From 5f2a24b4ba5607b36bc998af000c5c6c3894cf53 Mon Sep 17 00:00:00 2001 From: Sean Lane <5761232+seanlane@users.noreply.github.com> Date: Wed, 28 Aug 2024 15:22:39 -0600 Subject: [PATCH 1/4] Update README.md Fix a typo --- hyperswitch-open-source/going-live/pci-compliance/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hyperswitch-open-source/going-live/pci-compliance/README.md b/hyperswitch-open-source/going-live/pci-compliance/README.md index f45d50b..f91c418 100644 --- a/hyperswitch-open-source/going-live/pci-compliance/README.md +++ b/hyperswitch-open-source/going-live/pci-compliance/README.md @@ -1,5 +1,5 @@ --- -description: It's no rocket science +description: It's not rocket science --- # 🏛 PCI compliance From 8a67cf47135deab127ba48ff6288eefec8cde4cf Mon Sep 17 00:00:00 2001 From: Sean Lane <5761232+seanlane@users.noreply.github.com> Date: Wed, 28 Aug 2024 15:26:02 -0600 Subject: [PATCH 2/4] Update README.md Fix a different typo --- hyperswitch-open-source/going-live/pci-compliance/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hyperswitch-open-source/going-live/pci-compliance/README.md b/hyperswitch-open-source/going-live/pci-compliance/README.md index f91c418..bae3586 100644 --- a/hyperswitch-open-source/going-live/pci-compliance/README.md +++ b/hyperswitch-open-source/going-live/pci-compliance/README.md @@ -14,7 +14,7 @@ The complexity around PCI compliance is often exaggerated, creating closed syste The current payment networks are built on a chain of trust between banks, card networks, payment processors and merchants. And the result is that _"everyone needs to take responsibility"_ for secure handling of card information. -> PCI compliance is not determined not enforced by any Government body. It is a set of standards created by the Payment Card Industry Security Standards Council. +> PCI compliance is not determined nor enforced by any Government body. It is a set of standards created by the Payment Card Industry Security Standards Council. Payment Card Industry Security Standards Council (PCI-SSC), was an independent body created by the card networks in 2006. The independent body publishes and manages PCI security standards. However, the enforcement of these standards falls to the card networks and payment processors. From 4878628f3f83d264406b567edaed63df13581a18 Mon Sep 17 00:00:00 2001 From: Sean Lane <5761232+seanlane@users.noreply.github.com> Date: Wed, 28 Aug 2024 15:28:40 -0600 Subject: [PATCH 3/4] Remove extra space in open source PCI ReadMe --- hyperswitch-open-source/going-live/pci-compliance/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hyperswitch-open-source/going-live/pci-compliance/README.md b/hyperswitch-open-source/going-live/pci-compliance/README.md index bae3586..c83bd37 100644 --- a/hyperswitch-open-source/going-live/pci-compliance/README.md +++ b/hyperswitch-open-source/going-live/pci-compliance/README.md @@ -18,7 +18,7 @@ The current payment networks are built on a chain of trust between banks, card n Payment Card Industry Security Standards Council (PCI-SSC), was an independent body created by the card networks in 2006. The independent body publishes and manages PCI security standards. However, the enforcement of these standards falls to the card networks and payment processors. -We have open sourced our PCI certified card vault application code along with the deployment scripts which you can self-host. By the time you complete this guide, you will be running a PCI complaint card vault on your server and also be ready to get PCI certification. +We have open sourced our PCI certified card vault application code along with the deployment scripts which you can self-host. By the time you complete this guide, you will be running a PCI complaint card vault on your server and also be ready to get PCI certification. {% embed url="https://docs.google.com/presentation/d/1inTRp-yvIUjiIuo1f-FBFd1zbUq5IxIbUMzEYpAAUNI/edit?usp=sharing" fullWidth="false" %} From 07b51f8a796d7e25954f6de51a265ca522d85331 Mon Sep 17 00:00:00 2001 From: Sean Lane Date: Wed, 28 Aug 2024 15:36:33 -0600 Subject: [PATCH 4/4] Fix more typos around rocket science comparison --- SUMMARY.md | 2 +- hyperswitch-open-source/going-live/README.md | 2 +- hyperswitch-open-source/going-live/pci-compliance/README.md | 2 +- .../{its-no-rocket-science.md => its-not-rocket-science.md} | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) rename hyperswitch-open-source/going-live/pci-compliance/{its-no-rocket-science.md => its-not-rocket-science.md} (99%) diff --git a/SUMMARY.md b/SUMMARY.md index 6df037c..01baf77 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -192,7 +192,7 @@ * [🚀 Going live](hyperswitch-open-source/going-live/README.md) * [👀 Monitoring](hyperswitch-open-source/going-live/monitoring.md) * [🏛️ PCI compliance](hyperswitch-open-source/going-live/pci-compliance/README.md) - * [🍰 It's no rocket science](hyperswitch-open-source/going-live/pci-compliance/its-no-rocket-science.md) + * [🍰 It's not rocket science](hyperswitch-open-source/going-live/pci-compliance/its-not-rocket-science.md) * [🗒️ Completing the SAQ](hyperswitch-open-source/going-live/pci-compliance/completing-the-saq.md) * [🔐 Data Security](hyperswitch-open-source/going-live/security.md) * [♻️ Updates](hyperswitch-open-source/going-live/updates.md) diff --git a/hyperswitch-open-source/going-live/README.md b/hyperswitch-open-source/going-live/README.md index d317731..babb238 100644 --- a/hyperswitch-open-source/going-live/README.md +++ b/hyperswitch-open-source/going-live/README.md @@ -14,7 +14,7 @@ This chapter will give you an overview of everything you would need for going li In order to user Hyperswitch for accepting digital payments through a consumer facing website or mobile application there are three main prerequisites -
Resources
  • Account with cloud service provider (AWS/ GCP) to host Hyperswitch application
  • Contractual relationship and active processing account with payment processor or acquirer (this will be in the form of API keys or merchant identifier)
Technical Know How
  • For deploying and managing application using Kubernetes
  • Handling a Web application written in Rust using Postgres (primary datastore), Redis (distributed key-value store for cached lookups), Prometheus/Grafana (monitoring), S3/CDN (serving static files)
Ensuring Compliance

Refer here to find out which level of PCI compliance applies to your business.

  • Report on Compliance (ROC): Engage an independent third-party Qualified Security Assessor (QSA) certified by the PCI-SSC to perform the PCI audit and share the findings. The ROC will be prepared by the QSA at the end of the PCI compliance activity. This is required only if your online business processes greater than 1 million card transactions per annum.
  • Quarterly Network scans: Engage an Approved Scanning Vendor for conducting quarterly network scans and submitting the scan reports to the payment processor/ acquirer
  • Self Assessment Questionnaire (SAQ): This is an assessment which can be self-completed by a business without engaging an Independent PCI Auditor, if your business processes less than 1 million card transactions per annum. A person responsible for the payment infrastructure within your organization fills out the SAQ. This could be the stakeholder who is the closest to your payment infrastructure - your Dev Ops Manager, or Information Security Officer, or CTO.
+
Resources
  • Account with cloud service provider (AWS/ GCP) to host Hyperswitch application
  • Contractual relationship and active processing account with payment processor or acquirer (this will be in the form of API keys or merchant identifier)
Technical Know How
  • For deploying and managing application using Kubernetes
  • Handling a Web application written in Rust using Postgres (primary datastore), Redis (distributed key-value store for cached lookups), Prometheus/Grafana (monitoring), S3/CDN (serving static files)
Ensuring Compliance

Refer here to find out which level of PCI compliance applies to your business.

  • Report on Compliance (ROC): Engage an independent third-party Qualified Security Assessor (QSA) certified by the PCI-SSC to perform the PCI audit and share the findings. The ROC will be prepared by the QSA at the end of the PCI compliance activity. This is required only if your online business processes greater than 1 million card transactions per annum.
  • Quarterly Network scans: Engage an Approved Scanning Vendor for conducting quarterly network scans and submitting the scan reports to the payment processor/ acquirer
  • Self Assessment Questionnaire (SAQ): This is an assessment which can be self-completed by a business without engaging an Independent PCI Auditor, if your business processes less than 1 million card transactions per annum. A person responsible for the payment infrastructure within your organization fills out the SAQ. This could be the stakeholder who is the closest to your payment infrastructure - your Dev Ops Manager, or Information Security Officer, or CTO.
## Go live checklist: diff --git a/hyperswitch-open-source/going-live/pci-compliance/README.md b/hyperswitch-open-source/going-live/pci-compliance/README.md index c83bd37..d0c869c 100644 --- a/hyperswitch-open-source/going-live/pci-compliance/README.md +++ b/hyperswitch-open-source/going-live/pci-compliance/README.md @@ -24,4 +24,4 @@ We have open sourced our PCI certified card vault application code along with th Understand PCI compliance requirements with respect to your application and complete the Self Assessment Questionnaire to obtain PCI compliance: -
Understanding PCI compliance requirementsUnderstand PCI compliance requirements with respect to your application and transaction volumesits-no-rocket-science.mdUntitled design (14).jpg
Completing the SAQA simplified recipe to fast track obtaining PCI compliance. This includes a project tracker, documentation templates and automation scripts Untitled design (15).jpg
+
Understanding PCI compliance requirementsUnderstand PCI compliance requirements with respect to your application and transaction volumesits-not-rocket-science.mdUntitled design (14).jpg
Completing the SAQA simplified recipe to fast track obtaining PCI compliance. This includes a project tracker, documentation templates and automation scripts Untitled design (15).jpg
diff --git a/hyperswitch-open-source/going-live/pci-compliance/its-no-rocket-science.md b/hyperswitch-open-source/going-live/pci-compliance/its-not-rocket-science.md similarity index 99% rename from hyperswitch-open-source/going-live/pci-compliance/its-no-rocket-science.md rename to hyperswitch-open-source/going-live/pci-compliance/its-not-rocket-science.md index 23277c2..dcf9d10 100644 --- a/hyperswitch-open-source/going-live/pci-compliance/its-no-rocket-science.md +++ b/hyperswitch-open-source/going-live/pci-compliance/its-not-rocket-science.md @@ -2,7 +2,7 @@ description: Demystifying PCI compliance and it's requirements --- -# 🍰 It's no rocket science +# 🍰 It's not rocket science {% hint style="info" %} In this chapter, we will look at the levels of PCI compliance, key requirements and we will understand why it is not as complex as it seems to be to obtain PCI compliance.