Become a 3DS Assessor

Introduction

The PCI Security Standards Council operates a qualification program for QSA companies seeking to become 3DS Assessors, and to be re-certified each year. Only 3DS Assessors certified by the PCI Security Standards Council are qualified to assess compliance to the PCI 3DS Core Security Standard.

To qualify as a prospective 3DS Assessor company, a QSA Company must submit a signed 3DS Addendum Agreement (Appendix A in the 3DS Core Qualification Requirements).

The Process of Becoming a 3DS Assessor

Step 1 – Application

Interested QSA Companies must first contact the 3DS Program Manager at 3DS@pcisecuritystandards.org for access to submit an executed 3DS Assessor Addendum to PCI via the PCI Portal. The QSA Company can then proceed to submit applications for QSAs to become 3DS Assessors.

The Primary Contact can review the 3DS Core Qualification Requirements to ensure the applicant has the required qualifications for the 3DS program. All application materials must be submitted electronically via the PCI Portal. Applicants should submit their request for access to the forms on the secure portal by sending an e-mail to 3DS@pcisecuritystandards.org, attention “Program Manager”.   Please note that submission of the application materials will only be accepted via the portal and will not be accepted by e-mail or mail

The Council will review the application materials and will communicate with the QSA Company to address any issues or lack of information. When the application is complete, the prospective 3DS Assessor Company will be invited to schedule training for its employees.

Step 2 – Training

All 3DS Assessor candidates (excluding grandfathered assessors) must undergo and pass the Council’s 3DS Assessor instructor led training course and receive official certification. Individual fees apply. A Council representative will schedule training for the prospective 3DS employees, and the company will be notified whether they pass or fail the test at the end of the course. For more information regarding 3DS training, please click here.

Step 3 - Enrollment

When the enrollment fee balance has been received by the PCI Security Standards Council, the 3DS company will receive a Letter of Acceptance from the Council, and each of its employees who has passed the training course will receive a Certificate of Qualification. The new 3DS Company will be listed on the PCI Website, the employees will be added to the Council’s listing of certified 3DS Assessors, and the company may now perform 3DS assessments for its clients.

To ensure that security assessments are carried out at the highest levels of quality and professionalism, the PCI Security Standards Council encourages the payment brands and other entities to submit 3DS Feedback Forms, which will be evaluated by the Council’s Quality Assurance Working Group. If a 3DS Assessor is judged to be deficient in its audit efforts, the Council will engage in dialog to recommend measures for improvement. If improvement is not deemed sufficient, the result could be disqualification for the 3DS Assessor and removal from the 3DS program.