Press Release

PCI Security Standards Council Publishes Minor Revision to PCI 3DS SDK Security Standard

PCI 3-D Secure Software Development Kit (3DS SDK) Security Standard Version 1.1 Provides More Detailed Assessment Procedures for PCI Recognized Labs

WAKEFIELD, Mass., 13 December 2018 — Today the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI 3-D Secure Software Development Kit (3DS SDK) Security Standard. The minor revision adds more detailed procedures and guidance for PCI 3DS SDK Labs performing 3DS SDK security evaluations.

The PCI 3DS SDK Security Standard supports the EMV® 3-D Secure SDK Specification that defines EMV 3DS requirements for entities developing 3DS SDKs for use in mobile-based 3DS transactions. The standard is for developers and vendors of 3DS SDK products, and it is focused on ensuring the 3DS SDK has been designed and developed with security in mind. Together with the PCI 3DS Core Security Standard, the PCI 3DS SDK Security Standard focuses on securing the EMV 3DS infrastructure that supports 3DS transactions.

Originally published in November 2017, the PCI 3DS SDK Security Standard has been updated to provide PCI 3DS SDK Labs with more specific direction for conducting PCI 3DS SDK security evaluations. No new requirements are added in PCI 3DS SDK version 1.1. This minor revision includes feedback received during a 2018 request for comment (RFC) period with PCI SSC Participating Organizations and PCI Recognized Labs.

“The goal of the PCI 3DS SDK Security Standard and supporting program is to promote good software security to enable secure mobile authentication. With the addition of more detailed assessment procedures in version 1.1, vendors and labs will have a greater understanding of the necessary tools and processes needed to properly evaluate the security of 3DS SDK products,” said PCI SSC Chief Technology Officer Troy Leach. “This in turn will give merchants and acquirers greater assurance of the level of testing rigor involved in 3DS SDK security evaluations.”

For more information, read PCI Perspectives blog post: What’s New in PCI 3DS SDK Version 1.1?

PCI 3DS SDK Security Standard version 1.1 is available for download from the Document Library on the PCI SSC website.

About the PCI Security Standards Council

The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.

*EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.