PCI 3DS Security Standard

Compliance for PCI 3DS
by PCI SSC

Protect yourself with PCI 3D Secure core security protocol and respective core function specifications.

Reflare’s strategic alliance with Dot.Bit delivers cost-effective PCI 3DS solutions for your technologies and teams. Our integrated training and audit offering helps you achieve your compliance requirements.

The Standard

The PCI 3DS Core Security Standard applies to entities that perform or provide the following functions, as defined in the EMVCo 3DS Core Specification:

  1.   3DS Server (3DSS)
  2.   3DS Directory Server (DS)
  3.   3DS Access Control Server (ACS)

Where a third-party service can impact 3DS functionality or the security of the 3DS Environment (3DE), the applicable PCI 3DS requirements will need to be identified and implemented for that service. While the ultimate responsibility for the security of the 3DE and 3DS Data lies with the 3DS entity, service providers may be required to demonstrate compliance with the applicable PCI 3DS requirements based on the service provided.

The PCI 3DS Standard is Enforced by All Major Payment Brands

This standard defines physical and logical security requirements and assessment procedures for entities that perform or provide 3DS Server, 3DS Directory Server or 3DS Access Control Server services. These 3DS requirements are based on industry standards and are enforced by the major payment brands.

How Do We Help?

The standard itself is quite detailed with its technical, organisational, and business requirements, which can raise quite a few questions and misinterpretations.

We remove PCI 3DS compliance ambiguity. Our solution includes:

    Gap Analysis and Remediation

  • Understanding compliance and validation requirements of the current PCI 3DS Core Security Standard
  • Defining 3DS Data Environment scope
  • Guidelines on identifying and implementing appropriate security controls to protect the 3DS transaction process
  • Developing a customised plan for achieving and maintaining compliance with the PCI 3DS Core Security Standard
  • Creating documentation to support the PCI 3DS Assessment
  • 3DS Attestation

  • Onsite assessments against 3DS Core Security Standard
  • Reporting

  • Report on Compliance (RoC)
  • Attestation of Compliance (AoC)

Before engaging in the final audit, our professional consultants will guide and prepare you for the certification process. The Dot.Bit team of highly skilled Qualified Security Assessors (QSA) will perform the audit and upon determining the compliance, submit the RoC and AoC to attest to the results of a PCI 3DS assessment.

User Compliance

A key part of PCI 3DS compliance is ensuring developers and administrators complete ongoing capability development activities. This is key to protecting both yourself and your customers when handling payment data. Reflare’s Certified Secure (RCS) user training programs ensure your training requirements are implemented with ease.

RCSD Curriculum

(Reflare Certified Secure Developer)

  • Upload Icon

    Runs in the cloud

    All of the lessons and challenges run entirely on Amazon's AWS infrastructure. This means we can scale to any number of users and you don't need to install any software.

  • Flag Icon

    User-Centric design

    After every practical video lesson, trainees must complete the demonstrated attack or defence technique in a live VM environment to advance. No final exams, tedious cramming, or multiple-choice questions. Just effective study and real-world experience in writing more secure code.

  • Money Icon

    Per user licensing

    You can buy additional training licences to expand your organisation’s IT security capabilities beyond immediate compliance requirements. No hidden fees or yearly costs for content updates. You decide if, and when you want to retrain specific team members.

  • World Icon

    Anyplace, anytime

    Allow your users to train at a time that suits them. On site, on the road or at home, all that is required is an internet connection in a modern HTML5 browser.

  • Statistics Icon

    Track progress

    Add your trainee, set your completion date, and leave the rest to us. We take care of trainee commencement, tracking and deadline reminders. Your easy-to-use admin interface allows you to track group and individual developers' progress.

RCSD Lessons for Developers - Stage A
Lesson 1: Introduction & How-To
Lesson 2: Input Validation - Cross-Site Scripting (XSS)
Lesson 3: Client Side Input Validation
Lesson 4: Input Validation - SQL Injection (SQLi)
Lesson 5: Input Validation - Command Injection (CMDi)
Lesson 6: Input Validation - File Uploads
Lesson 7: Input Validation - Remote File Inclusion (RFI)
Lesson 8: Forced Browsing
Lesson 9: Directory Traversal
Lesson 10: Authentication
Lesson 11: Session Management
Lesson 12: Authorization
Lesson 13: Sniffing, MITM & SSL
Lesson 14: Open Redirects
Lesson 15: Cross-Site Request Forgery (CSRF)
Lesson 16: Information Leakage
Lesson 17: Browser Security Measures
Lesson 18: Simple Scanner Usage
Lesson 19: Closing Thoughts
RCSD Lessons for Developers - Stage B
Lesson 1: XPath Injection
Lesson 2: Buffer Overflows
Lesson 3: Secure Cryptographic Storage
Lesson 4: Encrypted Databases
Lesson 5: Logging
Lesson 6: Environment Separation
Minimum time commitment to complete RCSD training: 4 hours.

Advantages and Benefits

Our world-class PCI 3DS compliance solutions aim to keep your systems secure.

Reflare partners with leading organisations such as...

Get Started

Ready to learn more? We are here to help!
Message our team to book a virtual consultation.

Send us a direct message from your email account.
Please include the nature of your inquiry and contact
method you would prefer us to use to respond.

Email Us

To begin the proposal process, simply click below to access our enquiry form,
select your compliance requirements,
and one of our team members will be in touch

Get Started