PCI Audit
From Audit Expertise to Traceable Compliance.
PCI audits are crucial for the security of your payment data and systems. We don’t just check compliance with PCI standards (DSS, SSF, P2PE, PIN, 3DS), but also analyze your payment environment with technical depth. In doing so, we highlight risks in your payment environment, make connections transparent and give you clear, actionable recommendations. With over 20 years of audit and security experience, we deliver reliable results that offer more than just compliance: well-founded decisions, more security and strengthened trust.
usd AG Audits According to All Relevant PCI Standards
Data Security Standard
Software Security Framework
3DS Core Security Standard
Point-to-Point Encryption Standard
PIN Security Standard
Customers Who Already Trust Us
"We are pleased that with our successful certification according to PCI DSS, we have once again received confirmation this year that we fully comply with the security requirements of PCI DSS in our data centers. Many thanks to the team of auditors at usd AG for the competent advice and the cooperative partnership."
Sebastian Einicke, Vice President, Global Governance, Risk & Compliance bei NTT Global Data Centers (To the Costumer Story)
From the Annual PCI Audit to the International Audit Program
If your company has to cover several standards, countries, or payment landscapes, an audit program that coordinates across the board, bundles processes and makes complexity manageable is crucial:
Many companies today not only have to meet one standard, but also have to prove and permanently comply with numerous regulatory requirements worldwide. This is exactly where we provide support: We identify synergies, create clear structures and control complex testing processes with experience and reliable orientation.
Torsten Schlotmann, Principal usd Security Audits & PCI
Why usd AG Is Your First Choice for PCI Audits
Why usd AG Is Your First Choice for PCI Audits
How usd AG Proceeds with PCI Audits
Our PCI auditors conduct audits according to the official requirements of the PCI Security Standards Council (PCI SSC). In doing so, we follow a clearly structured process model that is based on the respective PCI standards, but takes particular account of your individual framework conditions.
If you need to comply with several PCI standards at the same time, we are happy to carry out the audits in combination. In this way, we avoid redundant inspection steps and reduce your effort.
If you are developing payment software, you can find more information about our PCI SSF audits on our PCI SSF page and further down the page. Below is our procedure for audits according to PCI DSS, PCI 3DS, PCI P2PE and PCI PIN.
Kick-Off
Every audit starts with a kick-off. Together with those responsible in your company, we coordinate the process, the schedule and the final scope and clarify all organizational framework conditions. In this way, we create a clear basis for the audit.
Our Tips
Scope Workshop
Are you looking at PCI standards for the first time or planning major changes to your PCI environment? Then we recommend our Scope Workshop. Here we define the exact scope of testing together and discuss possible reduction in effort (e.g. through targeted scope reduction).
Gap Analysis
Do you want to start the audit well prepared, have made major changes in your PCI environment, or has a new release of the PCI standards been published? With our gap analysis, we check your environment for compliance and create a catalog of measures that we discuss together. On request, we can supplement the preparation with security analyses such as penetration tests, scans or training.
Audit Execution
As part of the audit, we specifically check your processes, applications, systems and infrastructure for compliance with the respective PCI standards. The implementation can be carried out on-site, remotely or combined – depending on the scope and the respective requirements and always in accordance with the specifications of the PCI SSC.
We clearly explain any deviations that have been identified and give concrete, practical recommendations for remedying them. After their implementation, we test the measures in re-tests.
Report
To prove compliance, our PCI auditors then prepare the official audit reports in accordance with the requirements of the respective PCI standard. After successful confirmation, you will receive your PCI certificate and the corresponding seal.
Continuous Complianc
Compliance is a continuous process that we shape together with you. We support you in meeting the PCI requirements permanently and sustainably, e.g. in the event of changes in standards or your IT infrastructure.
Notice to Software Vendors
Beyond the PCI Audit: How Does usd AG Support You with Your PCI Compliance?
PCI Consulting
No matter where you are: Our PCI auditors accompany you from planning to successful PCI compliance.
Security Analyses for PCI
Our experienced security analysts provide you with targeted support in all required testing measures – from security scans to pentests.
Our PCI-Auditor
Our team of around 40 PCI auditors brings experience from numerous projects and industries. Get to know us
PCI DSS and PCI SSF: What You Need to Know
PCI DSS Deep Dive
PCI DSS is the most well-known security standard for the protection of credit card data. Learn more about requirements and answers to common questions.
PCI SSF Deep Dive
The standards of the PCI Software Security Framework (PCI SSF) define binding security requirements for payment software and define the central requirements for the protection of sensitive data. You can find out more about requirements and benefits here.
