I wonder if someone with a one-man business app already implemented a debit/credit card payment system fully compliant with PCI-DSS level 3 or 4 ?<p>Indeed you could integrate components/drop-in's/plugins from any platform such as Stripe or Adyen, but what if you want to keep control on the full payment flow ? Such platforms allow you to use "only" their API to process the payment under the condition that you are PCI-DSS compliant. Therefore what's the effort required to fulfill the Self-Assessment Questionnaire[^1] ?<p>Many thanks for your feedback.<p><pre><code> [^1] https://listings.pcisecuritystandards.org/documents/PCI-DSS-v3_2_1-SAQ-D_Merchant.pdf</code></pre>