What is the PCI 3DS Core Security Standard? ?
The PCI 3DS (Three-Domain Secure) Security Standard is an added security layer that allows for consumers to authenticate their cards with their card issuer in the case of card-not present (CNP) purchases, via e-commerce and m-commerce. It assists in preventing unauthorized CNP transactions and safeguards merchants from CNP fraud. The standard has been developed by EMVCo and PCI SSC (Payment Card Industry Security Standards Council).SEE HOW WE CAN HELP BY CLICKING HERE
The standard is designed for any entity that provides 3D Secure functions such as Directory Server (DS), 3DS Server (3DSS) and Access Control Server (ACS) functions to other members of the payment ecosystem, including merchants, Service Providers and Issuing or Acquiring banks.
In November 2017, Visa updated Visa ACS Security Program now requiring any company that provides 3DS (especially ACS) services, to comply with the new PCI 3DS standard. Visa also requires any Programme Participants to use PIC 3DS QSA companies to validate its compliance.
If your organisation is providing core services as part of the 3D Secure payment process, then you are required to be compliant with the new standard.
The assessment process begins after the successful completion of functional tests and receipt of an approval letter from EMVCo., and consists of the following steps:
Definition of the scope for PCI 3DS assessment.
Completion of the testing procedure as defined by the PCI 3DS standard. The assessment process might result in some remediation actions which may need to be completed prior to submission of documents.
Completion of a Report on Compliance and Attestation of Compliance for the 3DS standard.
Submission of the assessment documentation to the relevant card brands.