Compliance

3-D Secure Assessment

Visa has developed the Three-Domain Secure (3-D Secure™) protocol to improve transaction performance online and to accelerate the growth of electronic commerce.

The objective is to benefit all participants by providing Issuers with the ability to authenticate cardholders during an online purchase, thus reducing the likelihood of fraudulent usage of Visa cards and improving transaction performance.

Foregenix offers a structured methodology, customised to assist organisations to achieve and maintain the approval and activation process for 3-D Secure™ Enrolment Server/Access Control Server Service Provider and to present the security requirements for 3-D Secure™ ES/ACS hosting.

The Foregenix consultant will carry out the 3-D Secure™ onsite assessment as required by Visa. The onsite assessment will include interviews with key personnel, as well as required testing/sampling as defined by the 3-D Secure™ Requirements. The onsite assessment also focuses on the following:

  • Review network architecture and 3-D Secure™ environment.
  • Determine encryption keys in use and review suitability (key inventory/key matrix).
  • Review key custodians assignments and responsibility for keys.
  • Review encryption key lifecycle logs, e.g. creation, loading, storage, handling, destruction, archiving & revocation.
  • Identify and review all key storage locations, e.g. safes, vaults, media, etc.
  • Visit applicable data centres and secure facilities housing 3-D Secure™ equipment used for key life cycle operations.
  • Review inventory controls for all systems involved in the key management process.
  • Observe key creation, key loading, key destruction, key archiving and key revocation processes.
  • Review physical and logical security controls and environmental conditions.
  • Review audit requirements and examine integrity and availability controls.
  • Exit Interview – A discussion of the non-compliance findings from the onsite assessment will take place with management that will be documented in the report.

Following the onsite assessment, a 3-D Secure™ Report will be produced offsite by the Foregenix consultant detailing the findings of the assessment passing through the Foregenix QA Service which is delivered by a highly experienced team who are very familiar with the Card Schemes and their specific requirements relating to the 3-D Secure™ Requirements ensuring that both our clients and Foregenix maintain compliance with the 3-D Secure™ Standards and the card schemes to the highest level.