

Processing Costs: Differences in Debit and Credit Cards
How Credit and Debit Cards Compare The fundamental difference between a credit and debit card is whose money is being used in the transaction: with a credit card, th...

October 2023 Changelog
October was dedicated to enhancing the developer experience at Basis Theory.

AI Solutions to Simplify Payments and Compliance: A Webinar Recap
The Basis Theory team joined a webinar hosted by the Merchant Risk Council (MRC) on November 1 titled “AI Solutions to Simplify Payment Management and Compliance”.

A Glossary of Payment Terms
The world of payment processing can be bewildering and esoteric, with its vast range of participants, processes, and industry jargon. This (admittedly incomplete!) g...

The Payment Settlement Process
What many people miss about the payment process is that there are actually a series of steps - it’s not a one-stop shop! Merchants generally will run some amount of ...

PCI DSS Requirement 12: Maintain an Information Security Policy
As outlined in sub-requirements of the other 11 requirements, documenting expectations of the security posture of an organization is fundamental to the success of th...

PCI DSS Requirement 11: Test System & Network Security Regularly
System vulnerabilities can serve as an open door for attackers to walk right into secure systems and cause significant harm. The best prevention method is to consist...

Why are Gift Card Authorization Rates So Low?
Gift card authorization rates are estimated to be 5-10% lower than standard credit card authorization rates. While this can be frustrating for merchants and customer...

PCI DSS Requirement 10: Track and Monitor Network Access
Logging mechanisms and tracked user activities are critical to preventing, detecting, or minimizing the impact of a data compromise. Implementing logs on all system ...

Basis Theory: Your Centralized Hub for PAR
As a merchant, you are likely aware of the struggle to recognize identical cards across the increasing amount of payment methods consumers use today. With numerous l...

PCI DSS Requirement 9: Restrict Physical Access to Cardholder Data
While many organizations may prioritize the digital security measures needed to protect cardholder data, physical securities shouldn’t be forgotten. All physical acc...


What are Card Issuing Platforms?
A card issuing platform enables businesses within and beyond the financial industry to easily provide branded debit and credit cards to their customers. Despite the ...

PCI DSS Requirement 8: Identify & Authenticate User Access to System Components
PCI DSS Requirement 8 provides detailed guidance on the two fundamental principles for identifying and authenticating users: establishing the identity of a person th...

PCI DSS Requirement 7: Restrict Cardholder Data Access
Assigning permissions carefully is one means of protecting sensitive account data by providing the minimum level of access necessary to perform an employee’s job.

Hard vs. Soft Card Declines: What They Are & How to Reduce Them
As magical as the payment process can seem when everything is going according to plan - your buyer simply types in their details, money is transferred, and you’re in...

BIN Data: Enhance Fraud Detection and Improve Customer Experience
We are thrilled to announce an enhancement to our tokenization platform: BIN Details! The BIN, or Bank Identification Number, allows access to details, a powerful to...

The Importance of a Risk Assessment for Merchants
A risk assessment is a dedicated process evaluating the likelihood of a damaging event happening. In the medical environment, it is a statistical calculation of the ...

PCI DSS Requirement 6: Develop and Maintain Secure Systems
PCI DSS Requirement 6 highlights the importance of installing security patches in order to protect systems from being accessed by anyone with malicious intentions. F...

One-time-use (Privacy) Cards and Their Benefits
A one-time-use card, also known as a privacy card, is a virtual credit or debit card number that can be used once for a single purchase. Once this purchase is comple...

PCI DSS Requirement 5: Protect All Systems and Networks from Malicious Software
Malicious software, also commonly known as malware, is any software or firmware specifically designed to cause damage to, or penetrate the security systems of, a com...

August 2023 Changelog
As summer winds down and school starts back up for many of us in North America, Basis Theory is looking forward to an upcoming semester abroad. (Stay tuned for detai...

Chargebacks Explained: What They Are & How to Reduce Them
In the payments business, a chargeback is the reversal of a charge initiated by the issuing bank rather than the merchant, generally in response to a consumer compla...

PCI DSS Requirement 4: Protect Cardholder Data During Transmission Over Public Networks
Vulnerabilities in legacy encryption and authentication protocols for wireless networks are often targeted by malicious individuals aiming to gain access to cardhold...

How To Improve Payments Efficiency and Reduce Expenses
Why does Payment Efficiency Matter? Processing payments is a multi-partner, multi-step endeavor, and each partner expects to be compensated for their trouble. From t...

How Does Payment Processing Work?
Payment processing describes the series of steps that take place allowing one party to deliver money to another in return for goods and services, normally via a cred...

PCI DSS Requirement 3: Protect Stored Account Data
Public exposure of stored account and transaction data, either intentional or unintentional, can cause serious damage to a merchant. This is why the PCI SSC has crea...

2023 Global Payments and Fraud Report: Key Takeaways
The annual Global Payments and Fraud report produced by the Merchant Risk Council, Cybersource, and Verifi surveyed 1,072 merchants who identified as being involved ...

What is the Merchant Discount Rate?
Despite its name, the Merchant Discount Rate (MDR) defines not a discount offered to merchants, but a fee paid by the merchant to its payment processing service. On ...

PCI DSS Requirement 2: Securely Configure All System Components
Attackers often use default passwords and other vendor default settings to compromise systems. These passwords and settings are both well known and easily accessible...

How to Select the Right Payment Gateway Provider
Payment Gateway Providers: An Overview A payment gateway is a specialized payment processor that serves the unique needs of a specific merchant vertical group. Payme...

PCI DSS Requirement 1: Install and Maintain Network Security Controls
Requirement 1 of the Payment Card Industry Data Security Standard (PCI DSS) is to “Install and Maintain Network Security Controls”. It is designed to help merchants ...

How to Select the Right PCI-Compliant Service Provider
Any entity involved in transacting credit card business has an obligation to comply with Payment Card Industry Data Security Standards (PCI DSS), which is a publishe...

July 2023 Changelog
Summer is in full swing, and in July our team focused on bringing our mission to life for our customers. At Basis Theory, we believe that developing products with se...

What’s in PCI Scope vs. Out of Scope?
What is PCI-DSS and what does it mean to be in scope? PCI-DSS (the Payment Card Industry Data Security Standard) is an information security standard used by every en...

HTTP Service: Dual Write Data for Ultimate Flexibility
At Basis Theory we’re making it easier than ever for developers to create products with sensitive data. Our new HTTP service gives developers the flexibility they ne...

Introducing Compliance Genie: Instant Access to Payments Expertise, One Question at a Time
As we empower our customers to build pioneering solutions for their payment systems, ensuring alignment with regulatory rules is a critical step. We've witnessed fir...

19 Resources to Learn More About Payments
Uncovering the top resources to build your payment knowledge The payments industry and ecosystem can be daunting in its breadth and depth. Understanding not only the...

Payments Compliance and Monitoring: Simplified
What is payments compliance? The pandemic years accelerated the growth of global e-commerce, catapulting the industry to over 26 million individual merchants doing b...

Revolutionizing Know-Your-Customer Data Management: Basis Theory’s KYC Data Engine
We recently released a white paper detailing the many aspects of the “Know Your Customer” (KYC) program, and what it means for businesses that interact with customer...

June 2023 Product Changelog
Welcome back, everyone! Here are the notable changes for June. We're grateful to our customers for their ingenuity and creativity in finding new ways to keep their c...

How to Prevent Payment Gateway Fraud
What is Payment Gateway Fraud? Payment gateway fraud occurs when a card-not-present transaction is completed using invalid card details. Fraudsters may use stolen cr...

What are Cross-Border Payments? Everything you Need to Know
Transferring money across borders seamlessly has opened up a realm of possibilities for businesses and individuals alike. However, many may find that cross-border pa...

Why Should You Use Split Payments?
In the fast-paced world of B2B software, prompt and efficient payment processing is on every vendor’s wish list. Getting paid in a timely fashion is essential for ma...

Top Payment Statistics and Trends in 2023
As the payments industry continues to evolve, staying on top of the latest trends is crucial for payments professionals looking to make informed decisions and drive ...

How Longer CVC Storage Can Improve Your Payment Flows
As we hear feedback from customers about the creative ways they use their payments data we constantly look for ways to unlock more use cases. We've recently released...

How Businesses Can Process EBT Payments
Electronic Benefits Transfer, or EBT, is a system that was created to allow recipients of federal support in the United States to make food purchases electronically....

5 Tips for Secure Online Payments: How Merchants Can Scale
Providing secure payment transactions is a shared responsibility, because so many entities are involved in an intricate chain of activities to complete a deal. Each ...

What is a Payment Aggregator?
A payment aggregator is a service provider that shares their merchant account with their customers, allowing them to start accepting payments quickly and easily. Ins...

Payment Risks and How to Reduce Them
It’s easy to imagine the scariest risks of all: having your system taken over and sold back to you by ransomware, say, or a criminal ring intentionally buying all yo...