Return to site
Return to site

The Recent PCI Security Standards Of PCI 3DS Compliance

broken image

PCI 3DS Compliance

Customers and sellers require safeguards against astute cybercriminals growing cleverer in their security vulnerabilities. The excellent thing is that there are sophisticated (and much more advanced) detection and prevention technologies available that might protect everyone participating in the CNP transaction cycle.

The most efficient methods for combating CNP fraud have been recognized as PCI 3DS compliance secure, machine learning, and biometrics. With the 3DS2 protocol set to be finalized this year, the PCI SSC (Payment Card Industry Security Standards Council) has issued a new standard to enable the 3DS2 protocol.

What is the current PCI 3DS protocol?

There are three new documents, you should be aware of three documentation of PCI security standards which are:

PCI 3DS Core Security Standard

The PCI 3DS Core Security Standard is the basic supporting standard that establishes appropriate security measures inside specific 3DS contexts. It establishes and defines basic logical and physical security features to boost customer and vendor security within the 3DS system.

The standard is divided and structured into two major portions.

The first section which is the Baseline Security Requirement examines operational and technical security criteria developed to safeguard the various settings in which 3D Secure is deployed. It's more of a generic perspective that may be applied to numerous industry standards because it's geared toward transaction scenarios.

The second section, 3DS Specific Security, focuses on 3D Sensitive information, technology, and processes, as well as providing security measures for these functions.

PCI 3DS Data Matrix

The PCI 3DS Data Matrix is a document that is necessary to use in combination with the PCI 3DS. Its purpose is to identify data items that are encountered in 3D Encrypted transactions.

It consists of two tables containing various information categories, a related 3DS Data Element with descriptions, and a determination of whether the information is allowed to store within the scope of PCI 3DS for the various 3D Secure core components.

The first database includes 3DS vulnerable Information that must conform with certain PCI 3DS Key Security Standard standards, while the second database contains 3DS Cryptographic Keys that must be created and kept in an HSM.

PCI 3DS SDK Security Standard

The PCI 3DS complianceSDK Security Standard is the final document. This is a separate standard that tries to define the security measures required for secured 3DS SDK implementations.

In a nutshell, the 3DS Server (3DSS) is a component of the Merchant/Acquirer Domain that handles interactions between the 3DS environment and the 3DS Requestor environment and messaging.

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save