1

This is probably not the correct place to put this but, its a start.

We have a payment processor that has an API we want to integrate with in a couple of our applications. They are PCI certified and in order for us to use their API we must be compliant as well. We do not wish to store card data, only the transaction amounts, confirmations and dates of payments for our customers. Also we will have our own UI payment form. We want to use a cloud service such as Azure AppServices that are PCI DSS compliant.

If we host our payment service as such, what kind of compliance do we need?

chdev77
  • 505
  • 4
  • 18
  • This is a better question for your legal department. As for Azure itself, there's an entire [Trust Center](https://azure.microsoft.com/en-us/support/trust-center/) that documents all certifications and compliance. That said... this question is off-topic for StackOverflow. – David Makogon Dec 19 '16 at 23:06
  • I'm voting to close this question as off-topic because this is a legal/compliance question, not a programming question. – David Makogon Dec 19 '16 at 23:06
  • Will your processing be 100% card not present (ie - online) or will you have any terminals in house where staff can run card present transactions? This link will get you closer - [https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf?agreement=true&time=1482247504230](https://www.pcisecuritystandards.org/documents/Understanding_SAQs_PCI_DSS_v3.pdf?agreement=true&time=1482247504230) – 0708 Dec 20 '16 at 15:24

0 Answers0