Reflare’s strategic alliance with Dot.Bit delivers cost-effective PCI 3DS solutions for your technologies and teams. Our integrated training and audit offering helps you achieve your compliance requirements.
The PCI 3DS Security Standard is for acquirers and/or their agent(s) who handle or process credit card transactions and those who are required to secure the management, processing, and transmission of digital payments. PCI 3DS compliance helps reduce card-not-present payment frauds and assures security to payment service providers.
PCI 3DS represents a baseline of technical and operational requirements designed to protect cardholder data and is maintained by PCI Security Standards Council (PCI SSC) – a global forum for the ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection.
The PCI 3DS Core Security Standard applies to entities that perform or provide the following functions, as defined in the EMVCo 3DS Core Specification:
Where a third-party service can impact 3DS functionality or the security of the 3DS Environment (3DE), the applicable PCI 3DS requirements will need to be identified and implemented for that service. While the ultimate responsibility for the security of the 3DE and 3DS Data lies with the 3DS entity, service providers may be required to demonstrate compliance with the applicable PCI 3DS requirements based on the service provided.
The requirements in the PCI 3DS Core Security Standard are organised into the following part:
This standard defines physical and logical security requirements and assessment procedures for entities that perform or provide 3DS Server, 3DS Directory Server or 3DS Access Control Server services. These 3DS requirements are based on industry standards and are enforced by the major payment brands.
The answer is quite simple, keep your systems secure, and customers can trust you with their sensitive payment card information. When you stay compliant, you are part of the solution – a united, global response to fighting payment card data compromise.
The standard itself is quite detailed with its technical, organisational, and business requirements, which can raise quite a few questions and misinterpretations.
Before engaging in the final audit, our professional consultants will guide and prepare you for the certification process. The Dot.Bit team of highly skilled Qualified Security Assessors (QSA) will perform the audit and upon determining the compliance, submit the RoC and AoC to attest to the results of a PCI 3DS assessment.
A key part of PCI 3DS compliance is ensuring developers and administrators complete ongoing capability development activities. This is key to protecting both yourself and your customers when handling payment data. Reflare’s Certified Secure (RCS) user training programs ensure your training requirements are implemented with ease.
(Reflare Certified Secure Developer)
All of the lessons and challenges run entirely on Amazon's AWS infrastructure. This means we can scale to any number of users and you don't need to install any software.
After every practical video lesson, trainees must complete the demonstrated attack or defence technique in a live VM environment to advance. No final exams, tedious cramming, or multiple-choice questions. Just effective study and real-world experience in writing more secure code.
You can buy additional training licences to expand your organisation’s IT security capabilities beyond immediate compliance requirements. No hidden fees or yearly costs for content updates. You decide if, and when you want to retrain specific team members.
Allow your users to train at a time that suits them. On site, on the road or at home, all that is required is an internet connection in a modern HTML5 browser.
Add your trainee, set your completion date, and leave the rest to us. We take care of trainee commencement, tracking and deadline reminders. Your easy-to-use admin interface allows you to track group and individual developers' progress.
| RCSD Lessons for Developers - Stage A |
|---|
| Lesson 1: Introduction & How-To |
| Lesson 2: Input Validation - Cross-Site Scripting (XSS) |
| Lesson 3: Client Side Input Validation |
| Lesson 4: Input Validation - SQL Injection (SQLi) |
| Lesson 5: Input Validation - Command Injection (CMDi) |
| Lesson 6: Input Validation - File Uploads |
| Lesson 7: Input Validation - Remote File Inclusion (RFI) |
| Lesson 8: Forced Browsing |
| Lesson 9: Directory Traversal |
| Lesson 10: Authentication |
| Lesson 11: Session Management |
| Lesson 12: Authorization |
| Lesson 13: Sniffing, MITM & SSL |
| Lesson 14: Open Redirects |
| Lesson 15: Cross-Site Request Forgery (CSRF) |
| Lesson 16: Information Leakage |
| Lesson 17: Browser Security Measures |
| Lesson 18: Simple Scanner Usage |
| Lesson 19: Closing Thoughts |
| RCSD Lessons for Developers - Stage B |
|---|
| Lesson 1: XPath Injection |
| Lesson 2: Buffer Overflows |
| Lesson 3: Secure Cryptographic Storage |
| Lesson 4: Encrypted Databases |
| Lesson 5: Logging |
| Lesson 6: Environment Separation |
| Minimum time commitment to complete RCSD training: 4 hours. |
|---|
Our world-class PCI 3DS compliance solutions aim to keep your systems secure.
The 3DS standard will help you protect card-not-present payments (CNP) and reduce payment frauds, ensure security to payment service providers, regardless of whether you are a merchant, an acquirer or an issuer, and place additional assurance in your customers that your payment services are secured, trusted, and that you put customer data protection the centre of your operations.
Becoming a secure and trusted online payment service provider is no easy task. Reflare and Dot.Bit can help you on your path to becoming a member of a global family of trusted online payment services providers and achieve your PCI 3DS compliance. We have stood in your shoes, and have been involved with 3DS since the very beginning. Now, as assessors, we use our years of experience to credibility guide you on this journey.
Your developers hate their current IT security training. Don’t believe us? Just ask them! Most training platforms are static, tedious and end in a multiple-choice test devoid of any real-world application. For most users, security training programs are a nuisance, not a chance to improve their skills. Mapped to PCI talent compliance requirements, RCS training remains focused on trainee experience and applicability.
Ready to learn more? We are here to help!
Message our team to book a virtual consultation.
Send us a direct message from your email account.
Please include the nature of your inquiry and contact
method you would prefer us to use to respond.
Email Us
To begin the proposal process, simply click below to access our enquiry form,
select your compliance requirements,
and one of our team members will be in touch
Get Started
