preloader
compras
3D SECURE

Protection of NON face-to-face transactions

It is a security standard aimed at the protection of electronic business non-face-to-face (card-not-present) transactions through robust identification of the cardholder.

Additional security 3-D Secure (3DS)

It is an anti-fraud messaging protocol that allows consumers to verify their identity with their payment card issuer at the time of non-face-to-face transactions (CNP)

This is an additional layer of security that helps prevent unauthorized transactions in e-commerce environments and, in turn, protects merchants from fraud.

BENEFITS

This will reinforce your customer's and business' security

At the time the transaction is made, the card issuer (the cardholder’s bank that issued the plastic) asks the holder for additional authentication data for CVV2, which can generally be:

  • A PIN.
  • A password or the answer to a secret question
  • A code from a coordinate card.
  • A code sent via SMS to a registered mobile phone.
  • A one-time password (One Time Password – OTP) generated by an electronic device or an application installed on a mobile phone.

The objective is that access to this additional data is only by the issuing bank, which is why the merchant and any other intermediate entity should only receive the response to said validation: approved or not.

SERVICES:

3D Secure

EMVco exists to facilitate global interoperability and secure acceptance of payment transactions

EMV 3-D Secure (3DS) is a protocol that, through its messaging, enables consumers to authenticate with the card issuer when performing card-not-present (CNP) transactions.

The additional level of security helps prevent unauthorized CNP transactions and protects merchants from exposure to CNP card-not-present fraud.

SERVICES

How do we do it?

PAGOS ELECTRONICOS
1

Compliance and definition of the scope:

The first step to COMPLY with the PCI 3DS requirements is to perform an analysis identifying within the organization the system components such as: applications, databases, servers, network equipment, etc., involved in processing, storage and / or 3DS authentication data transmission.

2

Flow Survey

This service allows you to identify the environment, the system components and the network segments, in which the 3DS authentication data is present in the organization.

This is achieved by identifying the processes or flows where card data is stored, processed or transmitted depending on the role that the entity performs in the card payments industry.

3

Inventories

The system components involved in 3DS authentication are identified.

4

Network Follow-Up

The network segments involved in the 3DS authentication environment are identified, in order to define network-level scope reduction strategies and the controls that must be in place to isolate the 3DS authentication data environment.

5

Service suppliers identification and responsibility matrix

The service providers that perform some function of the 3DS environment or impact the security of the 3DS environment are listed.

6

GAP

It is the step you must take as an organization to know the status of compliance with current practices vs. the requirements proposed by the PCI 3DS Security standard by doing a gap analysis.

Provides a detailed comparison of what your organization is currently doing by identifying areas of non-conformance that require resolution prior to a formal compliance validation of the standard

To make a correct gap analysis we use the following methodology;

1. Start
2. Definition of Scope
3. Interview planning
4. Required interviews

5. Analysis of results
6. Consolidated
7. GAP report
8. End

7

Action Plan

Based on the GAP findings, we validate the action plan to close the gaps by accompanying and monitoring the process.

We support the closing of the findings objectively as our services do not compromise the independence of criteria as an organization PCI 3DS Assessor

8

Compliance evaluation

Some organisations stand out in the compliance evaluation, and others don't: which one do you want to be?

Those that stand out are those that focus their efforts to define controls for the protection of the data used for 3DS authentication, during its processing, storage and / or transmission.

The evaluation will focus on validating whether the processes where 3DS authentication data is stored, processed or transmitted comply with the requirements of the PCI 3DS standard.

Our methodology

  1. Start
  2. Scope Validation
  3. Evidence collection
  4. Planning, on-site evaluation

5. Perform on-site evaluation
6. Generate ROC and AOC
7. End

Your mission:

Start your PCI,DSS compliance evaluation NOW by starting to protect your customers' information