their feet publicly held to the fire.

From the improper configuration of web applications to the massive security risk involved in cloud storage generally, companies have wisely been seeking alternatives to storing their own sensitive user data and opening themselves up to data breach risk.

The rise of tokenization

In order to reduce data leakage risk as much as possible, many tech organizations have leveraged a method called tokenization. It’s a way to limit storing plain text sensitive data within a company’s own systems by using “tokens” to replace private user information like medical data or credit card numbers.

Unlike encryption, where a mathematical equation can “solve” the data replacement and reveal the original sensitive information, tokenization is not reversible. With no mathematical relationship to the original data point, tokenization is widely considered to be a safe way of transmitting and storing critical information.

However, tokenizing sensitive data does not eliminate the need to achieve and certify PCI DSS compliance – although it can reduce the number of system components to which PCI DSS compliance would apply.

With tokenization, sensitive data is mostly hidden. But, there are two points where tokenized data still remains within the scope of PCI DSS compliance: the data vault and the original point of capture.


Even when organizations store and use tokens instead of raw sensitive data, the original data is within PCI scope because they’re still within the cardholder data environment. In this environment, a business is still responsible for any leaked data.


But what if businesses could offload this data risk fully, and enjoy the benefits of tokenization while keeping all the original data completely off their own systems?


Descoping entirely

In order to completely descope from PCI DSS compliance, a business can partner with a data custodian that handles 100% of data capture and vaulting – removing any compliance risk and completely avoiding data leaks.

VGS is an innovative data custodian that takes on their clients’ compliance risk, securely storing all sensitive data and removing businesses from PCI scope in full.

By leveraging synthetic data ‘aliases,’ which are generated in real-time to protect all sensitive customer information, VGS empowers businesses to use customer data just as they did before – but never actually touch the sensitive data themselves.

Startups that work with VGS remove their compliance risk and avoid the potential risk associated with data breaches because there’s nothing to steal in the first place.

By partnering with a data custodian, organizations can completely descope their systems and win over new customers with the peace of mind that their sensitive personal data is in safe hands.

When businesses implement VGS solutions to handle their sensitive data, they instantly inherit VGS’s best-in-class security posture, which enables them to fast-track their certifications like PCI, SOC2 and others.

With data security as one less thing to worry about, organizations can focus their time and resources on growing their core businesses.

This article was originally published in Very Good Security.


Many companies hesitate to upgrade or change their Accounts Receivable System simply because they feel they can continue to achieve the same results using the same systems and processes as they did five years ago. If you are a smaller company just looking to send a few automated dunning letters and have your AR team identify which invoices are past due, there may be no reason to change. But if your company wants to improve free cash flow and cash conversion cycles, you must be sure your AR system is driving efficiencies in your processes – if you hope to grow without spending significant dollars on headcount.  

In today’s collections environment understanding your customer data is one of the most critical elements in your collections process. If you can’t identify customer payment trends or tendencies, it makes it nearly impossible to predict company cash flow. “Cash is King” which all Controllers and CFOs would agree that if you don’t have enough operating cash flow, you can’t grow your business and you can’t really measure the success of your company.  If your current AR system does not have this DATA readily available at the click of a button, you are behind the times and driving inefficiencies. Here are five examples of inefficiencies that should lead you to re-analyze your current AR system and decide whether it is time for an upgrade. 

1. More Than 1 Hour Required To Generate Reports 

If your AD HOC reports take you more than 1 hour to prepare for management. Today’s premier AR systems have the ability to sort existing customer data and provide essential reporting in a matter of seconds. I see too many managers spending multiple days to prepare an important report for upper management that could easily be prepared quickly and accurately with a better AR Tool. This is not an efficient use of a managers time, which is probably already stretched to the point of frustration. These types of specialized reports only take managers away from managing their teams, so it is important that these reports are readily available.

2. AR System Can’t Identify Non-Paying Customers 

If your AR system can not easily identify why your customers are not paying you, it is time to re-evaluate if your current system is the right one for you. This is critical information for the business to improve your internal processes, to reduce delays long term, and get your customers to pay you sooner and ultimately reduce your DSO. 

3. AR System Cannot Provide Estimated Payment Times 

If your AR system can not provide you quickly additional expected payments over a period of time (monthly/ quarterly). This is a common ask from Controllers and CFOs, especially at the end of the quarter or month to help predict cash flow and progress towards cash targets. If your system is not up to date, often what happens is managers then need to reach out individually to each collector to get updates on promise to pay dates and reasons for delays to provide any accurate information back to upper management. This project could take days to get this information, when again this information could be provided in a matter of seconds. Some collections systems can even use customers historical payment data and trends and predict payment dates based on how they have paid you in the past. This allows collections teams to be more efficient to help them prioritize and really focus on who they need to follow up with for payment and identifying high risk customers. 

4. Cannot Provide Strategic and One Time Dunning Campaigns

If your company only has the ability to run a dunning campaign based on the number of days past due, and does not allow you to target specific customers types including by region, invoice amount, new customers or high/low risk customers, it may be time to look for a new AR System. Automated Dunning Campaigns targeting specific customer types are critical to allow the collections team to focus on more complicated and time consuming customer issues, while still increasing your cash flow. Many companies need a one time dunning campaign to target a specific customer type. For example, you may want to run a campaign that targets customers who pay by check to help move them over to ACH for faster payments. If your system can’t provide that, you are behind the times in your collections processes and hurting your potential cash flow.

5. Cannot Identify High Risk Past Due Accounts Quickly 

If your current AR Tool does not allow your collections team to identify certain high risk past due accounts quickly, it may be time for a new AR Tool. Some collectors have a hard time identifying what they should focus on a daily, weekly, or even on a monthly basis. Most premier AR Tools allow management to help prioritize collection accounts for their collectors daily and assign specific tasks and work-lists to their collectors. This is critical in helping to drive desired performance from your collections teams to achieve your best results. 

Conclusion: Spend Less Time Reporting, More Time Generating Cash 

If your collections department is spending endless hours preparing manual reports, you are only hurting your company cash flow. I think all managers would agree that they would rather have their collectors focus on collections rather than endless manual reporting. By upgrading your AR systems, your cash flow improvement will be significant enough to allow you to plan for growth and save significant dollars on headcount.

This article was originally published on Tesorio.


When evaluating the security of an application and data model ask the questions:

  • What is the sensitivity of the data?
  • What are the regulatory, compliance, or privacy requirements for the data?
  • What is the attack vector that a data owner is hoping to mitigate?
  • What is the overall security posture of the environment, is it a hostile environment or a relatively trusted one?


Data When threat modeling, consider the following common scenarios:


Data at rest (“DAR”)

In information technology means inactive data that is stored physically in any digital form (e.g. database/data warehouses, spreadsheets, archives, tapes, off-site backups, mobile devices etc.).

  • Transparent Data Encryption (often abbreviated to TDE) is a technology employed by Microsoft SQL, IBM DB2 and Oracle to encrypt the “table-space” files in a database. TDE offers encryption at the file level. It solves the problem of protecting data at rest by encrypting databases both on the hard drive as well as on backup media. It does not protect data in motion DIM nor data in use DIU.
  • Mount-point encryption: This is another form of TDE is available for database systems which do not natively support table-space encryption. Several vendors offer mount-point encryption for Linux/Unix/Microsoft Windows file system mount-points. When a vendor does not support TDE, this type of encryption effectively encrypts the database table-space and stores the encryption keys separate from the file system. So, if the physical or logical storage medium is detached from the compute resource, the database table-space remains encrypted.


Data in Motion (“DIM”)

Data in motion considers the security of data that is being copied from one medium to another. Data in motion typically considers data being transmitted over a network transport. Web Applications represent common data in motion scenarios.

  • Transport Layer Security (TLS or SSL): is commonly used to encrypt internet protocol based network transports. TLS works by encrypting the internet layer 7 “application layer” packets of a given network stream using symmetric encryption.
  • Secure Shell/Secure File Transport (SSH, SCP, SFTP): SSH is a protocol used to securely login and access remote computers. SFTP runs over the SSH protocol (leveraging SSH security and authentication functionality) but is used for secure transfer of files. The SSH protocol utilizes public key cryptography to authenticate access to remote systems.
  • Virtual Private Networks (VPNs) A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.


Data in Use (“DIU”)

Data in use happens whenever a computer application reads data from a storage medium into volatile memory.

  • Full memory encryption: Encryption to prevent data visibility in the event of theft, loss, or unauthorized access or theft. This is commonly used to protect Data in Motion and Data at Rest. Encryption is increasingly recognized as an optimal method for protecting Data in Use. There have been multiple approaches to encrypt data in use within memory. Microsoft’s Xbox has a capability to provide memory encryption. A company Private Corepresently has a commercial software product cage to provide attestation along with full memory encryption for x86 servers.
  • RAM Enclaves: enable an enclave of protected data to be secured with encryption in RAM. Enclave data is encrypted while in RAM but available as clear text inside the CPU and CPU cache, when written to disk, when traversing networks etc. Intel Corporation has introduced the concept of “enclaves” as part of its Software Guard Extensions in technical papers published in 2013.
  • 2013 papers: from Workshop on Hardware and Architectural Support for Security and Privacy 2013
  • Innovative Instructions and Software Model for Isolated Execution
  • Innovative Technology for CPU Based Attestation and Sealing


Where do traditional data protection techniques fall short?


TDE: Database and mount point encryption both fall short of fully protecting data across the data’s entire lifecycle. For instance: TDE was designed to defend against theft of physical or virtual storage media only. An authorized system administrator, or and unauthorized user or process can gain access to sensitive data either by running a legitimate query and , or by scraping RAM. TDE does not provide granular access control to data at rest once the data has been mounted.

TLS/SCP/STFP/VPN, etc: TCP/IP Transport layer encryption also falls short of protecting data across the entire data lifecycle. For example, TLS does not protect data at rest or in use. Quite often TLS is only enabled on Internet facing application load balancers. Often TLS calls to web applications are plaintext on the datacenter or cloud side of the application load-balancer.

DIU: Memory encryption, Data in use full memory encryption falls short of protecting data across the entire data lifecycle. DIU techniques are cutting edge and not generally available. Commodity compute architecture has just begun to support memory encryption. With DIU memory encryption, data is only encrypted while in memory. Data is in plaintext while in the CPU, Cache, written to disk, and traversing network transports.


Complimentary or Alternative Approach: Tokenization

We need an alternative approach that address all the exposure gaps 100% of the time. In information security, we really want a defense in depth strategy. That is, we want layers of controls so that if a single layer is fails or is compromised another layer can compensate for the failure.

Tokenization and format preserving encryption are unique in the fact they protect sensitive data throughout the data lifecycle/across a data-flow. Tokenization and FPE are portable and remain in force across mixed technology stacks. Tokenization and Format preserving encryption do not share the same exposures as traditional data protection techniques.

How does this work? Fields of sensitive data are cryptographically transformed at the system of origin, that is during intake. A cryptographic transform of a sensitive field is applied, producing a non-sensitive token representation of the original data.

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenization system.

Format preserving encryption takes this a step further and allows the data element to maintain its original format and data type. For instance, a 16-digit credit card number can be protected and the result is another 16-digit value. The value here is to reduce the overall impact of code changes to applications and databases while reducing the time to market of implementing end to end data protection.


In Closing


Use of tokenization or format preserving encryption to replace live data in systems results in minimized exposure of sensitive data to those applications, stores, people and processes. Replacing sensitive data results in reduced risk of compromise or accidental exposure and unauthorized access to sensitive data.

Applications can operate using tokens instead of live data, with the exception of a small number of trusted applications explicitly permitted to detokenize when strictly necessary for an approved business purpose. Moreover: in several cases removal of sensitive data from an organization’s applications, databases, business processes will result in reduced compliance and audit scope, resulting in significantly less complex and shorter audits.


This article was originally published in Very Good Security.


Probably the least pleasant part of the accounts receivable professional’s job is running a customer through a collections process. It is time-consuming and can be stressful. Truth be told, you probably are swamped just with your regular duties, emailing requests for payments and making phone calls to answer payment questions for customers. 

Still, sending out personalized collections letters to the most delinquent accounts is a crucial part of getting paid. Creating every new collections letter and dunning campaign from scratch is not really necessary, however. You can work off of basic templates and personalize them as needed. To help you with this task, we’ve drafted some simple templates that are clean and easy to understand. Clarity and getting to the point quickly are critical; no one wants to read a lengthy collections letter. 

Feel free to copy these templates and make them your own by modifying the introduction section and the closing section to reflect your personal relationship with the accounts payable person or your contact at the delinquent company. 

Guide to Writing Collection Letter #1

In most cases, you want to send this letter out very shortly after the invoice is past due. You may have reminded the customer to pay on time, sent emails, left phone messages. Or you may have just assumed they would handle their payables on time. Because this is the first notice, keep the tone professional, but friendly. At this point, it’s more than likely that the payables contact went on vacation, your invoice is waiting in a queue, or some other minor and temporary delay has happened. With this letter, make it clear you are not assuming ill will or evasion but that you still need to have your invoice paid. Keep in mind, as well, that it is entirely possible the customer has not paid because there was a problem with the product or service that has not been resolved and the customer is unhappy. Above all, remember that paying an invoice is the last step in the customer journey and it should be if at all possible, a pleasant and positive process. These customers keep you in business. 

This first collection letter must always contain the following basic information:

  • The amount due
  • The item or service purchased
  • Number of days a specific invoice is past due
  • A summary of all of the invoices on the account
  • Clear instructions on the next steps
  • Payment information – ideally an online payment link
  • A precise calendar due date upon which you are requesting payment
  • How to contact you directly with questions or to provide reasons for not paying and status updates

Collection Letter #1 Template

Dear [Insert Name],

[If you know the contact personally, insert a brief note like “Hope your vacation in Hawaii was wonderful!”]

Just a quick reminder that [Insert Company Name]’s account is past due. Our records show there is a balance of $[Insert Amount] that is currently [Insert the number of days past due] days past due. Attached is an account statement with all the relevant balance information. We have also emailed the account statement and invoice to you, for your convenience. If you have not received this email and the attachment, we have provided a summary of your account info below.

  • Invoice Number:
  • Invoice Date:
  • Amount Due Date:
  • Days Past Due:

Could you please tell me the status of your payment? Here is a [link] to our payments portal.  We request that you make payment by [Insert Date]. Alternatively, we can provide you with our bank information for an EFT or ACH. 

If you can’t pay electronically, please send us a paper check to the following address: 

[Insert Your Company Name]
ATTN: Accounting Dept.
[Insert Address]

If we have made an error on your account or you can’t pay at this time, please call me to discuss at [Insert Phone Number]. We are happy to correct any errors or arrange for a payment plan. 

We look forward to continuing to do business with you.


[Insert Your Name]

[Insert Email Address]

[Insert Phone Number]

Guide to Writing Collection Letter #2

In the second collection letter, you will need to change tone to become more firm, under the assumption that your first letter was ignored. That said, you don’t want to alienate or anger the customer. At the same time, you want to make it clear that you expect to be paid shortly. Send this second letter 7 to 10 business days after the first collection letter.

The second collection letter should include much of the same information as the letter, with the addition of a brief mention of the potential consequences of continued non-payment:

  • The amount due
  • The item or service purchased
  • Number of days a specific invoice is past due
  • A summary of all of the invoices on the account
  • Clear instructions on the next steps
  • Payment information – ideally an online payment link
  • A precise calendar due date upon which you are requesting payment
  • How to contact you directly with questions or to provide reasons for not paying and status updates
  • Brief mention that failure to pay could have real consequences (credit rating, liens filed, service suspension and reinstatement charge). 

Collection Letter #2 Template

[Insert Name] – I wanted to check if you had received our first collection notice.

We have not yet received payment for [Insert Invoice Number]. We have not yet received your response to our letter sent on [Insert Date]. Unfortunately, [Insert Company Name]’s account is [Insert Days Past Due] days past due.  You owe a total of $[Insert Amount].

You are a valued customer. We would like to keep your business. Please tell us how we could help you make this payment. We would prefer to avoid actions that could damage your credit rating and impact your ability to do business with us and other companies. 

Please submit your payment of $[Insert Amount] by [Insert Calendar Date]. You can pay by credit card over the phone, pay online via our payment portal, or you can send a check in the self-addressed envelope I enclosed here. If you would prefer to pay via ACH or EFT, we are happy to provide our bank details.

If for any reason you cannot pay in full, please contact me immediately at [Insert Phone Number]. I would be very happy to discuss a payment schedule for you and [Insert Company Name].

I do hope we can continue in business together. Thanks for your prompt response and payment.


[Insert Your Name]

[Insert Email Address]

[Insert Phone Number]

Guide to Writing Collection Letter #3

At this point, the chances of you getting a full payment are pretty slim. You have less to lose – most likely the customer has an idea of what potential consequences of non-payment might be. The tone should remain professional but less cordial to convey the severity of the situation. Definitely accompany this letter with a phone call to your contact. Make it very clear in this letter that the customer is likely to face serious consequences, including reporting the delinquency to credit bureaus and taking legal action. The third collection letter should include the following information:

  • The dates previous letters went out
  • The amount due
  • The item or service purchased
  • Number of days a specific invoice is past due
  • A summary of all of the invoices on the account
  • Clear instructions on the next steps
  • Payment information – ideally an online payment link
  • A precise calendar due date upon which you are requesting payment
  • How to contact you directly with questions or to provide reasons for not paying and status updates
  • Brief mention that failure to pay could have real consequences (credit rating, liens filed, service suspension and reinstatement charge). 

Collection Letter #3 Template

Dear [Insert Name],

This is the third letter we have sent to you and [Insert Company Name] is requesting payment in full for invoice [Insert Invoice Number] which was due on [Insert Due Date]. We sent the first letter on [Insert Date] and the second letter on [Insert Date].  We have also called and emailed you to request a payment. 

Your account is now [Insert Days Past Due] days past due and you owe a total of $[Insert Amount].

Unfortunately, unless we receive payment in full by [Insert Date] (or agree on a payment plan by this date), we will engage our attorney in the matter and report your delinquency to the credit bureaus. This would have severe consequences on the ability of your business to secure credit. 

To prevent these consequences, you can pay the full balance (or make a partial payment immediately) via our online payments portal (URL) or call me and provide your credit card information so we can process a payment. . 

Contact me immediately at [Insert Phone Number] so that we might settle this matter amicably and quickly.


[Insert Your Name]

[Insert Email Address]

[Insert Phone Number]

Collection Letter #4: The Final Letter

At this point, you can honestly say you have tried your best and offered the customer multiple options to settle their invoice. This letter should not even ask for payment. Rather, it should just state that you have informed the credit bureaus and engaged your attorney or legal department to pursue legal remedies. While it is not mandatory that you notify delinquent customers of these actions, doing so might actually induce a payment. Once a company knows that legal action is imminent, then it sometimes can accelerate the settlement process. Should this final letter result in a phone call, remain cordial and even friendly; it is far better to be talking with the delinquent customer than to have them ignore all communication. You can keep this letter short. It is designed to serve as proof that a customer has been contacted multiple times and that you have made a good faith effort to give them a chance to pay their debts, in part or in full. 

This letter should contain the following details:

  • Number of days an invoice is past due
  • The amount due
  • The dates when the previous three letters were sent
  • A statement that you have referred this matter to the credit bureaus and engaged an attorney

Collection Letter #4 Template

Dear [Insert Name],

We have sent three collections notices to you and [Insert Company Name] is requesting immediate payment for invoice [Insert Invoice Number] for $[Insert Amount] which was due on [Insert Due Date]. We sent letters to you on [Insert Date], [Insert Date] and [Insert Date]. We have also emailed you payment requests and copies of your invoices on those same dates.

Due to your lack of response, we have reported this issue to the credit bureaus, initiated legal action against [Insert Company Name], and are in the process of engaging a collections agency to pursue the debt.

Should there be any change in your situation, please contact me immediately at [Insert Phone Number].


[Insert Your Name]

[Insert Email Address]

[Insert Phone Number]
This article was originally posted on Tesorio.


Running a business in the digital age is no easy feat. This is especially true nowadays, when consumer data security is at the forefront of the conversation.

Data breaches have hit even some of the biggest multinationals out there, enabling the exposure of sensitive user data and compromising the privacy and trust of their customers. When it’s payment card data that leaks on a large scale like this, the damage goes far beyond consumer confidence.

Table of Contents

Individual customers’ financial lives can be severely hurt when their sensitive data gets into the wrong hands.

That’s why it’s incredibly crucial to secure cardholder data, which is what PCI DSS aims to do.

Like many compliance programs, the Payment Card Industry Data Security Standard (PCI DSS) is designed to ensure a more stable and secure vendor, which leads to a more reliable payment card industry overall. PCI DSS ensures that you, your fellow merchants, and all the stakeholders in the payment card industry are held to a rigorous industry standard for security.

But what about your business – do you need to be PCI DSS compliant?

If you store, process, or transmit cardholder data, the short answer is yes, but let’s go over a few things for you to understand exactly why this data security regulation is so vital and why it’s so important for your business.

What is PCI DSS?

All merchants and service providers that process payment card information must comply with PCI DSS, which is a set of controls and obligations that reduce the likelihood of cardholder data being compromised.

To put it simply: PCI DSS is a set of requirements that businesses who touch payment card data must follow as part of an industry-wide program against credit card fraud and loss.

The most recent DSS version from the Security Standards Council (SSC), which is a consortium of payment card brands like Visa and MasterCard, contains 12 requirements that merchants and service providers must implement.

A dozen boxes to tick doesn’t sound too difficult, right?

Not so fast: within these 12 requirements are hundreds of sub-requirements. Installing firewalls, encrypting cardholder data, performing patch management and maintaining traceable records are just a few of the requirements for PCI DSS compliance, many of which are complex and can require an entire cross-functional team to tackle.

Some of these requirements may be especially difficult for smaller organizations to meet, particularly without any expert help.

Who needs to comply with PCI DSS requirements?

So, how do you know if your business needs to worry about attaining and maintaining compliance?

PCI DSS applies to any organization, without regard to size, value, or number of transactions, if that organization collects, transmits, maintains, or transfers cardholder data. Anyone who transacts a major brand card such as American Express, Discover, MasterCard or Visa must comply with the PCI DSS requirements.

In other words, if payment card data touches your network at any point, you must comply.

For smaller organizations out there, the journey to reaching full PCI DSS compliance without any help may seem incredibly daunting – but failing to fulfill the requirements can and does lead to hefty consequences.

What happens when you don’t comply with PCI DSS?

Like GDPR and CCPA requirements, non-compliance is not an option for PCI DSS requirements. While it is technically not a law, like GDPR and CCPA both are, businesses agree to adhere to PCI requirements when they engage in any activity related to the payment card industry.

Failure to comply with PCI DSS could cost you dearly, particularly if you ever have a breach of payment card data. The penalties for non-compliance range from sizable monetary finesto getting your ability to process payment cards revoked – both of which can be detrimental for an early-stage company.

These can be just the tip of the iceberg compared to the total financial harm caused by non-compliance.

From there, businesses may have to pay to inform every individual impacted by the data breach, reissue cards, pay legal fees – the list goes on. The fines for non-compliance are just the start, and don’t even factor the brand damage a data leak causes and the loss of consumer trust that follows. Brand image is, in fact, one of the biggest vulnerabilities when it comes to data security.

According to research from the Ponemon Institute, 61% of Chief Marketing Officers believe that the largest cost of a security incident is the erosion of brand value.

Not only should you, as a business leader, want to maintain a secure cardholder data environment (CDE) for your customers, but you should also want to avoid the liability of not implementing these compliance requirements.

The question, therefore, should not be “is PCI compliance mandatory” (it is), but rather “why would you take the risk of not implementing it?”

Understanding that PCI DSS compliance is absolutely vital is the first step – but how would a business go about becoming compliant?

The DIY approach to PCI compliance

To build a PCI compliant network you will, at a minimum, need to follow the following steps.

Step one: Download and review the PCI DSS details from the Security Standards Council and study it. There are resources that will help you understand how to comply. Read through them and understand the challenges ahead.

Step two: Conduct a risk assessment to determine the robustness of the controls and how you will mitigate the risks. Not every control applies to every environment. Use your risks to find the gaps you need to fill. It can be helpful to work with an expert for this step. Budget-busting solutions often exceed the needs of most smaller businesses, but untrained personnel often struggle to identify which controls do not apply, or how to compensate for them.

Step three: Determine which of your current resources can be leveraged for one or more of the controls indicated by your risk assessment. Identify any gaps that will require new resources, including servers, routers, communication equipment, physical security, and full-time employees.

Step four: Create a project plan with budget and timeline/milestones. Be careful with how long you take to get compliant, as your risks don’t drop until you are compliant. For many smaller businesses, this process will take 3-6 months, usually requiring significant consultation from experts as well as costly technology, including firewall(s), access control systems, vulnerability scanning services or tools, and more.

Step five: Gather your resources and build or rebuild your network. It is likely you will need at least one full-time employee to manage your network for PCI DSS compliance.

Step six: Test and verify that your controls reduce the risks you identified as expected. Controls do not always work as intended, since technology changes rapidly, so the method you chose a few months ago may have been circumvented in the intervening time.

Step seven: Go live with your solution and hope it works as designed. It might not but you will tweak it until it does.

Step eight: Have your system audited by a Qualified Security Assessor listed on the PCI Security Council website. You won’t really know how well you have done until you are audited (that is unless you have a breach, in which case, you did poorly).

Step nine: Revise your controls or infrastructure based on the audit findings.

Once all nine steps are completed, constant vigilance, testing and reworking are required on a regular basis.

The human resources and funding required to complete all of the above is, unfortunately, out of reach for many younger companies.

For this reason, many small-and-medium-sized organizations opt to work with a trusted third-party data security partner to manage all their PCI compliance needs.

The easiest and fastest path to PCI compliance

Rather than have a cross-functional team undertake the arduous process of gaining PCI DSS compliance the DIY route, the fastest and simplest way to become compliant is to make sure payment card data never touches your business’ servers.

But how can you possibly transact payment cards and run an online business without ever touching cardholder data?

The solution is an innovative approach called data aliasing, during which sensitive user data – like cardholder information – is redacted in real time and replaced with a synthetic data alias so that none of the original data ever passes through your system.

Data aliasing is the foundation of Very Good Security’s Zero Data solutions, which enable businesses to collect, store and transmit any sensitive data they want without ever coming into possession of it.

This effectively removes most of your business systems from PCI DSS compliance scope, so your burden is drastically reduced – and your risk of data breaches plummets to almost zero.

Very Good Security offers nearly instant compliance for smaller merchants and service providers upon integration. For organizations that are PCI Level 1, either because of transaction volume or because their bank or partners require it, compliance can be achieved in as few as 21 days.

By taking the DIY path, the same result can take several months – after you’ve already poured a substantial amount of human and financial capital into securing your databases and processes.

Very Good Security is a completely scalable solution that grows with your business, and can take your PCI burden off your plate almost entirely.

Interested in descoping your company’s networks from PCI requirements and achieving compliance the simple way? Try a demo of VGS by clicking here.

This article was originally posted on Very Good Security.