Basis Theory Launches One-Click PCI Compliance for Developers and Partners with Secureframe to Automate 95% of Compliance Effort

SAN FRANCISCO--(BUSINESS WIRE)--Basis Theory, the data security and compliance data tokenization platform that helps any company quickly collect, secure, and use sensitive information, has launched PCI Blueprint so developers can set up a PCI Level 1 compliant technology infrastructure in as little as five minutes with a simple integration. The company has also partnered with security and privacy compliance automation leader Secureframe to integrate Basis Theory with its platform for complete end-to-end automation of the PCI compliance process. Together, the two platforms eliminate 95% of the effort required for PCI Level 1 compliance.

Lately, most companies have relied on their payment service provider's (PSP) to compliantly store cardholder data. While helpful, this model locks in and constrains its customers to the capabilities of their PSP. Basis Theory's PCI Blueprint decouples a company from its PSP’s limitations without exposing its systems to PCI scope. By providing complete control over their cardholder data, developers may now unlock new processors, partnerships, and experiences.

PCI Blueprint packages the tools, patterns, and code developers already use today with the core products and services needed to obscure cardholder data from their systems. In less than 5 minutes, developers can set up a PCI compliant infrastructure that includes:

• Instant PCI Level 1 cardholder environment for managing and storing encrypted card data
• Modern UI components for collecting and revealing cardholder data
• A proxy service for sending and receiving tokenized or detokenized payloads with any processor or endpoint

“The increasing complexity and scope of PCI compliance requirements, and the highly prescriptive nature of PCI DSS 4.0, are necessitating a 'continuous compliance' posture with check-ins every month or quarter,” said Fabrice Mouret, CEO and cofounder of Prescient Assurance, a global top 20 independent audit and penetration testing company. “Using Secureframe and Basis Theory to automate technology and compliance infrastructure can reduce up to 95% of that effort so continuous compliance is feasible for any organization. It also empowers auditors like us to recommend a more aggressive oversight cadence because we can more quickly run through our rigorous testing and reporting procedures.”

For those looking to reduce the effort, cost, and time-to-compliance of their PCI Level 1 audits, Basis Theory’s PCI Blueprint and the integration with Secureframe will support developer teams and businesses on every stage of the PCI compliance journey. Their turnkey technology infrastructure and platform satisfies both audit and business requirements while its evidence support helps automate and maintain compliance so time-to-compliance is a snap.

“No developer gets excited about building a PCI compliant infrastructure, which is why most delegate it to external vaults controlled by payment service providers. PCI Blueprint puts that control back in the hands of the developer without the operational headaches and risk,” said Brandon Weber, CTO at Basis Theory. “Now they can spin up and work easily and securely with the data they own that needs to be PCI compliant, and have all of the compliance decisions and configurations handled entirely by Basis Theory.”

“Each stage of the process for achieving PCI compliance is very different. There’s the technology infrastructure, managing the compliance process, and then ensuring the auditor is equipped with the information they need to sign off,” said Shrav Mehta, CEO of Secureframe. “The goal of the Secureframe Trust API is to provide a fully connected, end-to-end solution for our customers, which is why we are excited for Basis Theory’s integration with our automated compliance platform to help our joint customers further streamline setting up and maintaining a compliant infrastructure.”

About Basis Theory

Basis Theory’s tokenization platform instantly delivers the same data security best practices and compliance postures used by today’s most admired privacy-conscious companies. Basis Theory's developer-first tokenization platform provides a simple API, native tools, and granular controls that secure sensitive data—like credit card data and PII—to unlock new products, insights, and partnerships. Customers use Basis Theory’s compliant infrastructure and expertise to meet or exceed compliance requirements, like PCI, GDPR, and HIPAA, without taking on the burdens of securing it themselves. Basis Theory is building from first-hand experience at Twilio, Klarna, and Dwolla and has raised over $17 million from top-tier investors, including Bessemer Venture Partners and Kindred Ventures. For more information, visit http://www.basistheory.com.