Science & Technology

PCI 3DS SDK and 3DS core security standards

From October 18th to November 17th, 2021, eligible PCI SSC stakeholders will be subject to the currently published PCI 3DS SDK Security Standards and PCI 3DS Core Security Standards during the 30-day Request for Comment (RFC) period. You will be invited to review and provide feedback. A complete list of eligible stakeholders is available PCI SSC RFC Web Page..

Two RFCs (one for each standard) run at the same time, with primary contacts PCI SSC portalIncludes instructions on how to access the document and send feedback. Eligible stakeholders will also receive instructions by email. Please note that participants must agree to a non-disclosure agreement (NDA) to download the documentation.please confirm RFC Process Guide For more information.

Note that PCI SSC can only accept comments sent through the PCI SSC portal and received within the defined RFC period.

Background of PCI 3DS SDK and 3DS core security standards
The PCI 3DS Core (v1.0) and 3DS SDK (v1.1) security standards were published in 2017 and 2018, respectively.

EMV® 3 Domain Secure (3DS) is an EMVCo messaging protocol that allows card issuers to authenticate themselves when making cardless (CNP) e-commerce and m-commerce purchases. The PCI 3DS Core Security Standard is the three key EMV® 3DS components (access control server (ACS), directory server) for implementing physical and logical security controls to support 3DS integrity and confidentiality. Provides a framework for (DS), and 3DS servers) transactional processes.

The 3DS Software Development Kit (SDK) is software built into the Merchant Mobile App to facilitate cardholder authentication. When the cardholder initiates an in-app (mobile) transaction, the 3DS SDK communicates with the 3DS core component to authenticate the cardholder. The PCI 3DS SDK Security Standard is intended for developers and vendors of 3DS SDK products and focuses on ensuring that 3DS SDK products are designed and developed to meet specific security goals.

Check the resource guide. What you need to know before joining PCI SSC RFCFor more information on the PCI SSC RFC process.

PCI 3DS SDK and 3DS core security standards PCI 3DS SDK and 3DS core security standards

Back to top button