usd AG

usd AG is a Frankfurt-headquartered cybersecurity firm founded in 2002, and one of only a handful of firms worldwide accredited by the PCI Security Standards Council as a Qualified Security Assessor (PCI QSA), a PCI Forensic Investigator (PFI), a PCI Approved Scanning Vendor (ASV), a P2PE assessor, and a PIN Security assessor, an unusually complete set of PCI credentials. The company operates its own "CST Academy" training school and runs the "more security" conference in Frankfurt.

usd's penetration testing practice extends well beyond payments, covering web and mobile applications, APIs, cloud, internal and external infrastructure, Active Directory, SAP landscapes, and source code review. Assessments are delivered from Germany and Austria under strict data residency controls, with reports produced in German or English and mapped to PCI DSS 4.0, NIS 2, DORA, ISO 27001, TISAX, and the EU Cyber Resilience Act. The firm's red team operates under a strictly manual-first methodology and frequently supports card schemes, acquirers, processors, and PSPs on complex scope reductions.

usd AG is the right choice for merchants, fintechs, acquirers, and card schemes operating in Europe who need a single provider that can both attest to PCI compliance and perform the underlying penetration testing. Clients include Deutsche Bundesbank-regulated institutions, airlines, automotive OEMs, and global retail brands.