PCI 3DS Audits

What is the PCI 3DS Audit?

The 3DS or Three-Domain Secure is a messaging protocol that enables consumers making a card-not-present purchase to authenticate themselves with their card issuer. Due to this added security layer, unauthorised CNP transactions and fraud is prevented. The PCI 3DS Audit ensures the appropriate implementation of the specified controls.

There are three domains in the 3DS specification:

  • Acquirer Domain,
  • Issuer Domain, and
  • Interoperability Domain

The standard itself, is organized into two sections:

  • Section 1: Baseline Security Requirements, which provide security requirements to protect the environments where 3DS is performed.
  • Section 2: 3DS Security Requirements, which provides security controls to protect 3DS data, processes and technologies.

Who Should Comply with PCI 3DS?

The 3DS standard is applicable to three entities:

  • Access Core Server
  • Directory Server
  • 3DS Server

The standard is intended to provide controls that in turn protect the confidentiality and integrity of the 3DS transaction.

If you would like to know more our PCI 3DS Audits, please feel free to contact us.