I’m new here: What steps do I need to take first?
Welcome to the PCI platform of usd AG!
Here, you can complete both the Self-Assessment Questionnaire (SAQ) and the external vulnerability scan required by PCI DSS, which must be performed by an Approved Scanning Vendor (ASV).
For many companies, filling out the SAQ is sufficient to meet PCI compliance requirements. Depending on your payment processing method, an external vulnerability scan by an ASV may also be required as an additional security measure. Our PCI platform provides you with the opportunity to complete both requirements in a PCI DSS-compliant manner via self-service.
Do you want to demonstrate your PCI compliance? Start with the PCI Classification:
If you require more than just the ASV scan, you will find the "PCI Classification" option in the "PCI Verification" section after logging in. Here, you will answer questions about how your company handles credit card payments. Your answers will help determine the scope of your PCI compliance requirements. Afterwards, you can proceed to the "Self-Assessment (SAQ)" section to start your self-assessment.
You only need the ASV scan? Start directly with scan planning:
If you have already completed the SAQ or an audit elsewhere and only need the ASV scan, you can define your scan components and schedule the scan directly after registration. To do so, go to "ASV Scans" in the left menu and choose either "Scan Components" or "Scan Projects."
Can multiple people access an account and be informed about the status of the scans?
Yes, this is possible. You can add multiple contacts to your account. To do this, click on your company name in the upper right corner. In this menu, you can manage both your company details and your contacts, ensuring that all relevant persons are informed about the status of the scans.
Can I use my email address for multiple companies?
Yes, this is possible. In the “My Companies” section at the top right, you can either create a new company—where you will automatically be assigned as a user—or select which company you would like to work for.
I accidentally entered incorrect company information during registration.
Log in to the usd PCI platform and click on your company name in the top right corner. There you can review your company details and manage your contacts. If your company name has changed, please contact the PCI Competence Center by email at pci@usd.de.
My company’s legal name has changed.
The PCI Competence Center will be happy to update your company name for you. Please send us an email with the new company name to pci@usd.de. You can update all other information — such as address, billing address, telephone number, or contact persons — yourself directly on the platform.