3DS Assessor Qualification
The 3DS Assessor program teaches you to perform assessments of 3DS Environments in accordance with the PCI 3DS Core Security Standard. This training course will provide you with the understanding of the logical and physical security requirements as well as assessment procedures for performing PCI 3DS Assessments.
Upon completion of the course, you’ll be able to conduct PCI 3DS Assessments, validate and attest as to an entity’s PCI 3DS Core Security Standard compliance status, and prepare appropriate compliance reports (such as Reports on Compliance (RoC)) required by payment card brands and acquiring banks.
The PCI 3DS Core Security Standard provides a set of logical and physical security requirements as well as assessment procedures for performing PCI 3DS Assessments. The training program is comprised of single-day instructor-led course and exam.
The 3DS Assessor training covers the PCI 3DS Core Security Standard requirements, and associated testing procedures. Candidates will learn how to:
- Validate and confirm 3DS Data Environment (3DE) scope as defined by the assessed entity.
- Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed.
- Be on-site at assessed entity during the PCI 3DS Assessment.
- Evaluate compensating controls as applicable.
- Apply independent judgement about whether the assessed entity meets PCI 3DS Core Security Standard.
- Effectively use the PCI 3DS ROC Reporting Template to produce 3DS Reports on Compliance (3DS ROCs).
- Validate and attest as to an entity’s PCI 3DS Core Security Standard compliance status.
- Conduct follow-up assessments, as needed.
- Learn how to complete the 3DS ROC and 3DS AOC documentation that are required for submission of completed assessments.
- The 3DS Assessor training course consists of a one-day instructor-led classroom training and exam providing.
- The qualification exam is taken immediately following the classroom training. The exam is closed-book.
Right for You?
You are a current QSA with at least 3 years’ experience, who is employed by a QSA company, possessing the required industry certifications.
Please contact your organization’s QSA Primary Contact to enroll in the 3DS Assessor program.
When you become a 3DS Assessor, display your digital badge and represent your skills and gives you a way to share your abilities online in a way that is simple, trusted and can be easily verified in real time.
17 Nov 2022
Remote classes are a combination of eLearning and a live webinar.
Become a 3DS Assessor when you take this class and become qualified.
New 3DS Assessor
3DS Annual Requalification per Assessor
Please note: Unless otherwise specified the training and exam will be delivered in English.
Price does not include any applicable VAT/HST/GST which will appear on your invoice.
* Not including VAT
Your organization must be a QSA company to register candidates for 3DS training.
How to Prepare for the Exam
Prior to the training class, you should familiarize yourself with these publications on the PCI website:
- Payment Card Industry (PCI) Security Requirements and Assessment Procedures for EMV® 3-D Core Secure Components: ACS, DS, and 3DS Server
- Payment Card Industry (PCI) 3DS Assessor Program Guide
- Payment Card Industry (PCI) 3DS Assessor Qualification Requirements
- Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures
- Payment Card Industry (PCI) Data Security Standard Qualification Requirements for Qualified Security Assessors (QSA)
- EMV® 3-D Secure Specification
Visit our document library for access to all 3DS documentation.
The 3DS Assessor training course consists of a one-day instructor-led classroom training and exam providing:
- In-person engagement and collaboration as well as networking opportunities
- Ability to focus on curriculum in classroom setting
- Learn directly from an expert PCI SSC trainer with hands-on experience assessing merchants and/or service providers
The qualification exam is taken immediately following the classroom training. The exam is closed-book.
The Primary Contact at the QSA Company will be notified of results within two weeks after the candidate attends the instructor-led PCI 3DS training and exam. Employees who do not meet the minimum passing score set by the PCI SSC may retake New 3DS training and exam, upon registration and payment of a new invoice. For each attendee that passes the exam, the 3DS Company will receive a certificate that validates the employee for the next 12 months.
Attendance during the course is mandatory. Missing more than 30 minutes of the class will automatically result in forfeiture of the PCI SSC 3DS Assessor exam and removal from the class.
In order to attend 3DS Assessor training you must be a full-time employee of an active QSA Company. Please see the Qualification Requirements for 3DS Assessors for more details.
All candidates must apply to the 3DS Assessor program and be approved by the PCI Council in order to enroll in a training class. All training inquiries and assignments must be submitted through your company’s assigned Primary Contact. Other requirements include:
- Must be a QSA
- Have at least 3 years’ experience as a QSA Employee
- Possess a minimum of two industry-recognized certifications with at least one in each of information security and IT audit (as defined in QSA Qualification Requirements section 3.2)
In order to maintain the high standards set for this certification, all 3DS assessors must pass a requalification exam every 12 months and sign and accept the terms of the PCI SSC Code of Responsibility in order to continue as an active 3DS Assessor for their company.
The requalification course is offered in a convenient eLearning format. All training enrollment requests must be submitted through the company’s primary contact via the PCI Portal.
Registration into requalification training must be submitted and approved by the qualification expiry date. A 3DS Assessor who is not registered for requalification training before midnight Eastern Time on their qualificaiton expiry date, or who does not achieve a passing score on the exam by the end of the two week grace period, will be required to re-enroll as a new candidate.
“I thought the instructor was excellent and his insights and experience greatly helped towards the overall understanding.”
Janet Edwards, K3DES, LLC
“It was very useful to see the QSA role from the perspective of the assessor rather than from the customer's viewpoint.”
Chris Leppard, Trustwave
“The way that the instructor was able to cover a vast amount of material in a relatively short time and make us remember it - without the training it would have taken weeks and weeks to get the same level of understanding.”