PCI 3DS Compliance Audits
What is PCI 3DS?
PCI 3D-Secure, otherwise known as PCI 3DS, is a message authentication protocol used in the Payment Card Industry that enables user validation with respective card issuers in Card Not Present (CNP) transactions. PCI 3DS core security standard offers an extra line of defence against online fraud in the payment environment.
PCI 3DS standard helps organizations implement General Security controls for the EMV Three-Domain Secure (3DS) adaptation. The proper implementation of the PCI data security standard controls CNP fraud by allowing consumers to self-authenticate with their card issuer during a CNP transaction.
PCI 3DS Scoping
PCI 3DS Gap Assessment
PCI 3DS Remediation Support
PCI 3DS Policies & Procedures
PCI 3DS Audit
Phase 1 – PCI 3DS AssessmentThe first phase of a PCI 3DS Compliance project is defining the scope and performing a PCI 3DS gap analysis.
Identify PCI 3DS Services
- Project Initiation
- Understand the organization
- Identify PCI 3DS services offered
- Identify the infrastructure elements
PCI 3DS Gap Assessment
- Identify the 3DS infrastructure and 3DS Data Environment (3DE)
- Identify the gaps against the PCI 3DS requirements
Phase 2 – RemediationPCI 3DS Remediation involves mitigation of identified gaps in the PCI 3DS gap analysis.
- PCI 3DS Documentation
- PCI 3DS Security Testing
- Remediation progress tracking
- Periodic reviews of control implementation.
- Consultancy on new controls
- Review network segmentation
PCI 3DS Audit & AttestationIn this phase of the engagement, the PCI 3DS Auditors at Deverra perform the audit of the 3DE, leading to PCI 3DS Certification.
PCI Scope Validation
- PCI QSA will revalidate the final scope (PCI CDE) and identify the changes from the original scope.
PCI 3DS Onsite Audit
- Perform the testing procedures as defined in the PCI 3DS ROC template by PCI Council on the scoped 3DE environment
PCI 3DS Report Compliance
- Collection of the evidence of the 3DS Audit
- Document the findings of the 3DS Audit
- Validation of the ROC by a QA QSA
- Release the ROC for customer review
PCI 3DS Certification / Attestation
- Prepare the Attestation of Compliance (AOC) based on client confirmation of ROC
- Issue Attestation of Compliance
- Successfully completes the PCI 3DS project
Would you like to speak to a security analyst?
We understand the importance of approaching each work integrally and believe in the power of simple.