PCI 3DS Security Attestation


PCI 3DS Security Attestation

PCI 3DS defines physical and logical security requirements and assessment procedures for entities that perform or provide the following functions as defined in the EMV® 3 D Secure Protocol and Core Functions Specifications

  • 3DS Server (3DSS)
  • 3DS Directory Server (DS)
  • 3DS Access Control Server (ACS)

#Requirements in PCI 3DS

The requirements in PCI 3DS Core Security Standard are organized in two parts:

Baseline Security Requirements

A baseline of technical and operational security requirements designed to protect the 3DS data environment (3DE)

3DS Security Requirements

Security requirements to protect 3DS data and processes

PCI 3DS Assessment Process

  1. The 3DS entity completes EMVCo functional testing for ACS, DS, and/or 3DSS and receives a Letter of Approval from EMVCo.
  2. Confirm the scope of the PCI 3DS assessment.
  3. Perform the PCI 3DS assessment, following the requirements and assessment procedures as per the PCI 3DS Core Security Standard.
  4. Complete the 3DS assessment report and attestation in accordance with applicable templates, guidance, and instructions.
  5. Submit the assessment report and attestation, along with any other requested documentation, to the applicable payment brand.
  6. If required, perform remediation to address requirements that are not in place, and provides an updated report.
how can we help you?

Speak to our Security Experts at the earliest to assist you in your Cyber Security requirements.

Talk to our Payment Security Experts