You are here:

PCI 3DS validation

The PCI 3DS Core Security Standard and PCI 3DS SDK Security Standard are independent standards that define security controls covering different areas of the 3DS ecosystem.

Who needs to be validated?

  • 3DS Server (3DSS) providers

  • Access Control Server (ACS) providers

  • Directory Server (DS) providers

SC2labs provides PCI 3DS assessments service, as a qualified PCI 3DS Assessor

certified by the PCI Security Standards Council.

PCI 3DS is one – year program, so assessment should be performed on annualy basis by PCI 3DS auditor

Kickoff and Planning

The kickoff is considered the start of the engagement after the agreement is executed. We will discuss the certification process, identify the point of contact from both organizations and timelines for assessment, define a project roadmap and plan the next steps. One of the most important steps is “3DS scoping” to identify the systems that, at a minimum, need to be included in the scope of PCI 3DS.

Formal validation

The PCI 3DS Assessment of Compliance is the formal process where 3DS Qualified Security Assessor will conduct on-site interviews, system configuration sampling, and document reviews. Testing and gathering is the core of compliance engagement. The results of the on-site assessment are documented.


The report will be provided within 3 weeks of the last day of successful completion (all required documents are delivered and collected by the 3DS QSA auditor.


The deliverables may include:

  • 3DS Core Report on Compliance (RoC)
  • 3DS Core Attestation of Compliance (AoC)
  • 3DS SDK Report on Validation (RoV)
  • 3DS SDK Attestation of Validation (AoV)

Completed 3DS documentation is submitted to the Customer’s Participating Payment Brands.

Continual Support

After your successful certification, we provide continual support in the ongoing maintenance of the organization’s compliance - we will provide and discuss changes to  the security standard itself, as well as explain and support with emerging issues and questions.