I wanted to try and understand the capabilities within the Tyk platform linked to support around PCI DSS compliance. I am interested to know if it would be possible to have Tyk act as a PCI DSS reciever endpoint for secure payment card information and to propagate or act as a forwarding proxy into 3rd Party provider APIs that are also PCI DSS compliant?
Hi @shadowofthewind and welcome to the community.
I don’t know much about PCI DSS and would try to answer your question based on my knowledge what I have read so far.
Tyk Self-Managed solution has been deployed within PCI compliant production environments. You should be fine as long as you can ensure compliance. However, I am unsure if Tyk Cloud (Ara) has been used in PCI enabled use cases. We do have plans on making this happen but I have no updates at the moment.
PCI DSS have pretty specific requirements to the architecture, infrastructure and external audit. I don’t know if your current requirement involves the receiver/proxy being PCI compliant. As it stands, I don’t think our cloud offer can accommodate PCI compliance. On-Prem might be the only way to get a solution.
You may want to open a support ticket if you have more specific questions on your use case.