What are Cascading Payments?
Cascading payments can be part of an intelligent payment routing strategy. In this post, we break down the details and discuss how they can influence your success ra...
What is Sensitive Authentication Data?
Learn about sensitive authentication data (SAD), like CVV and CVC, how it works, and why you likely can’t store it.
Changelog: January 2023
Learn more about January's releases, improvements, and fixes.
Customer Story: Branch
What is Branch? Branch provides consumers with affordable and personalized insurance policies in seconds.
How to reduce PCI DSS Scope: An overview
Understanding PCI scope is the first step to reducing it. Get the basics and learn how to reduce scope by as much as 93%.
What are the merchant levels for PCI DSS 4.0?
Understanding the different PCI merchant levels is the first step to reducing the challenges they might bring to your organization.
What is a Card-on-File Transaction and what is it used for?
In this guide, we’ll review how card-on-file transactions work, examples of where they can be used, and benefits and drawbacks.
Rethinking the payments stack: Benefits of multiple payment gateways
Whether you’re building or optimizing your payment stack, now is the time to think about a multiple-payment gateway strategy.
What are the PCI DSS’ ROC, SAQ, and AOC?
Everything you need to know about PCI DSS’ self-assessment questionnaires, Report on Compliance, an Attestation of Compliance.
Storing Credit Cards: Outsource a Solution, or Build?
Learn the core concepts, efforts, and trade-offs between building or buying a cardholder data environment (CDE).
How to Store Credit Cards: Building in-house
Get a high-level overview of the effort and trade-offs required to build your own cardholder data environment (CDE).
How to store credit cards: Using PCI DSS Service Providers
Whether you’re looking to simply accept credit cards in-app or do something more complex, like split payments or multi-processor routing, understanding the level of ...
A helpful guide on Cardholder Data Environments (CDEs)
In the last couple of years, new and emerging business models, requirements, and workflows have forced companies to seek new ways to leverage this sensitive data mor...
Changelog: December 2022
The Highlights New Year, New Documentation We’ve learned and changed a lot over the last year, but we realized our documentation hadn’t. Over the previous two years,...
Is the Customized Approach in PCI DSS 4.0 right for me?
What is a “Customized Approach”? Historically, PCI DSS has published a defined approach to implementing the required security controls. The standard outlined the com...
Formjacking and PCI 4.0: What it is and why you should care
What is Formjacking? Also known as web skimming, e-skimming, or a magecart attack, formjacking is a technique that allows hackers to spy and capture sensitive data, ...
When is PCI DSS 4.0 required? Timing and helpful considerations
Find out when you must be compliant with PCI DSS 4 and which factors are most likely to impact your transition’s timeline.
What is pseudonymization? Simple definition, benefits and comparisons
Pseudonymization is one of several techniques by which an organization can remove this identifying information and operationalize data while providing both privacy a...
Changelog: November 2022
The Highlights Upgrades to Elements Collect data with Android and iOS Elements The new SDKs make it simple to collect Text data directly from Android and iOS mobile ...
What is PCI Compliance? The 12 Requirements & PCI DSS Guide
While frustrating to many, it’s hard to argue the role PCI compliance has played in creating today’s digital economy. By outlining, defining, and enforcing standards...
Choosing the right PCI DSS SAQ for your self-assessment
If your business stores, processes, or transmits cardholder data from at least one of the leading card networks (e.g. Visa, Mastercard, etc.), then you must prove Pa...
Getting to compliance: Breaking down the 2022 Nacha Data Protection Requirements
Nacha, the governing and enforcement body for United State’s ACH network, recently issued rules requiring organizations to employ a combination of encryption and tok...
Using React to Customize Your Auth0 User Experience
As our implementation with Auth0’s branding and styling grew more complex, our engineering team looked for a solution to simplify our implementation and accelerate o...
Changelog: October 2022
The Highlights Access Rules Engineers use, scope, and permission our Tokens in various ways. To allow for greater control over access to tokens, we built Access Rule...
What is Data Masking? Types & Techniques
What is data masking? Data masking is the process of hiding elements of an original value, while still keeping enough context for the string to make sense to the use...
Introducing the PCI Blueprint
The more control and access organizations have over their data, the faster they can ship, innovate, and react. But, because of the burdens that come with PCI, we’ve ...
What You Should Know About PCI Compliance And Email Security
Basis Theory’s Take Long story short: PCI compliance is exceptionally difficult to maintain if you want to use email to share any kind of PII. And doing so will requ...
Encrypt smarter, not harder: The Basis Theory Open Source KMS SDK
When we started designing Basis Theory's vault, we knew the platform encryption posture would need to change to meet new security, compliance, and customer requireme...
Unstripe yourself: How to replace Stripe Elements with Basis Theory
Elements provide modern building blocks for collecting sensitive information in your UI, allowing developers to build immersive forms that match the look and feel of...
What is a Bank Identification Number (BIN) and how do I keep it secured?
Did you know that the first 4-8 numbers on a payment card, known as the BIN (Bank Identification Number), actually have a specific meaning and purpose? In order to p...
How to insert sensitive data into a PDF using Reactors
A data tokenization platform supports zero trust architecture practices without losing your ability to interact with and use the tokenized data. For example, Basis T...
The 3 Themes Guiding Fintech Policy and Regulations in India
According to the Economic Times, India has the highest fintech adoption rate globally at 87%—13% higher than the global average. It’s also one of the fastest growing...
Changelog: August 2022
The Highlights Updating Elements with Refs To stay consistent with the current React trends, targeting Elements now uses Refs just like any other React element in a ...
How Streamlined used tokenization to protect their developer experience
Learn how one early-stage company is using Basis Theory to help its customers build their ideal payment workflows and avoid PCI compliance scope.
Data security 101: Remediating sensitive data
With the right policies, strategies, and tools, your data remediation program can keep your sensitive data compliant, secure, and useful.
What is data encryption and how does it work?
Every day, businesses accumulate more data to help drive their decisions and understand their market. That data is not only confidential to the business, but often c...
Reflections on being named a Forbes Cloud 100 Rising Star
Leading up to our GA release in late April, we wondered what life would be like post-launch. Even if we felt we had the best platform, would others? After all, token...
Changelog: July 2022
The Highlights Token expiration Whether mandated by PCI or by your organization's internal data retention policies, developers need the ability to purge data automat...
Basis Theory Tokens: A new way to protect and use sensitive data
Tokenization is only valuable to an organization if the tokens are useful. While cookie-cutter tokens with rigid properties provide great guardrails to get up-and-ru...
Webinar: Why use tokenization to secure ACH data?
In this conversation, Nacha and Basis Theory break down the new data security requirements defined by Nacha and how data tokenization can help you secure ACH data. A...
Changelog: June 2022
The Highlights Capture individual card data with separate fields using Elements Developers want more control over their user experience when collecting credit or deb...
Elements: A seamless way to capture, secure, and tokenize data
An application can only rise as high as the level of trust provided by its users. Keeping data safe and secure is one of the most important ways to do that, but tack...
Key insights: 3 Drivers and Benefits of Data Tokenization Platforms
Making data tokenization accessible Tokenization provides a simple way to secure and use sensitive data, but swapping the social security numbers sitting in your dat...
The big ideas in data compliance: An overview of the 12 PCI DSS requirements
In the early 2000s, the Payment Card Industry (PCI) introduced its Data Security Standard (PCI DSS). Today, the framework outlines 12 requirements that card-acceptin...
Data tokenization and encryption using Go
There are an estimated 1.1 million Go developers today, making Go one of the top 10 languages in the world. The 2021 StackOverflow Developer Survey shows it’s one of...
How to implement KYC using data tokenization
Know Your Customer (KYC) solution providers, like Alloy, help financial services and institutions verify a user’s identity by checking their Personally Identifiable ...
Why I Joined Basis Theory
I have had a front seat to the origins of companies that shaped the world we live in today. From Uber and Doordash changing the way we travel and eat to Peloton and ...
Shipping code quickly with confidence: Security Testing
Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...
Changelog: May 2022
The highlights Status Page Our new public Status Page provides developers a simple way to track the status of our API, Portal, and Elements. Check it out at https://...
Shipping code quickly with confidence: Load Testing
Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...