Ask HN: PCI-DSS (level 3/4) for a one-man business?

[rmedaer]

I wonder if someone with a one-man business app already implemented a debit/credit card payment system fully compliant with PCI-DSS level 3 or 4 ?

Indeed you could integrate components/drop-in's/plugins from any platform such as Stripe or Adyen, but what if you want to keep control on the full payment flow ? Such platforms allow you to use "only" their API to process the payment under the condition that you are PCI-DSS compliant. Therefore what's the effort required to fulfill the Self-Assessment Questionnaire[^1] ?

Many thanks for your feedback.

  [^1] https://listings.pcisecuritystandards.org/documents/PCI-DSS-v3_2_1-SAQ-D_Merchant.pdf