LiStDan Finance is a California-based digital payments company offering peer-to-peer transfers, virtual wallets, virtual card issuance, and merchant payment processing. With 100 employees and 100,000 active users, the platform sits at the intersection of financial services and consumer technology — a position that carries a significant security and compliance burden.
The company’s infrastructure runs entirely on Microsoft Azure. It integrates with third-party payment gateways, KYC and identity verification vendors, fraud detection engines, and banking partners. Every major business function depends on the integrity of that third-party ecosystem and the security of the data flowing through it.
LiStDan Finance operates in a highly regulated space. It processes personal data for 100,000 users across ten data types, including biometric KYC records, financial transaction data, and real-time behavioural profiles. The combination of financial data, personal data, and payment processing creates layered obligations under ISO 27001:2022, NIST CSF v1.1, and GDPR.
At the time of assessment, the company had no documented Information Security Policy, no Incident Response Plan, no formal Privacy Notice, and no Data Processing Agreements in place with any of its eight vendors. A GRC assessment was needed not only to identify where the gaps were, but to produce a structured, evidence-based picture of risk that leadership could act on.
| Element | Detail |
|---|---|
| Industry | Fintech — Digital Payments |
| Headquarters | California, USA |
| Active Users | 100,000 |
| Employees | 100 |
| Infrastructure | Microsoft Azure (cloud-hosted) |
| Key Services | P2P transfers, virtual wallets, virtual card issuance, merchant payments |
| Regulatory Drivers | ISO 27001:2022, NIST CSF v1.1, GDPR |
| Third-Party Vendors | 8 vendors (KYC, fraud detection, email, payment gateway, banking partners, cloud, merchant API) |