Blog

Learn the meaning behind the different parts found on a credit card, as well as their function and relevant PCI DSS requirements, with this overview and FAQ.

What is Branch? Branch provides consumers with affordable and personalized insurance policies in seconds.

Understanding PCI scope is the first step to reducing it. Get the basics and learn how to reduce scope by as much as 93%.

Understanding the different PCI merchant levels is the first step to reducing the challenges they might bring to your organization.

Whether you’re building or optimizing your payment stack, now is the time to think about a multiple-payment gateway strategy.

Everything you need to know about PCI DSS’ self-assessment questionnaires, Report on Compliance, an Attestation of Compliance.

Learn the core concepts, efforts, and trade-offs between building or buying a cardholder data environment (CDE).

Get a high-level overview of the effort and trade-offs required to build your own cardholder data environment (CDE).

Whether you’re looking to simply accept credit cards in-app or do something more complex, like split payments or multi-processor routing, understanding the level of ...

In the last couple of years, new and emerging business models, requirements, and workflows have forced companies to seek new ways to leverage this sensitive data mor...

What is a “Customized Approach”? Historically, PCI DSS has published a defined approach to implementing the required security controls. The standard outlined the com...

What is Formjacking? Also known as web skimming, e-skimming, or a magecart attack, formjacking is a technique that allows hackers to spy and capture sensitive data, ...

Find out when you must be compliant with PCI DSS 4 and which factors are most likely to impact your transition’s timeline.

Pseudonymization is one of several techniques by which an organization can remove this identifying information and operationalize data while providing both privacy a...

While frustrating to many, it’s hard to argue the role PCI compliance has played in creating today’s digital economy. By outlining, defining, and enforcing standards...

If your business stores, processes, or transmits cardholder data from at least one of the leading card networks (e.g. Visa, Mastercard, etc.), then you must prove Pa...

What is data masking? Data masking is the process of hiding elements of an original value, while still keeping enough context for the string to make sense to the use...

The more control and access organizations have over their data, the faster they can ship, innovate, and react. But, because of the burdens that come with PCI, we’ve ...

Learn how one early-stage company is using Basis Theory to help its customers build their ideal payment workflows and avoid PCI compliance scope.

With the right policies, strategies, and tools, your data remediation program can keep your sensitive data compliant, secure, and useful.

Data Tokenization FAQs What is tokenization? Tokenization refers to the process of generating a digital identifier, called a token, to reference an original value. S...

Making data tokenization accessible Tokenization provides a simple way to secure and use sensitive data, but swapping the social security numbers sitting in your dat...

In our last post, we gave a high-level explanation of ACH’s requirements for electronically storing financial deposit information (i.e., bank account numbers) and wh...

Nacha now requires that account numbers must be “unreadable when stored electronically.” The implementation of this rule is broken into two phases.