PCI-DSS Compliance
I'm building a product and the payment gateway demands that my app is PCI-DSS compliant, but most of the criteria for it seems to be server security oriented + networking.
If I use Railway for production, can I just say I'm PCI-DSS compliant?
Solution:Jump to solution
New reply sent from Help Station thread:
Hey there! The fact you are using Railway to host your application will not inherently make you PCI-DSS compliant. Using Railway could form a part of the wider framework in which you prove PCI-DSS compliance, but the company who owns the product which is required to be PCI-DSS compliant must follow all the steps outlined here in order to prove compliance: https://www.indeed.com/career-advice/career-development/how-to-get-pci-compliance-certification...
4 Replies
Please provide your project ID or reply with
N/A
. Thread will automatically be closed if no reply is received within 10 minutes. You can copy your project's id by pressing Ctrl/Cmd + K -> Copy Project ID.No project ID was provided. Closing thread.
N/A
Solution
New reply sent from Help Station thread:
Hey there! The fact you are using Railway to host your application will not inherently make you PCI-DSS compliant. Using Railway could form a part of the wider framework in which you prove PCI-DSS compliance, but the company who owns the product which is required to be PCI-DSS compliant must follow all the steps outlined here in order to prove compliance: https://www.indeed.com/career-advice/career-development/how-to-get-pci-compliance-certification Usually the minimum is quarterly security scans, which will vary based on your infrastructure, as well as a self-assessment questionnaire (SAQ) or report on compliance (ROC). If you are unclear on any of this, you should engage the services of a PCI Compliance Consultant to understand how you can meet the criteria within the specifics of your business.You're seeing this because this thread has been automatically linked to the Help Station thread.