On April 30, 2025, usd AG received global accreditation as an Approved Scanning Vendor (ASV) from the Payment Card Industry Security Standards Council (PCI SSC). With this, we at usd AG have been meeting the Council’s demanding requirements continuously for almost 20 years. As an accredited ASV, we are officially authorized to perform vulnerability scans to verify compliance with the Payment Card Industry Data Security Standard (PCI DSS) – a status currently held by only two companies in Germany.
What is an ASV – and why is it important?
As an accredited Approved Scanning Vendor, we perform automated vulnerability scans on publicly accessible IT systems. These scans are mandatory for companies that process, store or transmit credit card data, as they serve as proof that these systems meet the security requirements of the PCI DSS.
Only companies with valid ASV accreditation are allowed to offer such scans. They must not only meet technical requirements and standardized testing procedures, but also demonstrate that they realistically assess vulnerabilities, reliably process false positives, and actively support their customers in remediation. For companies that accept card payments, the ASV scan is a mandatory component of their PCI DSS compliance validation. Without it, the security validation is considered incomplete by the PCI SSC, banks, or acquirers.
Security scans via the usd PCI DSS Platform
The scanning services provided by usd AG are delivered through our proprietary usd PCI DSS Platform. Companies can use the platform to order and conduct scans, view results, and download validated reports – fully digital and accessible at any time.
In addition to the scanning process itself, our platform offers further functions, such as the structured processing of false positives, i.e., vulnerabilities that have been reported incorrectly. Unlimited re-scans are also possible – for example, after an issue has been resolved.
“I’m very pleased that we’ve once again demonstrated that our PCI DSS Platform meets the requirements of the PCI SSC. In addition to the technical criteria, we also incorporated customer feedback directly into our further development over the past year – and received positive responses, which, on a personal level, makes me even happier.”
Sebastian Düringer, Managing Security Consultant usd HeroLab, responsible for scanning services at usd AG
Our contribution to PCI DSS Compliance
At usd AG, we not only meet the technical minimum requirements of the PCI SSC, but also combine many years of experience in vulnerability management with a stable scanning process and a technically robust platform solution. Through structured workflows, a clearly traceable reporting process, and the ability to perform qualified vulnerability assessments, we support companies in verifying their PCI DSS compliance efficiently and securely.
