Protection of NON face-to-face transactions
It is a security standard aimed at the protection of electronic business non-face-to-face (card-not-present) transactions through robust identification of the cardholder.
Additional security 3-D Secure (3DS)
It is an anti-fraud messaging protocol that allows consumers to verify their identity with their payment card issuer at the time of non-face-to-face transactions (CNP)
This is an additional layer of security that helps prevent unauthorized transactions in e-commerce environments and, in turn, protects merchants from fraud.
This will reinforce your customer's and business' security
At the time the transaction is made, the card issuer (the cardholder’s bank that issued the plastic) asks the holder for additional authentication data for CVV2, which can generally be:
The objective is that access to this additional data is only by the issuing bank, which is why the merchant and any other intermediate entity should only receive the response to said validation: approved or not.
EMVco exists to facilitate global interoperability and secure acceptance of payment transactions
EMV 3-D Secure (3DS) is a protocol that, through its messaging, enables consumers to authenticate with the card issuer when performing card-not-present (CNP) transactions.
The additional level of security helps prevent unauthorized CNP transactions and protects merchants from exposure to CNP card-not-present fraud.
How do we do it?
Compliance and definition of the scope:
The first step to COMPLY with the PCI 3DS requirements is to perform an analysis identifying within the organization the system components such as: applications, databases, servers, network equipment, etc., involved in processing, storage and / or 3DS authentication data transmission.
This service allows you to identify the environment, the system components and the network segments, in which the 3DS authentication data is present in the organization.
This is achieved by identifying the processes or flows where card data is stored, processed or transmitted depending on the role that the entity performs in the card payments industry.
The system components involved in 3DS authentication are identified.
The network segments involved in the 3DS authentication environment are identified, in order to define network-level scope reduction strategies and the controls that must be in place to isolate the 3DS authentication data environment.
Service suppliers identification and responsibility matrix
The service providers that perform some function of the 3DS environment or impact the security of the 3DS environment are listed.
It is the step you must take as an organization to know the status of compliance with current practices vs. the requirements proposed by the PCI 3DS Security standard by doing a gap analysis.
Provides a detailed comparison of what your organization is currently doing by identifying areas of non-conformance that require resolution prior to a formal compliance validation of the standard
To make a correct gap analysis we use the following methodology;
2. Definition of Scope
3. Interview planning
4. Required interviews
5. Analysis of results
7. GAP report
Based on the GAP findings, we validate the action plan to close the gaps by accompanying and monitoring the process.
We support the closing of the findings objectively as our services do not compromise the independence of criteria as an organization PCI 3DS Assessor
Some organisations stand out in the compliance evaluation, and others don't: which one do you want to be?
Those that stand out are those that focus their efforts to define controls for the protection of the data used for 3DS authentication, during its processing, storage and / or transmission.
The evaluation will focus on validating whether the processes where 3DS authentication data is stored, processed or transmitted comply with the requirements of the PCI 3DS standard.
5. Perform on-site evaluation
6. Generate ROC and AOC
Start your PCI,DSS compliance evaluation NOW by starting to protect your customers' information