PCI DSS compliance: everything you need.
Why SRC? Your advantages at a glance
✅ Authorized PCI ASV scans
We ensure that all PCI DSS requirements are met. We guarantee precision and compliance every step of the way.
✅ Flexible support options
We offer you customized support options to meet your individual requirements. Whether you need technical advice or urgent matters – our team is there for you flexibly.
✅ Transparent pricing
With our transparent pricing, you always know what you are paying for. Clear offers, detailed invoices, no hidden costs.
✅ Personal customer service
Our personal customer service team is available to answer all your questions about PCI DSS compliance. Your contact person will ensure smooth cooperation and individual support.
Three steps to PCI DSS compliance
1. request a non-binding offer
Fill out our form and let us know what you need. We will prepare a customized offer for you.
2. book scans & support
Commission us for your ASV scan and receive direct support from our experts if required.
3. results & conformity
Maintain your results and implement measures to ensure compliance.
Our solutions for your PCI compliance
-
ASV scan 900€
Simple, secure and reliable. With our authorized ASV scans, we check your systems for PCI DSS compliance for one year. The scan includes four quarterly scans for an IP address in accordance with PCI DSS requirement 11.3.2 and meets the requirements for regular security checks of your systems.
-
ASV scans from the 2nd IP address 45€ each
From the second IP address, each additional IP address costs just EUR 45 per year. This also includes four quarterly scans per IP address, which comply with PCI DSS requirement 11.3.2.
-
Support hours 150€ / *190€
Get exactly the support you need - flexible and tailored to your needs. Our experienced specialists are on hand to help you with technical questions and challenges. Note: In practice, it has been shown that many companies need more clarification during the process than initially expected. Around 50% of our customers book an average of four hours of support to ensure that outstanding issues are resolved efficiently. We recommend booking support hours in advance to ensure timely delivery and to take advantage of preferential terms. * for subsequently booked support hours
-
Scoping workshop 600€
An unclear network structure or incorrectly prioritized measures can delay the certification process and end up being expensive. Our workshop provides you with a comprehensive analysis of your network structure and requirements. You will gain clarity about which measures are really necessary and set the right priorities right from the start. This will help you avoid unnecessary costs and delays and ensure that your audit runs smoothly. All invoice amounts are payable net within 14 days of invoicing.
Your partner for IT security and payment transactions since 2000
SRC was founded in 2000 as an independent consulting company and is the joint competence center of the German banking industry for cashless payment transactions and IT security. We offer our customers comprehensive advice and technical expertise to develop, implement and test secure systems.
Our services
Consulting and testing at the highest level:
We work independently and ensure that your IT systems meet the highest security standards.
Our expertise includes:
- PCI DSS compliance: As a PCI Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV), we support merchants and service providers in complying with PCI standards.
- Payment security tests: Approval by American Express, Mastercard, Visa and EMVCo as a Security Testing Lab for solutions such as mPOS, HCE and P2PE.
- ISO 27001 audits: Our employees are certified auditors for information security management systems in accordance with ISO 27001.
Technological innovations:
On behalf of the German Banking Industry (DK), we develop functional requirements and security standards, such as:
- girocard and SECCOS: chip card operating systems and security applications for national debit and prepaid payment methods.
- SEPA projects: Participation in cross-border initiatives such as the Berlin Group.
Our accreditations
SRC is one of the few companies in the world that is recognized by the PCI Security Standards Council in numerous areas, including:
- PCI QSA, PCI ASV and PA-QSA
- PCI 3DS Auditor and Qualified PIN Assessor (QPA)
- PCI Card Production Security Assessor (CPSA)
We are also accredited:
- From the Federal Office for Information Security (BSI) for tests according to § 8a BSIG and Common Criteria (ISO 15408)
- With UK Finance, Australian Payments Network and Pan Nordic Card Association for terminal security checks
Why customers trust SRC
Global recognition:
We work with international standards and organizations to provide first-class security solutions.
Independence:
As an independent consulting firm, we value objective and transparent auditing procedures.
Technical excellence:
Our employees are highly qualified and certified, including as:
- Offensive Security Certified Professional (OSCP)
- GIAC Penetration Tester (GPEN)
- GIAC Certified Forensic Analyst (GCFA)
FAQ - PCI-DSS ASV Scans
1. FAQ - ASV Scans
What counts as an IP?
An IP (Internet Protocol) is a unique address for a network device. Several URLs or domains can run under the same IP address. With our ASV scans, we charge per IP, not per URL.
When does the first scan take place?
The first scan is carried out within two weeks of acceptance of the offer. If you need a faster solution, you can submit an express request.
Will I be reminded of the scans?
Yes, we proactively remind you to perform the scan on time so that you always remain PCI DSS compliant.
What happens if I am not compliant?
If the scan reveals vulnerabilities, you have two weeks to rectify the findings in accordance with the PCI DSS guidelines. Rescans are included in the offer to check compliance.
2. FAQ - Support hours
How do the support hours work?
Support hours can be booked either in advance or retrospectively.
Hours booked in advance cost €150 per hour, while hours booked retrospectively cost €190 per hour.
What support is available?
Our team will help you with technical questions, problems with your network or IT environment and with the implementation of PCI DSS compliance measures.
Can I book support hours flexibly?
Yes, you can book the hours you need flexibly – either directly when you create your quote or later if you have further requirements.
What happens if I don’t use the support hours?
Unused pre-booked support hours cannot be refunded, but are available to you within the agreed period.
3rd FAQ - Scoping Workshop
What do we do in a scoping workshop?
In the scoping workshop, we support your team in defining the scope of your IT environment in accordance with the requirements of the PCI DSS. The aim is to identify all systems that store, process or transmit card data, as well as those that indirectly influence the security of this data.
What does the workshop involve?
- Identification of relevant systems: We analyze systems that affect or are linked to card data.
- Network architecture analysis: Support in identifying relevant network environments.
- Segmentation analysis: Review and optimization of your network security measures to narrow down the scope.
How is the workshop conducted?
The workshop is a remote session that is designed to be interactive. Our team will work with you to conduct a precise and effective analysis.
What are the aims of the workshop?
- Provide specialist knowledge for determining the PCI scope.
- Increase security through the sound identification and elimination of vulnerabilities.
- Minimize effort and ensure PCI DSS compliance.
How much does the workshop cost?
The scoping workshop costs €600 and is individually tailored to your company and your IT environment.
