Skip to main content

Import Cards on File

Migrate credit card data to Basis Theory by extracting and tokenizing stored information from your current vendor, who can be a Payments Processor, Tokenization Provider, or any other party responsible for protecting your customer's card data.

This guide will walk you through the process and requirements for achieving it securely.

Understanding the Migration Process

Before starting the migration process it is important to gather a few pieces of information:

  • A member of the migration team should have an understanding of the existing payment integration
  • Identify the account owner and authorized signers at your organization for the vendor
  • Documentation or descriptions of the outputs from a data migration from your vendor
  • The requirements your vendor has for any party receiving card data

Initiating the Migration

Once you have a clear understanding of the migration process, it's time to initiate the actual migration from your vendor to Basis Theory.

1. Contacting the Vendor

To get started, you need to reach out to the account owners or authorized signers for the vendor, they hold the authority to initiate the process on your behalf. Depending on the vendor, there are different methods to initiate the migration, such as submitting a support ticket or sending a signed letter to a designated email address.

Some processors publicly document the data export process and provide guidelines to their customers. For those who don't, here is a template message the account owner can use:

from: John Doe <the_account_owner@mycompany.com>
to: Vendor Support <support@previousvendor.com>
cc: Basis Theory Support <support@basistheory.com>
subject: Request for Tokens Export

Dear { vendor } team,

I would like to proceed with a { full / partial } cards on file export.
My new provider (CC) is:

Basis Theory Inc.
203 Flamingo Road, Suite 350
Mill Valley, CA 94941
https://www.basistheory.com

  1. Timeline - we plan to complete the migration process by { target date }.
    Any guidance or support to expedite this request would be greatly appreciated.
  2. Data format - CSV is preferred

Regards,


Notice that by copying Basis Theory Support in the email makes the introduction between the parties. This important step guarantees that Basis Theory can take over when necessary.

2. Requirements from the Vendor

The vendor may have specific requirements that need to be fulfilled before exporting the data. They may ask the set of tokens to export in a partial migration, the merchant account, among other information.

For the receiving party (Basis Theory), the vendor may request the PGP Public Key from Basis Theory to establish a secure and encrypted channel for data transfer. You can find Basis Theory's PGP Public Key below:

It is also very common that at each migration the processor will request Basis Theory's latest PCI Attestation of Compliance (AOC), which your Basis Theory Account Manager can provide.

Basis Theory will support fulfilling any additional vendor requirements in the best way we can.

Results and Data Handling

Once Basis Theory receives and analyzes the encrypted file from the vendor, it is important to convey and agree on tokenization needs. Your Basis Theory Account Manager will reach out to discuss matters such as:

  • Fingerprinting and Deduplication
  • Token Format and Portability
  • Access Controls
  • PII and Metadata handling

After the requirements are gathered, Basis Theory will import the cards and share a result file with you. This file contains the new tokens created, paired with any previous references from the vendor, to facilitate data indexing and processing on your side.