From 14 August to 28 August the PCI community, including Participating Organizations, 3-D Secure (3DS) Software Development Kit (SDK) vendors and PCI Recognized labs, are invited to provide feedback on the updates to the PCI 3DS SDK Security Standard v1.1.
Intended for developers and vendors of 3DS SDK products, the PCI 3DS SDK Security Standard is focused on ensuring 3DS SDK products are designed and developed to meet specific security objectives.
Update to the PCI 3DS SDK Security Standard
In line with efforts to launch the PCI 3DS SDK validation program, PCI SSC is updating the PCI 3DS SDK Security Standard v1.0 — published in November 2017—to include more detailed assessment procedures. The addition of these assessment procedures provides 3DS SDK vendors and PCI Recognized Labs more detailed information on how the 3DS SDK products are expected to be evaluated, which in turn helps them design their products in accordance with the requirements. The detailed procedures provide a consistent baseline of security testing that will be applied to all 3DS SDK products being evaluated to the PCI 3DS SDK Security Standard.
The Request for Comments (RFC) period is open to Participating Organizations and PCI Recognized Laboratories, and is particularly relevant to organizations that assess, develop, design and/or provide 3DS SDK products. RFC participants are encouraged to focus their review on the “Assessment Procedures” column for each 3DS SDK Requirement since updates were primarily limited to this column.
Feedback received during this RFC period will play an important part in finalizing version 1.1 of the PCI 3DS SDK Security Standard. Upon completion of the RFC, the PCI SSC 3DS Working Group will review all feedback received and update the standard as needed to address the feedback.
PCI SSC recognizes that any changes to its Standards may impact many different stakeholders, and that is one of the key drivers for this RFC period. One of the benefits of being a part of the PCI community is the opportunity to play a part in the development and evolution of PCI Security Standards. Don’t miss this opportunity to participate- submit your comments by 28 August.
PCI SSC plans to publish the updated 3DS SDK Security Standard in Q4 of 2018.