Payment data certifications: PCI DSS, SOC2, ISO27001
SDK.finance’s transactional engine is designed to allow financial institutions and businesses to meet the regulatory requirements of different regions.
This flexibility ensures that solutions built on the SDK.finance Platform can comply with local regulations, though it remains the responsibility of the customer to achieve and maintain regulatory compliance.
ISO 27001, a globally recognized standard for information security, ensures that organizations securely manage customer and employee data. While SDK.finance facilitates secure transaction processing, it does not store any user data. The responsibility for ISO 27001 compliance lies with our customers, who manage the databases where personal data is stored.
Nonetheless, SDK.finance is dedicated to obtaining ISO 27001 certification to further enhance its overall security framework and support our clients’ compliance efforts.
PCI DSS compliance
PCI DSS (Payment Card Industry Data Security Standard) focuses on securing cardholder data during payment transactions. With SDK.finance, the primary databases are hosted and managed on the customer’s side, meaning SDK.finance does not retain user or cardholder information. As such, PCI DSS regulations do not directly apply to the platform itself.
However, SDK.finance integrates with Marqeta, a PCI DSS Level 1-certified card-issuing provider, enabling customers to issue payment cards for their users while adhering to PCI DSS standards. Customers are also free to implement their own PCI DSS-compliant storage systems to handle payment card data securely, incorporating encryption and secure storage within their own databases.
SDK.finance is also actively pursuing PCI DSS certification for its code storage and development practices to further enhance security for our clients.
SOC 2 compliance
SOC 2 (Service Organization Control Type 2) is a cybersecurity standard focused on safeguarding customer data. Since SDK.finance does not store or process user data—this responsibility rests with the customer—SOC 2 compliance may not directly apply to the Platform.
That said, SDK.finance is committed to security best practices and is working towards SOC 2 certification for our code storage and development processes, ensuring that our internal controls meet the highest security standards.