Are my systems hacked during the security scan?
No. Within the scope of the PCI review, usd AG performs exclusively non-intrusive scans which only analyze whether vulnerabilities in your systems exist or can be recognized from the internet. The potential security gaps identified in this way are in no way used to damage the integrity and availability of the respective systems, that is, to hack them.
Does the scan make a break-in attempt on my system?
The scanning method we use does not have the objective of “breaking into” the target system, but rather is merely a means of determining weaknesses in its configuration using information that the respective target systems themselves provide. This type of data recording is similar to the preparation of an attack on your system through an external attacker, but only the people you authorize obtain access to this data material.
How are my systems checked over the internet?
usd AG checks the architecture and configuration of the internet connection for weaknesses that an attacker could use to break into the system. In the process, the system is scanned from the internet using security scanners to examine it for any vulnerabilities.
For what are cookies used?
A cookie does not contain any information about you and your system that the server does not already know when the cookie is being set. The PCI Platform uses a cookie with the name “zenid” so that you can be recognized after consecutive accesses. This recognition is important so that you can access your data after logging in. It also lets you keep the language you select and the settings of your shopping cart. This cookie remains stored on your system only until you close your browser completely.