Clients that have experienced claims typically have a greater appreciation of how catastrophic and frustrating a claim can be without strong risk management partners...

Recently, I had the pleasure of joining Caleb Avery, CEO of Tilled, on a webinar to discuss the current state of payments and data ownership. Tilled is one of our am...

A card network token is a string of random numbers that is used to retrieve the real Primary Account Number (PAN) from a token value, where it is securely stored to ...

We frequently mention that security is in our DNA, and we mean it.

Why test credit and debit card transactions? When you build a payment transaction system, it’s important to ensure that it is working properly.

Payment network tokenization is a process of replacing sensitive payment information, such as a credit card number, with a unique identifier or token that can be use...

The Payment Card Industry Data Security Standard (PCI DSS) is the global standard for ensuring the secure handling of credit card data. It’s designed to protect card...

We launched Basis Theory Elements late last year to provide developers and designers a fast, dynamic, and secure option to seamlessly collect information from within...

After the numerous improvements the team released in January, we spent February heads down on a few initiatives to make progress toward developing a more complete pl...

In this Secureframe webinar, we discuss how tokenization and automation can eliminate 95% of the time and effort involved with PCI compliance.

In short, a third-party tokenization service provider provides services for creating, storing, and managing tokens to improve data security.

Today’s digital landscape can be hazardous for online vendors seeking to provide simple, yet fully secure, payments. Perhaps the trickiest element of securing online...

Payment service providers (PSPs) play a critical role in ensuring smooth and secure payment processing for a variety of merchants but they can pose a significant ris...

Encryption and tokenization are complementary strategic tools used by systems that need to protect sensitive information, especially in the realm of secure payments ...

Cascading payments can be part of an intelligent payment routing strategy. In this post, we break down the details and discuss how they can influence your success ra...

Learn about sensitive authentication data (SAD), like CVV and CVC, how it works, and why you likely can’t store it.

Learn more about January's releases, improvements, and fixes.

Understanding PCI scope is the first step to reducing it. Get the basics and learn how to reduce scope by as much as 93%.

In this guide, we’ll review how card-on-file transactions work, examples of where they can be used, and benefits and drawbacks.

Everything you need to know about PCI DSS’ self-assessment questionnaires, Report on Compliance, an Attestation of Compliance.

Learn the core concepts, efforts, and trade-offs between building or buying a cardholder data environment (CDE).

Get a high-level overview of the effort and trade-offs required to build your own cardholder data environment (CDE).

Whether you’re looking to simply accept credit cards in-app or do something more complex, like split payments or multi-processor routing, understanding the level of ...

In the last couple of years, new and emerging business models, requirements, and workflows have forced companies to seek new ways to leverage this sensitive data mor...

The Highlights New Year, New Documentation We’ve learned and changed a lot over the last year, but we realized our documentation hadn’t. Over the previous two years,...

What is a “Customized Approach”? Historically, PCI DSS has published a defined approach to implementing the required security controls. The standard outlined the com...

What is Formjacking? Also known as web skimming, e-skimming, or a magecart attack, formjacking is a technique that allows hackers to spy and capture sensitive data, ...

Find out when you must be compliant with PCI DSS 4 and which factors are most likely to impact your transition’s timeline.

Pseudonymization is one of several techniques by which an organization can remove this identifying information and operationalize data while providing both privacy a...

The Highlights Upgrades to Elements Collect data with Android and iOS Elements The new SDKs make it simple to collect Text data directly from Android and iOS mobile ...

While frustrating to many, it’s hard to argue the role PCI compliance has played in creating today’s digital economy. By outlining, defining, and enforcing standards...

Nacha, the governing and enforcement body for United State’s ACH network, recently issued rules requiring organizations to employ a combination of encryption and tok...

As our implementation with Auth0’s branding and styling grew more complex, our engineering team looked for a solution to simplify our implementation and accelerate o...

The Highlights Access Rules Engineers use, scope, and permission our Tokens in various ways. To allow for greater control over access to tokens, we built Access Rule...

What is data masking? Data masking is the process of hiding elements of an original value, while still keeping enough context for the string to make sense to the use...

The more control and access organizations have over their data, the faster they can ship, innovate, and react. But, because of the burdens that come with PCI, we’ve ...

Basis Theory’s Take Long story short: PCI compliance is exceptionally difficult to maintain if you want to use email to share any kind of PII. And doing so will requ...

When we started designing Basis Theory's vault, we knew the platform encryption posture would need to change to meet new security, compliance, and customer requireme...

Elements provide modern building blocks for collecting sensitive information in your UI, allowing developers to build immersive forms that match the look and feel of...

Did you know that the first 4-8 numbers on a payment card, known as the BIN (Bank Identification Number), actually have a specific meaning and purpose? In order to p...

A data tokenization platform supports zero trust architecture practices without losing your ability to interact with and use the tokenized data. For example, Basis T...

According to the Economic Times, India has the highest fintech adoption rate globally at 87%—13% higher than the global average. It’s also one of the fastest growing...

The Highlights Updating Elements with Refs To stay consistent with the current React trends, targeting Elements now uses Refs just like any other React element in a ...

With the right policies, strategies, and tools, your data remediation program can keep your sensitive data compliant, secure, and useful.

Every day, businesses accumulate more data to help drive their decisions and understand their market. That data is not only confidential to the business, but often c...

Leading up to our GA release in late April, we wondered what life would be like post-launch. Even if we felt we had the best platform, would others? After all, token...

The Highlights Token expiration Whether mandated by PCI or by your organization's internal data retention policies, developers need the ability to purge data automat...

Tokenization is only valuable to an organization if the tokens are useful. While cookie-cutter tokens with rigid properties provide great guardrails to get up-and-ru...

In this conversation, Nacha and Basis Theory break down the new data security requirements defined by Nacha and how data tokenization can help you secure ACH data. A...

The Highlights Capture individual card data with separate fields using Elements Developers want more control over their user experience when collecting credit or deb...