PCI 3DS Certification

Under the Ministry of Electronics & Information Technology, the Government of India has created a panel of ‘IT security auditing organisations’ named CERT-IN empanelled organisations for assessing the security and auditing systems, networks, websites and applications of public sector organisations along with other segments.

The PCI 3DS Core Security Standard requirements  are organized into the following sections : 
● Baseline Security Requirements : 
These set of technical and operational security requirements are designed to protect environments where 3DS functions are performed. These requirements reflect general information security principles and practices common to many industry standards, and should be considered for any type of environment."

● 3DS Security Requirements:  
These set of requirements provide security controls specifically intended to protect 3DS data, technologies, and processes.

The PCI 3DS Core Security Standard applies to entities that perform or provide the following functions, as defined in the EMVCo 3DS Core Specification : 
● 3DS Server (3DSS)   
● 3DS Directory Server (DS)
● 3DS Access Control Server (ACS)

Some third-party service providers that can impact these 3DS functions, or the security of the environments where these functions are performed, may also be required to meet PCI 3DS requirements as applicable to the provided service.

The PCI 3DS Data Matrix is a separate document that supports the PCI 3DS Core Security Standard and identifies a number of data elements common to 3DS transactions. The data elements identified in the PCI 3DS Data Matrix include those considered to be 3DS sensitive data, which are subject to specific data protection requirements, and certain cryptographic key types that are subject to HSM requirements.

The PCI 3DS Core Security Standard and PCI DSS are separate, independent standards each intended for specific types of entities. The Standard applies to 3DS environments where 3DSS, ACS, and/or DS functions are performed, while PCI DSS applies wherever payment card account data is stored, processed or transmitted. 

The deliverables of PCI 3DS certification is: 
●        Attestation of Compliance (AOC).
●        Report of Compliance (ROC).
●        Certificate of Compliance (COC).

LinkedIn Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. To know more; visit our Privacy Policy & Cookies Policy.