How to Tokenize Bank Account Numbers

This piece covers how to tokenize bank account numbers to securely protect bank account information.

Why use tokenization?

We think tokenization is the ideal method to protect account information for four key reasons:

1. Flexibility. Tokens can be easily passed between systems without each system needing logic to decrypt the data.
2. Application. Anything that can be serialized, can be tokenized. This broadens its application to different types of data, like media. For example, encoded images, like scanned authorization forms, can be tokenized, detokenized and decoded when needed. 
3. Ownership. Tokens provide continued access and control over the underlying data, but without the overhead. ‍
4. Enablement. Once secured, bank account information can be transformed, aliased, fingerprinted, and more. These enable a variety of operational use cases, like customer support operations; cost-savings, like least cost routing; and new products, services, and partnerships. 

How to tokenize bank account numbers in three steps:

Basis Theory offers developers a secure, PCI-compliant and SOC 2 certified token vault and platform that allows your organization to quickly secure your banking details with a single tokenization API call. 

Collecting bank account information

To collect this data from users seamlessly in your application, be sure to check out our guide on how to bank accounts with Basis Theory’s Elements. 

Using Atomic Banks

Basis Theory offers a dedicated bank token type, called an Atomic Bank. This token combines account number and routing number into a single Token. You may also store these separately, you can tokenize these data types individually. 

Creating an Atomic Bank

To create an Atomic Bank simply call our Atomic Bank API with the account number and routing number you’d like to store.

Here is an example of how you’d accomplish that:

Requesting a Token ID

Token IDs are your reference back to the underlying sensitive data secured within Basis Theory’s vault. You will store these references within your system, enabling you to retrieve the bank data back from Basis Theory whenever you need it.

Create an Atomic Bank using the below cURL command. Keep in mind we have language-specific SDKs for .NET, Node.js, and React (with more to come).

curl "https://api.basistheory.com/atomic/banks" \\
  -H "X-API-KEY: <API Key>" \\
  -H "Content-Type: application/json" \\
  -X "POST" \\
  -d '{
    "bank": {
      "routing_number": "021000021",
      "account_number": "1234567890"
    },
  }'

‍

Receiving a Token ID

And, you’re done. You've now received an Atomic Bank that is fully compliant with Nacha’s new Security Compliance Requirements for ACH transactions.

In addition to securing your bank account details, we also automatically provide you with a masked value that is safe to store and display.

{
  "id": "1485efb9-6b1f-4248-a5d1-cf9b3907164c",
  "tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
  "type": "bank",
  "bank": {
    "routing_number": "021000021",
    "account_number": "XXXXXX7890" // this is the masked account number
   },
   "created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
   "created_at": "2020-09-15T15:53:00+00:00"
}

Ready to get started?

Start complying in minutes, not weeks. Here are a few ways to get started:

1. Learn more about using Basis Theory to secure account data
2. Check out one of our “securing bank accounts” guides
3. Send our API documentation to your developers