Request for Comments: Draft PCI 3DS Core Security Standard v2.0 and Draft PCI 3DS Data Matrix v2.0

From 6 December to 19 January 2024, eligible stakeholders are invited to review and provide feedback on the draft PCI 3DS Core Security Standard v2.0 and draft PCI 3DS Data Matrix v2.0 during a 6-week request for comments (RFC) period.   

The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.    

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.    

Background on the Draft PCI 3DS Core Security Standard v2.0 and Draft PCI 3DS Data Matrix v2.0 

The PCI Security Standards Council is conducting a revision to the currently published PCI 3DS Core Standard v1.0 and PCI 3DS Data Matrix v1.1. The PCI 3DS Core Security Standard provides a framework for the critical EMV® 3DS components-Access Control Server (ACS), Directory Server (DS), 3DS Server, and Split-SDK Server-to implement physical and logical security controls to support the integrity and confidentiality of the 3DS transaction process.  

EMV® Three-Domain Secure (3DS) is an EMVCo messaging protocol that enables consumers to authenticate themselves with their card issuer when making card-not-present (CNP) e-commerce and m-commerce purchases.

The Council is seeking feedback on the individual requirements, validation methods, implementation guidance, and explanatory content contained within these documents. Input on the latest draft revisions of these documents will be considered in the overall revision effort. 

Also on the blog: Update on Revision Efforts for PCI 3DS Core and SDK Standards