Explore

Routable x Basis

Overview

Routable aims to improve various aspects of its platform with direct access to its customers’ and vendors’ bank accounts. Here, Basis presents solutions to several key workflows in the Routable platform and addresses initial questions presented about Basis’ security stance as a potential vendor to Routable.

Solutions

1) Direct Debit Solution

Goal

Power instant payments of payables from the Routable platform.

Requirements

Confidence that the originating bank account has the requisite funds;

A stable connection to the originating bank account that does not require re-authentication; and

Frequent updates of the bank balance

Solution

Basis delivers daily account balances across all accounts and banks, so that an up-to-date balance is available at the start of each day.

Basis’ Managed Connections product enables indefinite connection lifetime, so the Routable customer never has to re-authenticate – especially when initiating a payment.

2) Vendor Compliance Solution

Goal

Reduce fraud and increase payment confidence by validating that accounts are owned by the vendors listed on the Routable platform.

Requirements

Matching business name and user names to the vendor data in Routable; and

Providing authenticated payment credentials for ACH transactions.

Solution

Basis delivers business name and address as well as user information from the bank account.

Basis delivers validated ACH payment credentials.

3) Future Product Expansion

Goal

Provide valuable data for Routable to expand service offerings, including payment reconciliation.

Opportunities

Power reconciliation with detailed bank transaction history

Power underwriting with off-the-shelf financial reports, including a Profit & Loss statement

Power Routable product development and marketing with counterparty reports

Security

Routable Request

Basis Response

SOC 1 Type 1 & 2

Auditors believe this is out of scope for the Basis product. The main purpose of a SOC 1 is to ensure accuracy of information impacting their clients’ financial statements.

SOC 2 Type 1 (scope should include majority of trust principles)

Trust Princples: Security, Availability, Confidentiality Type 1 Audit Report Completion: Dec 31, 2024

SOC 2 Type 2 (scope should include majority of trust principles)

Security, Availability, Confidentiality Type 2 Audit Window Completion: February 18, 2024

Confirmation on Single Tenant vs Multi tenant

Multi-tenant

Indemnification Amounts in MSA

Aggregate fees paid or payable to Basis in the 6-month period prior to when the claim first arose (more details in MSA).

Copy of Insurance Coverage

Can provide

Copy of Pentest Report

Can provide

Copy of Uptime SLA

Can provide

Confirmation of plans for implementing SSO

Given the nature of our product as an API, we have no plans to support SSO.

Documentation of granular permissions currently available for users

Permissions are granted to clients using a standard API key scheme.

Documentation on how to set strict password enforcement and that MFA is strictly enforced

Permissions are granted to clients using a standard API key scheme.

Maintenance windows and maintenance process documentation

Basis does not have regularly scheduled maintenance windows. Maintenance is performed in internal environments and is deployed to production environments without no maintenance window required.

There are no rows in this table

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.