PCI 3DS Security Attestation
PCI 3DS defines physical and logical security requirements and assessment procedures for entities that perform or provide the following functions as defined in the EMV® 3 D Secure Protocol and Core Functions Specifications
- 3DS Server (3DSS)
- 3DS Directory Server (DS)
- 3DS Access Control Server (ACS)
#Requirements in PCI 3DS
The requirements in PCI 3DS Core Security Standard are organized in two parts:
Baseline Security Requirements
A baseline of technical and operational security requirements designed to protect the 3DS data environment (3DE)
3DS Security Requirements
Security requirements to protect 3DS data and processes
PCI 3DS Assessment Process
- The 3DS entity completes EMVCo functional testing for ACS, DS, and/or 3DSS and receives a Letter of Approval from EMVCo.
- Confirm the scope of the PCI 3DS assessment.
- Perform the PCI 3DS assessment, following the requirements and assessment procedures as per the PCI 3DS Core Security Standard.
- Complete the 3DS assessment report and attestation in accordance with applicable templates, guidance, and instructions.
- Submit the assessment report and attestation, along with any other requested documentation, to the applicable payment brand.
- If required, perform remediation to address requirements that are not in place, and provides an updated report.