PCI compliance
It's no rocket science
Last updated
It's no rocket science
Last updated
The complexity around PCI compliance is often exaggerated, creating closed systems and walled gardens. This section aims to simplify the process of obtaining PCI compliance and includes a project tracker, documentation templates & automation scripts
The current payment networks are built on a chain of trust between banks, card networks, payment processors and merchants. And the result is that "everyone needs to take responsibility" for secure handling of card information.
PCI compliance is not determined not enforced by any Government body. It is a set of standards created by the Payment Card Industry Security Standards Council.
Payment Card Industry Security Standards Council (PCI-SSC), was an independent body created by the card networks in 2006. The independent body publishes and manages PCI security standards. However, the enforcement of these standards falls to the card networks and payment processors.
We have open sourced our PCI certified card vault application code along with the deployment scripts which you can self-host. By the time you complete this guide, you will be running a PCI complaint card vault on your server and also be ready to get PCI certification.
Understand PCI compliance requirements with respect to your application and complete the Self Assessment Questionnaire to obtain PCI compliance:
Completing the SAQ
A simplified recipe to fast track obtaining PCI compliance. This includes a project tracker, documentation templates and automation scripts
