MERCHANTYOUR PATH TO COMPLIANCE
YOUR CERTIFICATION PROCESS
We protect companies against hackers and criminals. It is our task to accompany you on your path to compliance and to provide you with the knowledge you need for a successful PCI DSS certification. The table below shows our certification process.
With the purchase of a Consulting Package, usd AG offers you the option to discuss specific questions regarding the implementation of PCI DSS in your company with our security experts. Which tasks will be handled by usd consultants will be determined flexibly and according to your needs together with you.
With the help of Policy Templates for each PCI DSS Self-Assessment Questionnaire (SAQ), usd supports you in the initial creation of all PCI DSS relevant security guidelines.
With usd Security Awareness Trainings you strengthen the security awareness of your employees, educate them on how to recognize threats and security incidents and how to respond correctly.
During an initial PCI DSS Scope Workshop you will be introduced to the contents of the PCI DSS. The aim of the Scope Workshop is to discuss specific assessment requirements of the PCI DSS in a practical manner.
A PCI DSS Gap Analysis is used to check your compliance with the PCI DSS requirements. This enables you to detect existing deviations from the PCI DSS standard at an early stage and to correct them before the official PCI DSS certification (audit) takes place.
To prove PCI DSS compliance, companies that process, store or transmit credit card data must have their IT systems tested for vulnerabilities by a certified provider (Approved Scanning Vendor / ASV) by means of an External Security Scan.
With Internal Security Scans you can check your IT systems (servers, networks, web servers, web shops, etc.) for many thousands of known and constantly updated vulnerabilities.
A correct configuration of the firewall is crucial to, for example, successfully prevent potential attacks carried out over the internet. by means of a Firewall Review, firewall rulesets are regularly checked for obsolete, outdated or incorrect rules.
A Pentest is a comprehensive security analysis of networks, operating systems or applications. This security assessment covering all system components and applications is carried out using means and methods that an attacker would use to infiltrate third-party systems.
Merchants assess their PCI DSS compliance themselves by completing a PCI DSS Self-Assessment Questionnaire (SAQ). We recommend that you use the free usd AG PCI DSS Platform to do so. The platform features a selection tool that will assist you in determining the applicable SAQ for each of your acceptance channels. You can complete your SAQs directly on the platform.
The PCI DSS Audit is a formal assessment conducted by a certified auditor according to the PCI DSS in its current version.
Even after a successful validation of compliance with the PCI DSS, its security requirements must be adhered to during every-day business operations. usd AG offers Consulting Services to assist you in maintaining your PCI DSS compliance. This enables you to verify compliance with the PCI DSS during normal business operations and in case of changes to your environment by conducting quarterly on-site workshops.