About PCI 3DS
Payment card industry standard, defining security requirements for 3D Secure providers infrastructure.
The requirements include 2 sections:
- Basic Environmental Requirements Part 1: 3DS Baseline Security Requirements.
- Part 2 Basic Requirements: 3DS Security Requirements.
The basic environment requirements represent PCI DSS parent standard requirements list, applicable to 3DS infrastructure. The audit procedures allow their implementation to be offset, when the 3DS infrastructure is included in the classical PCI DSS audit boundaries.
Basic 3DS Security Requirements are particular requirements list, intended especially for 3DS infrastructure for:
- Network security.
- Risk management.
- Interaction with third parties.
- Configurations and interfaces control.
- Component monitoring and availability.
- Transactions monitoring.
- Physical security.
Audit according to the current requirements is mandatory for 3DS hosting providers (annually), as well as for primary 3DS solutions installations by the issuers. Besides such an audit is mandatory procedure when implementing 3D Secure solutions with Protocol 2.0 support in some regions.
Nowadays MPS VISA is the main standard regulator, as Visa 3-D Secure (3DS) Security Program Guide standard author and holder.
Compliance Control has been conducting PCI 3D Secure (formerly VISA 3DS) audits since 2016, when it was one of the few in the world, authorized by VISA.
We prepare confirmation of compliance with PCI 3DS (Attestation of Compliance) requirements on the audit results basis and notify VISA.PCI Card Production about it.