Does anyone know if building a custom payment form in an app will require us to follow PCI SAQ A-EP compliance?

PCI SAQ A

It depends how the form captures, transmits and processes card payment.

SAQ A-EP has many requirements.

A better strategy is to leverage Hosted Pay Page (HPP) solution and aim for SAQ A for your PCI Compliance effort.

PCI DSS requirements

The best (and cheapest) way to comply with PCI DSS is to get yourself out of the scope.

For start-up companies, using technologies such as Square, or Hosted Pay Page (HPP) solution is the most cost-effective way to achieve PCI Compliance.

,PCI DSS applies to merchants that process, store, and transmit card holder data (CHD.

) That is all the information needed to process a card payment.

Unless the u201cweb startupsu201d in question is a payment processing company like PayPal, the more efficient way is to transfer the risks of processing, storing, and transmitting to the bank.

You can achieve this by using the HPP solution provided by the bank, and save money.

PCI DSS compliance checklist

To actually implement these compliance standards - consider using a tool like http://tallyfy.

com- - which is entirely checklist based.

PCI DSS 12 requirements

Hola, I just made a PCI-DSS Video on how to become PCI compliance on AWS for financial services (fintech).

This video includes a React/Python web application stack, also describes the 12 requirements needed to become PCI compliance in a quick and lightweight fashion.

,PCI compliance on AWS architecture diagram:In this video, I describe a few things:,Architect your SaaS application with the AWS eligible services,Threat intelligence systems such as Wazuh, OSSEC, threatstacku2026,DevSecOps with Snyk, checkmark or Veracode.

,Firewalls, Amazon WAF, and Amazon Security Groups,Encrypt communication across services, containers, and servers.

,Password policies and Authentication keys for API/systems,Vulnerability assessment and Pen-test,Logging and audits with IAM roles and CLoudtrail,VPC and VPN protection,Antivirus software and anti-malware,I hope it gives value to your financial service application (Fintech), if you need help with this DevOps/AWS PCI-DSS compliance architecture, just ping us.

,Note: The video that I included above, is pointed to our blog, but that blog includes a video link explained on youtube.

,Saludos

PCI DSS requirements PDF

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors develop secure payment applications that support PCI DSS compliance.

PA-DSS was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications.

The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN.

In that process, the standard also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI DSS).

,In order to be alive in the business where any kind of card payment is required, the business need to be PA DSS & PCI DSS compliant.

,For detailed information please visit the following URLs:,Official PCI Security Standards Council Sitehttps://www.

pcisecuritystandards.

org/minisite/en/.

.

.

/PA-DSS_v3.

pdf,Thanks.