Digital payment processes in the public administration environment require a particularly high level of security and traceability. Sensitive payment data must be protected, and regulatory requirements must be reliably integrated into existing process and system landscapes.
S-Public Services GmbH also operates in this regulatory environment. As the Sparkassen-Finanzgruppe’s center of competence for e-government, it serves demanding clients such as federal authorities and municipal administrations. Secure payment processes that meet the highest regulatory standards are therefore business-critical.
As regulatory complexity increases, especially due to new requirements for service providers, the demands on the audit process also rise. For its annual PCI DSS audit with expanded requirements, S-Public Services GmbH was looking for a partner that would not only assess regulatory requirements but also classify them methodically, prioritize them, and translate them into sustainable audit processes. Since 2024, usd AG has been supporting S-Public Services GmbH throughout its PCI DSS certification process. The focus is not on meeting individual requirements in isolation, but on ensuring a manageable, transparent implementation in day-to-day operations.
Expanded PCI DSS Scope Due to New Requirements
As the PCI DSS requirements for service providers changed, the scope for S-Public Services GmbH expanded significantly compared with the previous year. This required a clear delineation of new requirements, a systematic classification within the existing certification scope, and realistic prioritization. Together with usd AG, the assessment scope was analyzed systematically, segmented in a practical way, and translated into a robust roadmap.
The goal was not to consider the expanded set of requirements in isolation, but to embed it consistently into existing processes, systems, and responsibilities.
Structured Preparation and Close Collaboration
To address the expanded assessment scope with confidence, S-Public Services and usd relied on structured preparation with clearly defined roles, responsibilities, and coordination formats. In joint workshops, the new service provider requirements were classified, existing processes were reviewed, and concrete implementation steps were prioritized. A particular focus was placed on integrating new processes and systems cleanly into the existing landscape without disrupting ongoing operations. usd AG’s ability to connect regulatory requirements with operational reality proved to be a decisive success factor.
What mattered most was not one individual measure, but the joint approach. The close coordination, clearly defined responsibilities, and structured preparation enabled us to classify new requirements in a controlled way and implement them step by step.
Per Philipp Schneider, Senior Consultant and QSA, usd AG
The Result: Successful PCI DSS Certification with an Expanded Scope
Despite the significantly expanded assessment scope, certification under PCI DSS v4.0.1 was completed successfully. At the same time, a clearly traceable, audit-ready security architecture was established that can also accommodate future regulatory expansions in a transparent way.
The collaboration was constructive and goal‑oriented from the very beginning. Strong technical expertise, short decision-making paths, and a consistently collaborative approach shaped the entire audit process.
What deserves special mention is that the audit was not perceived as a purely formal review, but as a constructive dialogue among peers. The auditors’ ability to translate the complexity of the 12 PCI DSS requirements into clear, actionable measures provides us with significant added value.
This strengthens the security architecture in a sustainable way and directly benefits S-Public Services’ clients, who expect the highest level of sensitivity when it comes to payment security.
Eva-Christiane Lerche, Senior Produktmanagerin E-Payment, S-Public Services GmbH
About S-Public Services GmbH
S-Public Services GmbH is the Sparkassen-Finanzgruppe’s competence center for e-government and a point of contact for the public sector as well as municipal organizations and companies. With specialized plug-and-play solutions for payment services and digital administrative processes, S-Public Services supports the digital transformation of a wide range of citizen services. It offers numerous options for digital payments, efficient booking processes, and application services—from simple solutions to complete application workflows with interfaces to specialized administrative systems. In addition, it supports public administrations with modern e-government and citizen services, including online appointment scheduling, visitor flow management, and digital application procedures, as well as a comprehensive catalog of more than 500 form applications. Its clients include cities, municipalities, and data centers. S-Public Services is part of the DSV Group, the Sparkassen-Finanzgruppe’s central service provider. Learn more at https://www.s-publicservices.de/
