Learn about sensitive authentication data (SAD), like CVV and CVC, how it works, and why you likely can’t store it.

Learn more about January's releases, improvements, and fixes.

Understanding PCI scope is the first step to reducing it. Get the basics and learn how to reduce scope by as much as 93%.

In this guide, we’ll review how card-on-file transactions work, examples of where they can be used, and benefits and drawbacks.

Everything you need to know about PCI DSS’ self-assessment questionnaires, Report on Compliance, an Attestation of Compliance.

Learn the core concepts, efforts, and trade-offs between building or buying a cardholder data environment (CDE).

Get a high-level overview of the effort and trade-offs required to build your own cardholder data environment (CDE).

Whether you’re looking to simply accept credit cards in-app or do something more complex, like split payments or multi-processor routing, understanding the level of ...

The Highlights New Year, New Documentation We’ve learned and changed a lot over the last year, but we realized our documentation hadn’t. Over the previous two years,...

What is a “Customized Approach”? Historically, PCI DSS has published a defined approach to implementing the required security controls. The standard outlined the com...

What is Formjacking? Also known as web skimming, e-skimming, or a magecart attack, formjacking is a technique that allows hackers to spy and capture sensitive data, ...

Find out when you must be compliant with PCI DSS 4 and which factors are most likely to impact your transition’s timeline.

Pseudonymization is one of several techniques by which an organization can remove this identifying information and operationalize data while providing both privacy a...

The Highlights Upgrades to Elements Collect data with Android and iOS Elements The new SDKs make it simple to collect Text data directly from Android and iOS mobile ...

While frustrating to many, it’s hard to argue the role PCI compliance has played in creating today’s digital economy. By outlining, defining, and enforcing standards...

Nacha, the governing and enforcement body for United State’s ACH network, recently issued rules requiring organizations to employ a combination of encryption and tok...

As our implementation with Auth0’s branding and styling grew more complex, our engineering team looked for a solution to simplify our implementation and accelerate o...

The Highlights Access Rules Engineers use, scope, and permission our Tokens in various ways. To allow for greater control over access to tokens, we built Access Rule...

The more control and access organizations have over their data, the faster they can ship, innovate, and react. But, because of the burdens that come with PCI, we’ve ...

Basis Theory’s Take Long story short: PCI compliance is exceptionally difficult to maintain if you want to use email to share any kind of PII. And doing so will requ...

When we started designing Basis Theory's vault, we knew the platform encryption posture would need to change to meet new security, compliance, and customer requireme...

Elements provide modern building blocks for collecting sensitive information in your UI, allowing developers to build immersive forms that match the look and feel of...

Did you know that the first 4-8 numbers on a payment card, known as the BIN (Bank Identification Number), actually have a specific meaning and purpose? In order to p...

A data tokenization platform supports zero trust architecture practices without losing your ability to interact with and use the tokenized data. For example, Basis T...

According to the Economic Times, India has the highest fintech adoption rate globally at 87%—13% higher than the global average. It’s also one of the fastest growing...

The Highlights Updating Elements with Refs To stay consistent with the current React trends, targeting Elements now uses Refs just like any other React element in a ...

With the right policies, strategies, and tools, your data remediation program can keep your sensitive data compliant, secure, and useful.

Every day, businesses accumulate more data to help drive their decisions and understand their market. That data is not only confidential to the business, but often c...

Leading up to our GA release in late April, we wondered what life would be like post-launch. Even if we felt we had the best platform, would others? After all, token...

The Highlights Token expiration Whether mandated by PCI or by your organization's internal data retention policies, developers need the ability to purge data automat...

Tokenization is only valuable to an organization if the tokens are useful. While cookie-cutter tokens with rigid properties provide great guardrails to get up-and-ru...

In this conversation, Nacha and Basis Theory break down the new data security requirements defined by Nacha and how data tokenization can help you secure ACH data. A...

The Highlights Capture individual card data with separate fields using Elements Developers want more control over their user experience when collecting credit or deb...

An application can only rise as high as the level of trust provided by its users. Keeping data safe and secure is one of the most important ways to do that, but tack...

Making data tokenization accessible Tokenization provides a simple way to secure and use sensitive data, but swapping the social security numbers sitting in your dat...

There are an estimated 1.1 million Go developers today, making Go one of the top 10 languages in the world. The 2021 StackOverflow Developer Survey shows it’s one of...

Know Your Customer (KYC) solution providers, like Alloy, help financial services and institutions verify a user’s identity by checking their Personally Identifiable ...

I have had a front seat to the origins of companies that shaped the world we live in today. From Uber and Doordash changing the way we travel and eat to Peloton and ...

Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...

The highlights Status Page Our new public Status Page provides developers a simple way to track the status of our API, Portal, and Elements. Check it out at https://...

Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...

At Basis Theory, we find “building in public” and open-source to provide some of the best feedback loops for our product. It’s why we’ve opened and shared our Azure ...

Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...

Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...

Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...

Every engineer wants to ship high-quality software systems, but the “how” isn’t always straightforward. To help, we designed a testing series, “Shipping code quickly...

Read this overview for more information on how to manage your Basis Theory resources using Terraform.

Do you need to share a password to your Netflix Amazon, Hulu, or Disney+ account with household members or roommates but don’t want this sensitive information in the...

Ruby on Rails built its reputation on its ease of use and simplicity. As an engineer, I look for ways to remove the complexity of encrypting and securing data within...

In 2011, Gabe Newell described software piracy “as a service problem.” His comment implied that until there was a better experience from a legitimate service, consum...