• Home
  • Legal
  • PCI DSS Compliance

PCI DSS Compliance

Last Updated: April 5, 2022

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements that apply to any business that handles, processes, or stores credit cards, regardless of the business’s size or location.

Kong does NOT store any secure financial data by default

With a payment processing API served through Kong, depending on your setup, you should consider the following scenarios:

  • Proxying Payment Data: Falls under the criterion of “processing”.
  • Logging & Analytics: A logging plugin might store credit card data on disk or a remote location (given your API configuration); this would trigger the “storage” criterion.

PCI DSS compliance is dependent on the configuration and usage of your Kong installation

You will still need to complete an annual Self-Assessment Questionnaire (SAQ) in order to be PCI compliant. There are several different types of SAQs, and a Qualified Security Assessor (QSA) can help you choose the right one for your business and achieve compliance.

Kong does NOT store any secure financial data by defaultPCI DSS compliance is dependent on the configuration and usage of your Kong installation

Powering the API world

Increase developer productivity, security, and performance at scale with the unified platform for API management, AI gateways, service mesh, and ingress controller.

Sign up for Kong newsletter

Platform
Kong KonnectKong GatewayKong AI GatewayKong InsomniaDeveloper PortalGateway ManagerCloud GatewayGet a Demo
Explore More
Open Banking API SolutionsAPI Governance SolutionsIstio API Gateway IntegrationKubernetes API ManagementAPI Gateway: Build vs BuyKong vs PostmanKong vs MuleSoftKong vs Apigee
Documentation
Kong Konnect DocsKong Gateway DocsKong Mesh DocsKong AI GatewayKong Insomnia DocsKong Plugin Hub
Open Source
Kong GatewayKumaInsomniaKong Community
Company
About KongCustomersCareersPressEventsContactPricing
  • Terms•
  • Privacy•
  • Trust and Compliance
  • © Kong Inc. 2025