PCI Security Standards Council®

3DS Assessor Qualification

The 3DS Assessor program teaches you to perform assessments of 3DS Environments in accordance with the PCI 3DS Core Security Standard. This training course will provide you with the understanding of the logical and physical security requirements as well as assessment procedures for performing PCI 3DS Assessments. You will become experienced on following the PCI 3DS Core Security Standard and verifying the work product addresses all applicable PCI 3DS Assessment requirements and supports the validation status of the 3DS Entity.

Become Qualified

Upon completion of the course, you’ll be able to conduct PCI 3DS Assessments, validate and attest as to an entity’s PCI 3DS Core Security Standard compliance status, and prepare appropriate compliance reports (such as Reports on Compliance (RoC)) required by payment card brands and acquiring banks.

Right for you if…

You are a current QSA with at least 3 years’ experience, who is employed by a QSA company, possessing the required industry certifications.

Please contact your organization’s QSA Primary Contact to enroll in the 3DS Assessor program.

Course Details:

Course Description

The PCI 3DS Core Security Standard provides a set of logical and physical security requirements as well as assessment procedures for performing PCI 3DS Assessments. The training program is comprised of single-day instructor-led course and exam.

The 3DS Assessor training covers the PCI 3DS Core Security Standard requirements, and associated testing procedures. Candidates will learn how to:

  • Validate and confirm 3DS Data Environment (3DE) scope as defined by the assessed entity.
  • Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed.
  • Be on-site at assessed entity during the PCI 3DS Assessment.
  • Evaluate compensating controls as applicable.
  • Apply independent judgement about whether the assessed entity meets PCI 3DS Core Security Standard.
  • Effectively use the PCI 3DS ROC Reporting Template to produce 3DS Reports on Compliance (3DS ROCs).
  • Validate and attest as to an entity’s PCI 3DS Core Security Standard compliance status.
  • Conduct follow-up assessments, as needed.
  • Learn how to complete the 3DS ROC and 3DS AOC documentation that are required for submission of completed assessments.
Training and Exam

The 3DS Assessor training course consists of a one-day instructor-led classroom training and exam providing:

  • In-person engagement and collaboration as well as networking opportunities
  • Ability to focus on curriculum in classroom setting
  • Learn directly from an expert PCI SSC trainer with hands-on experience assessing merchants and/or service providers

The certification exam is taken immediately following the classroom training. The exam is closed-book.

Exam results will be emailed to the candidate and Primary Contact within two weeks. Passing candidates will be issued a certificate of qualification which validates the 3DS assessor for the next 12 months. A candidate who fails the exam is permitted to register for a retake exam, upon payment of a re-test fee.

Attendance during the course is mandatory. Missing more than 30 minutes of the class will automatically result in forfeiture of the PCI SSC 3DS Assessor exam and removal from the class.

Class Schedule

Upcoming Classes

The Council has scheduled instructor-led classes in various locations worldwide. See schedule below.

2019 Classes for New 3DS Assessor Professionals
Registration will open on 1 December. Sorry, no early birds.

Date
Location
Time
Non Participating Organization
Date: 15 FEB
Location: Barcelona, ES*
Time: 09:00-17:30
Price: $1375 USD*
Date: 22 MAR
Location: Miami, FL
Time: 09:00-17:30
Price: $1375 USD
Date: 12 JUL
Location: Nashville, TN
Time: 09:00-17:30
Price: $1375 USD
Date: 02 AUG
Location: Edinburgh, UK*
Time: 09:00-17:30
Price: $1375 USD*
Please note: All fees are NON-REFUNDABLE and NON-TRANSFERABLE. Unless otherwise specified the training and exam will be delivered in English.

* price does not include any applicable VAT/HST/GST which will appear on your invoice.

Registration

In order to attend 3DS Assessor training you must be a full-time employee of an active QSA Company. Please see the Qualification Requirements for 3DS Assessors for more details.

All candidates must apply to the 3DS Assessor program and be approved by the PCI Council in order to enroll in a training class. All training inquiries and assignments must be submitted through your company's assigned Primary Contact. Other requirements include:

  • Must be a QSA
  • Have at least 3 years’ experience as a QSA Employee
  • Possess at least one industry-recognized certification in both information security and IT audit (as defined in QSA Qualification Requirements section 3.2)
REQUALIFICATION

In order to maintain the high standards set for this certification, all 3DS assessors must pass a requalification exam every 12 months and sign and accept the terms of the PCI SSC Code of Responsibility in order to continue as an active 3DS Assessor for their company.

The requalification course is offered in a convenient eLearning format. All training enrollment requests must be submitted through the company's primary contact via the PCI Portal.

Registration into requalification training must be submitted and approved by the certification expiry date. A 3DS Assessor who is not registered for requalification training before midnight Eastern Time on their certification expiry date, or who does not achieve a passing score on the exam by the end of the two week grace period, will be required to re-enroll as a new candidate.

How to Prepare

Prior to the training class, you should familiarize yourself with these publications on the PCI website:

  • Payment Card Industry (PCI) Security Requirements and Assessment Procedures for EMV® 3-D Core Secure Components: ACS, DS, and 3DS Server
  • Payment Card Industry (PCI) 3DS Assessor Program Guide
  • Payment Card Industry (PCI) 3DS Assessor Qualification Requirements
  • Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures
  • Payment Card Industry (PCI) Data Security Standard Qualification Requirements for Qualified Security Assessors (QSA)
  • EMV® 3-D Secure Specification
Request More Information

Our website uses both essential and non-essential cookies to analyze use of our products and services. This agreement applies to non-essential cookies only. By accepting, you are agreeing to third parties receiving information about your usage and activities. If you choose to decline this agreement, we will continue to use essential cookies for the operation of the website. View Policy