Whether you're a merchant looking to cut down on payment service fees, a startup aiming to provide solutions to an underserved region, or an online business battling...

What are Payment Analytics? Payment analytics are actionable trends organizations can identify and use to tune and accelerate their business growth. In today’s numbe...

We've been working hard this spring to provide more control, flexibility, and security to improve your data management and user experience. Our latest updates includ...

Introduction When migrating credit card data from a payment service provider (PSP) to Basis Theory, you would extract all stored card data and personally identifiabl...

What is Payment Automation? When we think about payment automation, the temptation is to think only about inbound payment - revenue, in other words. And, indeed, mak...

In today’s payment landscape, the emergence of new technologies gives consumers more payment options than ever before. As a merchant, it’s vital to accept the forms ...

Merchants have access to a wealth of data points to gauge the health and success of their business. From customer acquisition cost to profit margin, the array of ava...

One of the most exciting parts of working at Basis Theory is encountering the various unique scenarios and alternative use cases that our customers envision. While s...

Merchants who build any kind of payment system must manage payments securely for a range of reasons.

PCI-DSS is a detailed and complex security standard that any entity involved in credit card payments must adhere to. Broadly speaking, its purpose is to ensure that ...

When a payment is ready to be processed, most merchants cannot simply send it to the card network - instead they must work with a Payment Service Provider (PSP). The...

PCI-DSS (Payment Card Industry Data Security Standard) is an information security standard that must be adhered to by any organization whose involvement in the proce...

Modern consumers often prefer to transact business digitally, but there are still times when they would rather speak to a live person. For many vendors this raises t...

We are thrilled to share some of the key updates we've made to our platform during the month of March.

Clients that have experienced claims typically have a greater appreciation of how catastrophic and frustrating a claim can be without strong risk management partners...

Recently, I had the pleasure of joining Caleb Avery, CEO of Tilled, on a webinar to discuss the current state of payments and data ownership. Tilled is one of our am...

A card network token is a string of random numbers that is used to retrieve the real Primary Account Number (PAN) from a token value, where it is securely stored to ...

We frequently mention that security is in our DNA, and we mean it.

Why test credit and debit card transactions? When you build a payment transaction system, it’s important to ensure that it is working properly.

Payment network tokenization is a process of replacing sensitive payment information, such as a credit card number, with a unique identifier or token that can be use...

The Payment Card Industry Data Security Standard (PCI DSS) is the global standard for ensuring the secure handling of credit card data. It’s designed to protect card...

We launched Basis Theory Elements late last year to provide developers and designers a fast, dynamic, and secure option to seamlessly collect information from within...

After the numerous improvements the team released in January, we spent February heads down on a few initiatives to make progress toward developing a more complete pl...

In this Secureframe webinar, we discuss how tokenization and automation can eliminate 95% of the time and effort involved with PCI compliance.

In short, a third-party tokenization service provider provides services for creating, storing, and managing tokens to improve data security.

Today’s digital landscape can be hazardous for online vendors seeking to provide simple, yet fully secure, payments. Perhaps the trickiest element of securing online...

Payment service providers (PSPs) play a critical role in ensuring smooth and secure payment processing for a variety of merchants but they can pose a significant ris...

Encryption and tokenization are complementary strategic tools used by systems that need to protect sensitive information, especially in the realm of secure payments ...

Cascading payments can be part of an intelligent payment routing strategy. In this post, we break down the details and discuss how they can influence your success ra...

Learn about sensitive authentication data (SAD), like CVV and CVC, how it works, and why you likely can’t store it.

Learn more about January's releases, improvements, and fixes.

Understanding PCI scope is the first step to reducing it. Get the basics and learn how to reduce scope by as much as 93%.

In this guide, we’ll review how card-on-file transactions work, examples of where they can be used, and benefits and drawbacks.

Everything you need to know about PCI DSS’ self-assessment questionnaires, Report on Compliance, an Attestation of Compliance.

Learn the core concepts, efforts, and trade-offs between building or buying a cardholder data environment (CDE).

Get a high-level overview of the effort and trade-offs required to build your own cardholder data environment (CDE).

Whether you’re looking to simply accept credit cards in-app or do something more complex, like split payments or multi-processor routing, understanding the level of ...

In the last couple of years, new and emerging business models, requirements, and workflows have forced companies to seek new ways to leverage this sensitive data mor...

The Highlights New Year, New Documentation We’ve learned and changed a lot over the last year, but we realized our documentation hadn’t. Over the previous two years,...

What is a “Customized Approach”? Historically, PCI DSS has published a defined approach to implementing the required security controls. The standard outlined the com...

What is Formjacking? Also known as web skimming, e-skimming, or a magecart attack, formjacking is a technique that allows hackers to spy and capture sensitive data, ...

Find out when you must be compliant with PCI DSS 4 and which factors are most likely to impact your transition’s timeline.

Pseudonymization is one of several techniques by which an organization can remove this identifying information and operationalize data while providing both privacy a...

The Highlights Upgrades to Elements Collect data with Android and iOS Elements The new SDKs make it simple to collect Text data directly from Android and iOS mobile ...

While frustrating to many, it’s hard to argue the role PCI compliance has played in creating today’s digital economy. By outlining, defining, and enforcing standards...

Nacha, the governing and enforcement body for United State’s ACH network, recently issued rules requiring organizations to employ a combination of encryption and tok...

As our implementation with Auth0’s branding and styling grew more complex, our engineering team looked for a solution to simplify our implementation and accelerate o...

The Highlights Access Rules Engineers use, scope, and permission our Tokens in various ways. To allow for greater control over access to tokens, we built Access Rule...

The more control and access organizations have over their data, the faster they can ship, innovate, and react. But, because of the burdens that come with PCI, we’ve ...

Basis Theory’s Take Long story short: PCI compliance is exceptionally difficult to maintain if you want to use email to share any kind of PII. And doing so will requ...