Your business handles sensitive payment data daily. Don’t let compliance gaps put your reputation, finances, or customer trust at risk.
The PCI 3DS assessment is required to ensure that organizations implementing EMV® 3-D Secure (3DS) technologies—specifically the Access Control Server (ACS), Directory Server (DS), and 3DS Server (3DSS)—are operating in a secure environment that protects sensitive 3DS data and processes.
Synopsis of requirements in Part 1 include:
Here, you’ll find key details that highlight what we do and how we can help you. Our goal is to provide clear procedure for assessments that resonate with your needs and simplify your journey with us.
Synopsis of requirements in Part 2 include:
We Identify all systems and devices that store, transmit, or process cardholder data.
We review to see that policies and procedures are updated for protecting cardholder data.
We reviews the environment using interviews, system assessment and documentation.
We also provide annual attestation after a PCI DSS assessment of the client annually.
PCI 3DS is a security standard developed to protect environments that support EMV® 3-D Secure transactions—like authentication servers and systems used by banks and merchants. It ensures that sensitive data is handled securely during online cardholder authentication
Any organization that operates or provides services for 3DS components—such as Access Control Servers (ACS), Directory Servers (DS), or 3DS Servers (3DSS)—may be required to comply. Whether compliance is mandatory depends on the payment brand’s rule.
PCI DSS focuses on protecting cardholder data across payment environments, while PCI 3DS specifically secures the systems and data involved in 3-D Secure authentication. Some requirements overlap, but PCI 3DS includes additional controls tailored to 3DS operation.
Compliance helps protect customer data, reduce fraud, and build trust with payment brands. It also strengthens your organization’s security posture and may streamline integration with other PCI standards like PCI DSS.
Get Better Awareness Today!
This involves attaching a device to a card reader (such as an ATM or gas pump) that captures the information from the magnetic strip on a credit card. A sophisticated attack that could happen.
This involves sending fake emails or text messages that appear to be from a legitimate company, asking the recipient to provide sensitive information such as credit card numbers or login credentials.
This involves installing malicious software on a computer or device that can capture credit card information as it is entered. It also takes control of your machines through key loggers to extract information.
This involves physically stealing credit cards or card information by pickpocketing or raiding mailboxes. This could still happen.
This involves making purchases using stolen credit card information. This type of fraud is common for online or phone orders.
A sophisticated known as “web skimming” or Magecart” by injecting malicious code into the website payment page.
“Experience Global Reach and Trusted Coverage with Our Extensive Network Across New Zealand, Australia, Asia Pacific, Europe, USA, and Canada”
Mon-Fri: 9:00 am – 4:30 pm
General Inquiries
New Zealand Office
