PCI 3DS

General information on PCI 3DS 

The PCI 3DS security standard defines physical and logical security requirements to protect environments where ACS, DS and/or 3DSS functions are performed.

Who is required to have a PCI 3DS audit? 

The PCI 3DS security standard applies to environments where ACS, DS and/or 3DSS functions are performed. These can be either emitters or service providers offering ACS, DS, and/or 3DSS services.

How often do you need to recertify? 

PCI 3DS recertification must be done annually.

Results of PCI 3DS compliance certification 

    Reports from external ASV and internal network scans (after each scan).
    Internal and external penetration test reports.
    Updated regulatory documents in the IS sector.
    A completed and validated Report on Compliance (RoC) and Attestation of Compliance (AoC).
    A PCI 3DS Compliance Certificate.

 Stages of service provision 

  • Preparation

     1. Preparation for a certification audit includes conducting a preliminary audit to determine the current state and provide recommendations for bringing processes, technical means and regulatory documents into compliance with PCI 3DS requirements
    2. An external vulnerability scan (ASV) of the network
    3. An internal vulnerability scan of the network
    4. An assessment of the client’s corporate network security by performing external and internal pentests

  • Certification

     1. Collection and analysis of organizational and regulatory documents and information about the client’s 3DS environment system composition
    2. Analysis of processes related to protection and maintenance of system components in the 3DS environment
    3. A compliance audit of the client’s 3DS environment system components according to the PCI 3DS requirements:
    ● Interviewing client employees (third-party, if necessary) within the audit procedure developed by the PCI SSC consortium and adapted by the PCI 3DS Assessor consultant
    ● Analysis of settings and configurations of the 3DS environment system component
    ● Assembling an evidence base for compliance of the client’s 3DS environment system components with PCI 3DS requirements
    4. ● Analysis of security assessment reports on the external and internal network perimeter of the client’s 3DS environment
    5. Development of reporting documents for acquiring banks and International Payment Systems, Report on Compliance (RoC), as well as Attestation of Compliance (AoC).
    6. Sending the AoC by the consultant to the VISA international payment system to confirm successful completion of the PCI 3DS audit

IT Specialist will perform quick, high-quality and comfortable PCI 3DS certification for your business.

Order PCI 3DS certification or ask us a question. Our experts will contact you as soon as possible!

Thank you!

We will contact you shortly.

Can't send form.

Please try again later.

Made with