Explore Start Paas

Payment data certifications: PCI DSS, SOC2, ISO27001

11. 12. 2024

SDK.finance’s transactional engine is designed to allow financial institutions and businesses to meet the regulatory requirements of different regions.

This flexibility ensures that solutions built on the SDK.finance Platform can comply with local regulations, though it remains the responsibility of the customer to achieve and maintain regulatory compliance.

PCI DSS compliance

SDK.finance is certified as a PCI DSS Level 1 Service Provider, the highest level of compliance under the Payment Card Industry Data Security Standard (PCI DSS). This certification specifically applies to SDK.finance’s software development and code storage practices, ensuring the secure development of software solutions that might process or interact with payment card data.

Although SDK.finance itself does not store, process, or transmit cardholder data—this responsibility lies with the customer—the PCI DSS compliance of SDK.finance provides customers with confidence that the Platform’s development practices adhere to the highest security standards.

Additionally, SDK.finance integrates with Marqeta, a PCI DSS Level 1-certified card-issuing provider, enabling customers to issue payment cards for their users while adhering to PCI DSS standards. Customers are also free to implement their own PCI DSS-compliant storage systems to handle payment card data securely, incorporating encryption and secure storage within their own databases.

SOC 2 compliance

SOC 2 (Service Organization Control Type 2) is a cybersecurity standard focused on safeguarding customer data. Since SDK.finance does not store or process user data—this responsibility rests with the customer—SOC 2 compliance may not directly apply to the Platform.

That said, SDK.finance is committed to security best practices and is working towards SOC 2 certification for our code storage and development processes, ensuring that our internal controls meet the highest security standards.

ISO 27001, a globally recognized standard for information security, ensures that organizations securely manage customer and employee data. While SDK.finance facilitates secure transaction processing, it does not store any user data. The responsibility for ISO 27001 compliance lies with our customers, who manage the databases where personal data is stored.

Nonetheless, SDK.finance is dedicated to obtaining ISO 27001 certification to further enhance its overall security framework and support our clients’ compliance efforts.