What is the PCI 3DS Core Security Standard? ?

The PCI 3DS (Three-Domain Secure) Security Standard is an added security layer that allows for consumers to authenticate their cards with their card issuer in the case of card-not present (CNP) purchases, via e-commerce and m-commerce. It assists in preventing unauthorized CNP transactions and safeguards merchants from CNP fraud. The standard has been developed by EMVCo and PCI SSC (Payment Card Industry Security Standards Council).

3D Secure Consultancy and Assessment Service

The standard is designed for any entity that provides 3D Secure functions such as Directory Server (DS), 3DS Server (3DSS) and Access Control Server (ACS) functions to other members of the payment ecosystem, including merchants, Service Providers and Issuing or Acquiring banks.

In November 2017, Visa updated Visa ACS Security Program now requiring any company that provides 3DS (especially ACS) services, to comply with the new PCI 3DS standard. Visa also requires any Programme Participants to use PIC 3DS QSA companies to validate its compliance.

If your organisation is providing core services as part of the 3D Secure payment process, then you are required to be compliant with the new standard.

The assessment process begins after the successful completion of functional tests and receipt of an approval letter from EMVCo., and consists of the following steps:

Definition of the scope for PCI 3DS assessment.

Completion of the testing procedure as defined by the PCI 3DS standard. The assessment process might result in some remediation actions which may need to be completed prior to submission of documents.

Completion of a Report on Compliance and Attestation of Compliance for the 3DS standard.

Submission of the assessment documentation to the relevant card brands.

How we can help.


Sysnet’s team of information security experts with proven track records of 3DS consultancy and assessment experience, will help your organisation to define the scope of the assessment, review readiness and system configuration and to define policies and procedures required by PCI 3D Secure Security Standard. Our security experts can help with identifying assets, assessing and evaluating the adequacy of existing security controls. We can also assist with the implementation of your organisational plan as well as act as an independent trusted advisor in relation to measuring, monitoring and reviewing your ISMS (information security management systems) and the effectiveness of your security controls. When your organisation is ready, we then undertake your PCI 3D Secure certification audits.

3D Secure Consultancy and Assessment Service

Sysnet Cyber Risk can deliver a range of services to support your PCI 3D Secure compliance goals:

  • Scoping analysis – use the 3D Secure standard and Sysnet’s expertise to define an appropriate structure and scope for your PCI 3D Secure compliance effort
  • Gap analysis – review your readiness against the PCI 3D Secure standard
  • Remediation / implementation planning – helps you to develop and prioritise your plan to remediate gaps. We will work with you in both management and technical areas to find and implement solutions for identified gaps.
  • Assessment – formal audit of your organisation and environment against the requirements of PCI 3D Secure standard. The assessment procedure is a combination of the on-site and off-site activity and consist of 4 critical elements
    • Interviewing management and operational personnel
    • Observation of system’s configuration settings
    • Analysis of the support processes in relation to the management of components
    • Review of the required policies and procedures
  • Trusted advisor service – engage our experienced consultants in a fully flexible way to achieve your objectives. For example, we can prepare your Statement of Applicability, lead you Security Working Group, examine your technology and configuration settings, as well as review your corrective and preventative actions to that your organisation remains on target.

PIN on Glass | What is it | eBook

on Glass
What is it?

Download Now!