Frequently Asked Question

Is an EMVCo Letter of Approval required prior to conducting a PCI 3DS Assessment?

No, an EMVCo Letter of Approval (LOA) is not required for a PCI 3DS Assessor to perform an assessment to the PCI 3DS Core Security Standard.  If an EMVCo LOA is not obtained prior to completing the PCI 3DS Assessment, the assessed entity should select the "other" option in Part 2a of the PCI 3DS Attestation of Compliance (AOC) and explain why the 3DS functions or services being assessed do not have an associated EMVCo LOA.  

Whether a completed PCI 3DS Report on Compliance (ROC) will be accepted without an EMVCo LOA is determined by the individual payment brands.  Contact details for the payment brands can be found in FAQ #1142 How do I contact the payment card brands?

December 2020
Article Number: 1489

Featured FAQ Articles