The PCI Security Requirements and Assessment Procedures for EMV 3-D Secure Core Components focus on securing the EMV 3DS infrastructure that supports 3DS transactions.
The PCI 3DS Core Security Standard supports the EMV 3-D Secure Protocol and Core Functions Specification, and is for entities that manage, provide or assess 3DS Access Control Server (ACS), Directory Server (DS), and 3DS Server components.
The PCI 3DS Core Security Standard defines appropriate security controls to protect these specific 3DS environments, which are critical to the 3DS transaction process. Training will be available for eligible Qualified Security Assessors (QSA) to support assessments of these PCI 3DS environments to the PCI 3DS Core Security Standard.
The PCI 3DS SDK Security Standard supports the EMV 3-D Secure SDK Specification, which defines EMV 3DS requirements for entities developing 3DS Software Development Kits (SDK) for use in mobile-based 3DS transactions. The standard is for developers and vendors of 3DS SDK products, and it is focused on ensuring the SDK has been designed and developed with security in mind.
The PCI SSC is also developing a supporting validation program for early 2018, which it will first test as a pilot program in 2017. The final program will include a PCI SSC listing of SDK solutions that meet the PCI 3DS SDK Security Standard.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now