How Basis Theory Achieved PCI Compliance With Zero Issues or Delays

Basis Theory provides secured storage, encryption and tokenization of data.

“The platform helped streamline all aspects of getting PCI compliant. Plus, we received amazing support from Secureframe’s in-house compliance experts. Getting PCI compliant was a breeze, and anyone considering PCI should definitely consider Secureframe.” - Matthew Trisoline, Senior Platform Engineer, Basis Theory

Highlights

Challenges

  • Couldn’t bring on first payments customers without achieving PCI compliance.
  • Payment and cardholder data required PCI compliance.
  • Feeling stressed by huge lift required to achieve compliance with small team.
  • Searching for the right expert to make the process as seamless as possible.

Solutions

Secureframe provided Basis Theory with:

  • Ability to achieve PCI compliance in one simple-to-use platform. 
  • Easy-to-follow checklist approach to completing PCI compliance tasks with small team.
  • End-to-end white glove service from dedicated customer success and compliance team via Shared Slack Channel and check-in calls to make the compliance process easy. 
  • Support during the audit process itself to facilitate auditor questions.

Results

  • Received PCI certification within a few months with zero issues or delays.
  • Saved hundreds of hours of engineering resources and time and did not need to bring on additional security hires.
  • Formally launched company and product, and started selling to first customers.
  • Created trust in customers and top tier investors for future growth of company.
  • Gained confidence in ability to protect payment and cardholder data in regulated industry.

Challenges

Needing PCI compliance to formally launch product to the public, but stressed about first-time process with small team

Basis Theory, a global tokenization platform, was geering up to launch their company to the public. One of their use cases was tokenizing payment and cardholder data. However, in order to work with this data, Basis Theory had to become PCI compliant.

Unfortunately, the process to become PCI compliant can be long and complex without the right support, so Basis Theory sought out experts to make the process as seamless as possible. 

quote-icon

“Compliance is a big risk for any organization. There’s many steps involved. Given achieving PCI compliance was integral to us launching our product, we couldn’t afford to not get it right. Having some guidance was essential.” - Matthew Trisoline, Senior Platform Engineer, Basis Theory

The Basis Theory team looked at multiple software solutions that would make achieving compliance quick and easy. They wanted to make sure that not only would the platform help streamline most of the steps, but that they would also get the right level of support.

quote-icon

“I’ve been through multiple compliance frameworks before at my previous companies such as SOC 2, HIPAA, and PCI. But given this was my first time doing PCI from scratch and that I would take on the burden of helping my company get compliant, I wanted to make sure I’d get as much guidance as possible to minimize delays.”

Solutions

Secureframe’s easy-to-use platform and hands-on support from compliance experts set them apart from competitors and enabled quick and seamless PCI compliance

The CEO had demos scheduled with multiple companies. After completing the demos, the Basis Theory team felt that Secureframe’s product would help streamline the process more and help them stay better organized. Plus, Secureframe had compliance experts with previous PCI experience who would hold the team’s hand every step of the way.

quote-icon

“With Secureframe, I felt like the platform was really robust and that I would get the extra level of attention and customer support I was looking for. Having a dedicated resource who could provide clarifications, guidance, and feedback made sure I wouldn’t be wasting my time or my engineers’ time with unnecessary work.”

Once onboarded, Secureframe created a thorough checklist of all the required steps and documentation needed to get PCI compliant and create a more secure environment for handling payment and cardholder data. 

Plus, Secureframe provided an open channel of communication throughout the readiness phase through Shared Slack Channels and regular check-ins to help with any questions or concerns.

quote-icon

“Working with Secureframe’s compliance experts was great. Their expertise and knowledge really shined through. Being able to have someone to go to for any questions, get a gut check, and get a continuous feedback loop was really helpful. It made all the technical and administrative aspects of getting PCI compliant a lot simpler. I appreciated that I didn’t have to worry or think about things. I knew Secureframe’s team would be there.”

Secureframe was able to help get this company audit ready within just a couple of months, with zero issues or delays. But the support didn’t stop for this company. During the audit itself, Secureframe’s compliance team helped answer any auditor questions and advocated on behalf of the company.  

quote-icon

“It was clear that Secureframe had a great relationship with their auditor partners. Any time our auditor had a question, Secureframe’s team was there, helped clear up any potential issues, and streamlined the entire audit process. It created a lot of peace of mind for me to know I wasn’t alone.”

With Secureframe’s deep expertise, support and guidance, Basis Theory was able to get their PCI Certification within 3 months, easily a few months faster than had Basis Theory attempted to achieve compliance by themselves.

quote-icon

“We wouldn’t have become PCI compliant nearly as quickly or as efficiently without Secureframe. The team made sure we had all our ducks in a row, and we were very well-prepared going into the audit.”

Results

PCI Certification achieved with zero delays, hundreds of hours saved, and product launched to the public for first customers

Basis Theory was able to get PCI certified with zero delays or issues. Plus, Secureframe’s platform helped save the team hundreds of hours of time and resources. With the help of the platform, the team didn’t feel like they had to bring on any additional support or security hires, and could handle all of the work in-house. 

quote-icon

“The Secureframe platform helped tone down the need for a security analyst. It gave me and my team one place to do all of our compliance work. What was great was I was able to bring my junior engineers into the platform and they were able to easily digest everything. The ease of use easily saved us hundreds of hours of time and resources.”

Secureframe also helped Basis Theory formally launch their product to the public. Given the nature of the work they do, Basis Theory could not launch without becoming PCI compliant. The team wanted to make sure they had all the necessary controls in place to protect payment and cardholder data. With their PCI certification in hand, the team felt confident about their ability to protect data.

quote-icon

“We could not go live without getting PCI compliant. But the Secureframe team ensured we didn’t miss any of our deadlines. We were able to launch exactly as planned, which was a huge weight off of my shoulders.”

Finally, getting PCI compliant helped increase both consumer confidence as well as attract top tier investors for Basis Theory. 

quote-icon

“Given we’re a young company, having our PCI certification shows our customers that we’re serious about keeping data secure.

With their PCI certification in hand and Secureframe continuously monitoring their state of compliance for the future, Basis Theory can focus on growing their business for the long run without worrying about falling out of compliance in the short or long term. 

quote-icon

“The platform helped streamline all aspects of getting PCI compliant. Plus, we received amazing support from Secureframe’s in-house compliance experts. Getting PCI compliant was a breeze, and anyone considering PCI should definitely consider Secureframe.” - Matthew Trisoline, Senior Platform Engineer, Basis Theory

Want to become secure and compliant at lightning speed and with no stress?

Secureframe can help.