The PCI Security Standards Council (PCI SSC) released a new security standard to support EMVCo’s EMV® 3-D Secure Protocol and Core Functions Specification. EMV® Three-Domain Secure (3DS) is an EMVCo messaging protocol that enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce and m-commerce purchases. The additional security layer helps prevent unauthorized CNP transactions and protects the merchant from CNP exposure to fraud. The three domains in the EMVCo specification consist of the acquirer domain, issuer domain, and the interoperability domain (e.g. payment systems).
Who has to comply with the PCI 3DS Core Security Standard?
The standard is intended for those companies that manage or provide EMV® 3DS components, specifically: Access Core Server, Directory Server, and 3DS Server. It provides guidelines for identifying and implementing appropriate security controls to protect the 3DS transaction process. Compliance requirements for these entities will be defined by the applicable payment brands.
Contact us today! Get to know how to implement 3DS CSS and be the pioneer in getting the 3DS certification for your CNP process.