PCI 3DS

Enable secure, digital transactions with PCI 3DS. 

Organizations with PCI 3DS compliance demonstrate secure authentication and cardholder data protection for all card-not-present (CNP) transactions. 

Badge PCI 3DS Dark Background 1 0

Secure e-commerce starts with PCI 3DS compliance

3-D Secure (3DS) is a messaging protocol developed by Visa, enhanced and currently maintained by EMVCo. This protocol enables consumers to authenticate themselves more securely during a card-not-present (CNP) transaction. Organizations supporting any of the core 3DS components and functions (Directory Server, 3DS Server, and/or Access Control Server (ACS)) should comply with the PCI 3DS standard.  

3DS requirements are structured into two sections. Baseline Security Requirements address the general environment and can be satisfied by a PCI DSS assessment if the scope includes the 3DS environment. 3DS Security Requirements in Part 2 are specifically tailored to protecting 3DS data, technologies, and processes.  

Together, they provide in-depth, comprehensive security guidance for protecting the 3DS infrastructure and authentication processes. Each payment brand manages and defines the PCI 3DS Core Security Standard validation requirements as part of their individual compliance programs.     

The benefits of PCI 3DS compliance:

  • Facilitates compliance to the EU strong customer authentication (SCA) mandates 
  • Drives confidence with clients that cardholder data and e-commerce transactions are secure  
  • Demonstrate enhanced security and industry compliance  
  • Reduced risk of breach, financial penalty, and reputational damage   

PCI 3DS services

PCI 3DS readiness assessment
On-site PCI 3DS assessment

PCI 3DS readiness assessment

We benchmark your current processes and controls against the PCI 3DS requirements so you can implement the proper processes and policies prior to the on-site assessment.

On-site PCI 3DS assessment

This on-site assessment includes comprehensive planning to prepare you for fieldwork and results in a ROC and AOC that validates your PCI DSS compliance.

 

Why A-LIGN

A-LIGN is a long-standing, trusted compliance partner with deep expertise in the payments industry. A-LIGN has leveraged over 20 years of experience to develop a unique, proactive, quality-first approach that balances rigor with client goals, timelines, and resource availability.

2k+ PCI assessments
completed
96% client satisfaction
rating
20+ years of experience

A-LIGN has been an asset as we navigate FedRAMP, PCI, and SOC 2. While they are our assessor, they have helped to guide us through the process. Our success has been greatly helped by A-LIGN. The various people with which we’ve worked have been incredibly knowledgeable and capable.”

Security and risk management executive
A lign Convergence background

Get started with A-LIGN

Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.