PCI 3DS Certification
The Payment Card Industry Security Standards Council published the PCI 3D Secure (PCI 3DS) Core Security Standard to prevent unauthorized transactions and reduce fraud in online payments. The framework was designed to help customers confirm their identity when making card-not-present (CNP) purchases.
CompliancePoint is an authorized PCI 3DS Qualified Security Assessor (QSA). But, we are more than an auditor. We are a partner that works closely with our customers through every step of the certification process, ensuring they achieve all their objectives. With CompliancePoint at your side for the PCI 3DS certification journey, you will enjoy the benefits of:
- The knowledge and expertise of an experienced team backed by industry-leading technology
- A non-biased 3rd party attestation of your security controls
- Proven assessment methodologies and strategies
- Full lifecycle support based on years of experience within the Payment Card Industry
Each engagement is customized to meet our client’s specific needs and maturity. For organizations that need to secure PCI DSS and 3D Secure certifications, we can tailor a service package designed to ensure compliance with both standards simultaneously.
Full Lifecycle Management
Identify
Readiness Assessments
Our QSAs will analyze your existing security policies and procedures and guide you through any needed remediation efforts before starting your 3DS assessment.
Mitigate
Advisory Services
Our experts will walk you through the implementation of the policies, business processes, and technology needed to secure PCI certification.
Manage
Attestation and Program Management
To help you prove your commitment to secure eCommerce transactions we will work with you to present a well-documented validated assessment to PCI 3DS.
Once certified, our PCI 3DS Management Program will simplify the process of maintaining your certification for years to come.
Speak with an Expert
Our Focus
Our PCI 3DS certification services are designed to help organizations satisfy the standard's Baseline Security Requirements and 3DS Security Requirements. CompliancePoint will work with you to achieve and maintain compliance in all the required areas.
Personnel Security Policies
Network Security
System Security
Vulnerability Management
Physical Security
Incident Response
Scope Validation
Security Governance
Access Management
3DS Systems and Applications Security
3DS Data Security
Cryptography & Key Management
Our Benefits
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
No personnel certification costs
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Security awareness training
Institutionalize your security processes
Control design & automation
Objective & knowledgeable assessments
Proven techniques and strategies
Cost savings
No personnel certification costs
Target high-priority tasks
Access to cutting-edge tools & technology
No turnover
Security awareness training
Institutionalize your security processes
Control design & automation
Let us help you identify information security risks and compliance gaps that may be threatening your online transaction security and customer relationships.
Learn More About PCI 3DS
PCI 3DS was developed to support the secure implementation of EMVCo’s EMV 3DS protocol.
PCI 3D Secure applies to entities that perform or provide the following functions:
3DS Access Control Server (ACS): The ACS contains the authentication rules and is controlled by the Issuer. It verifies whether authentication is available for a card number and device type and authenticates specific transactions.
3DS Directory Server (DS): The DS maintains lists of card ranges for which authentication may be available and coordinates communication between the 3DSS and ACS to determine whether authentication is available for a particular card number and device type.
3DS Server (3DSS): The 3DSS provides the functional interface between the 3DS Requestor Environment flows and the Directory Server (DS). Functions performed by the 3DS Server include collecting necessary data elements for 3DS messages and authenticating the DS.
The PCI 3DS requirements organizations must meet to secure certification are separated into two parts: Baseline Security Requirements and 3DS Security Requirements.
Baseline Security Requirements contains the following control domains:
- Maintain security policies for all personnel
- Secure network connectivity
- Develop and maintain secure systems
- Vulnerability management
- Manage access
- Physical security
- Incident response preparedness
3DS Security Requirements contains the following control domains:
- Validate scope
- Security Governance
- Protect 3DS systems and applications
- Secure logical access to 3DS systems
- Protect 3DS data
- Cryptography and key management
- Physically secure 3DS systems
Organizations typically begin their PCI 3DS certification by completing the EMVCo functional testing for ACS, DS, and/or 3DSS and receive a Letter of Approval from EMVCo. From there, organizations can take the following steps to secure their certification:
- Confirm the scope of the PCI 3DS assessment
- Perform the PCI 3DS assessment
- Complete the 3DS assessment report and attestation
- Submit the assessment report and attestation, along with any other requested documentation, to the applicable payment brands
- If required, perform remediation to address requirement gaps, and provide an updated report
10 Billion+
Records Audited
150+
Cases as an
Expert Witness
2,500+
Companies Served
+86
Net Promoter Score - Our Customers Love Us!
