SECURE YOUR SPOT FOR THE KONG AGENTIC ERA WORLD TOUR GOVERN A2A TRAFFIC WITH KONG'S NEW AGENT GATEWAY DON’T MISS API + AI SUMMIT 2026 SEPT 30 – OCT 1
We're Entering the Age of AI Connectivity [Read more](/blog/news/the-age-of-ai-connectivity)Read moreProducts & Agents:

# PCI DSS Compliance

Last Updated: April 5, 2022

The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements that apply to any business that handles, processes, or stores credit cards, regardless of the business’s size or location.

Kong does NOT store any secure financial data by default

With a payment processing API served through Kong, depending on your setup, you should consider the following scenarios:

  • - **Proxying Payment Data:** Falls under the criterion of *“processing”*.
  • - **Logging & Analytics:** A logging plugin might store credit card data on disk or a remote location *(given your API configuration)*; this would trigger the *“storage”* criterion.

PCI DSS compliance is dependent on the configuration and usage of your Kong installation

You will still need to complete an annual [Self-Assessment Questionnaire (SAQ)](https://www.pcisecuritystandards.org/merchants/self_assessment_form.php)Self-Assessment Questionnaire (SAQ) in order to be PCI compliant. There are several different types of SAQs, and a Qualified Security Assessor (QSA) can help you choose the right one for your business and achieve compliance.

Kong does NOT store any secure financial data by defaultPCI DSS compliance is dependent on the configuration and usage of your Kong installation

## Get started with the API & AI platform

[Book Demo](/contact-sales)Book Demo