Skip to content
Miscellanious

Miscellanious

You can find additional topics about PCI DSS security scans here.


How do I use the Security Seal for my website?

In order to use the Security Seal for your webshop or website, please use the embed code of the seal.

Proceed as follows:

  1. Log in to your customer account and select the button "Download Security Seal for your website" under "Security Seal".
  2. Select the size that suits you.
  3. Choose the language German or English.
  4. In the preview you can see the Seal variant you have selected. The Seal itself is linked to a detailed illustration and will later show the customer more informatiom.
  5. Now copy the embed code to integrate it into your website. To do this, use the button "Copy to clipboard".
  6. Insert the embed code in the place that suits you best.

Good to know: By using the embed code, you benefit from the fact that the Seal automatically renews itself after your next Complinace verification and does not need to be updated manually.

The Security Seal shows the wrong date. Shouldn't it display the date when my compliance expires?

No, the Seal indicates when you have reached your PCI DSS compliance, so the Seal is a snapshot of your compliance status. Our tip: Click on the Seal to view details. There you will also find information about when your PCI DSS compliance will expire.

I have achieved PCI DSS compliance, but the Security Seal does not update. What can I do?

Please make sure that you are using the embed code of the Security Seal for your website. If the Seal still does not update, please clear your cache and try again.

Is the Security Seal also available as an image file?

The Security Seal is designed to be embedded in a website or a web shop and is therefore only available via embed code. We do not offer image files such as PNG or JPEG for use in print/advertising materials.

What is the difference between a PCI DSS ASV scan and a system scan?

There is no difference from a technical point of view. However, in an ASV scan only PCI-relevant vulnerabilities are listed while the system is still scanned. In addition, the scan report is reviewed and evaluated by a certified Approved Scanning Vendor before the required PCI compliance validation is generated. If you are interested in a system scan, please contact us.

What does a certification or audit cost?

The costs of a certification depend on the classification level of the merchant or service provider and the resulting number of annual required PCI DSS ASV scans. We will be happy to provide you with detailed information about our services and prices. Contact us.

I am registered as a travel agency and have to prove my PCI DSS compliance to IATA. What should I do now?

Please ask your IATA representative, how you are required to prove your PCI DSS compliance to IATA. Most travel agencies can do this by sending the PDF version of their completed Self-Assessment Questionnaire (SAQ) to IATA.

To obtain the PDF version of the SAQ, follow these steps:

  1. Log in to the PCI Platform.
  2. In the "Security Scans and Services" section, click on "Self-Assessment Questionnaires".
  3. At the bottom, you will find a history of your most recently completed SAQs. Click on "Show" to view the information you provided for the last SAQ. You can then create the PDF print version.
  4. At the very bottom you will find the button "show printout version" which lets you display the PDF file.
  5. Save the file.

Good to know: The SAQ (Self-Assessment-Questionnaire) is a self-completed report on your handling of credit cards. A certificate is not issued by usd AG. The SAQ document shows your compliance status and contains the Attestation of Compliance (AoC) usually required by IATA. Your SAQ should be compliant and valid.