PCI 3D Secure
Payment Card Industry 3-Domain Secure (PCI 3DS) is a PCI Core Security Standard by PCI SSC, supporting the functionality of EMVCo’s EMV 3D Secure core security protocol and respective core function specification.
PCI 3DS adds an extra layer of security that lets users authenticate themselves with the service providers or payment gateways during Card-Not-Present (CNP) transactions. It helps in reducing CNP payment frauds and assure security to payment service providers.
The three domains of 3D Secure are the keys for secure authentication. The three (3) domains are:
(1) The Merchant/Acquirer Domain (3DS Server)
The domain includes banks/merchant entities that handle payment request environments.
(2) The Issuer Domain (3DS Access Control Server)
The domain ensures the applicability of authentication for a particular card and is managed by the issuer bank. Whether it comes under 3DS environment or not is validated under this domain.
(3) The Interoperability Domain (3DS Directory Server)
The domain is responsible for authentication, validation and maintenance of data flow among server entities.
How 3D Secure Works?
How SISA Can Help You?
SISA is a 3DS Assessor that provides efficient and cost-effective services to provide sophisticated threat prevention solutions that not only helps in securing your CNP transactions but also gives you flexibility in maintaining compliance with various high-level security standards like PCI DSS.
SISA’s approach towards PCI 3DS involves in three phases:
Phase 1- Prevention:
The phase covers in setting up the scope of 3DS environment and analysing the gaps.
Phase 2- Remediation:
The phase involves in mitigation of action points for the gaps found in the gap analysis phase.
Phase 3- Certification:
After a successful closure of the action points, an Attestation of Compliance, Report on Compliance and Certification of Compliance are provided to help in maintaining secure CNP transactions along with compliance.
Contact us today to know more about 3D Secure and implement the effective security for your customers card-not-present transactions.