How to Tokenize Bank Accounts Numbers

This blog series aims to make it easier to understand the new Automated Clearing House (ACH) security requirements for data at rest. Starting June 30, 2022, qualifying organizations are required to “protect deposit account information by rendering it unreadable when stored electronically.”

Why use tokenization?

We think tokenization is the ideal method to protect account information for four key reasons:

  1. Flexibility. Tokens can be easily passed between systems without each system needing logic to decrypt the data.
  2. Application. Anything that can be serialized, can be tokenized. This broadens its application to different types of data, like media. For example, encoded images, like scanned authorization forms, can be tokenized, detokenized and decoded when needed. 
  3. Ownership. Tokens provide continued access and control over the underlying data, but without the overhead. 
  4. Enablement. Once secured, bank account information can be transformed, aliased, fingerprinted, and more. These enable a variety of operational use cases, like customer support operations; cost-savings, like least cost routing; and new products, services, and partnerships. 

How to tokenize bank account numbers in three steps:

anatomy of a tokenized ACH bank account and routing number

Basis Theory offers developers a secure, PCI-compliant and SOC 2 certified token vault and platform that allows your organization to quickly secure your banking details with a single tokenization API call. 

Collecting bank account information

To collect this data from users seamlessly in your application, be sure to check out our guide on how to bank accounts with Basis Theory’s Elements. 

Using Atomic Banks

Basis Theory offers a dedicated bank token type, called an Atomic Bank. This token combines account number and routing number into a single Token. You may also store these separately, you can tokenize these data types individually

Creating an Atomic Bank

To create an Atomic Bank simply call our Atomic Bank API with the account number and routing number you’d like to store.

Here is an example of how you’d accomplish that:

Requesting a Token ID

Token IDs are your reference back to the underlying sensitive data secured within Basis Theory’s vault. You will store these references within your system, enabling you to retrieve the bank data back from Basis Theory whenever you need it.

Create an Atomic Bank using the below cURL command. Keep in mind we have language-specific SDKs for .NET, Node.js, and React (with more to come).

curl "" \\
  -H "X-API-KEY: <API Key>" \\
  -H "Content-Type: application/json" \\
  -X "POST" \\
  -d '{
    "bank": {
      "routing_number": "021000021",
      "account_number": "1234567890"

Receiving a Token ID

And, you’re done. You've now received an Atomic Bank that is fully compliant with Nacha’s new Security Compliance Requirements for ACH transactions.

In addition to securing your bank account details, we also automatically provide you with a masked value that is safe to store and display.

  "id": "1485efb9-6b1f-4248-a5d1-cf9b3907164c",
  "tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
  "type": "bank",
  "bank": {
    "routing_number": "021000021",
    "account_number": "XXXXXX7890" // this is the masked account number
   "created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
   "created_at": "2020-09-15T15:53:00+00:00"

Ready to get started?

Start complying in minutes, not weeks. Learn more about using Basis Theory, by checking out one of our “securing bank accounts” guides, or sending our API documentation to your developers.


Want product news and updates?

Receive the latest posts directly in your inbox.