PCI has developed a set of security requirements specific to 3DS SDKs (PCI 3DS Security Requirements & Assessment Procedures for EMV® 3-D Secure SDK) and a corresponding approval program (PCI EMV® 3-D Secure 3DS SDK Program Guide).
The security requirements cover:
- Protection of cardholder data and reference data
- Minimal storage of sensitive data
- Integrity checks on the application and platform
- Resistance against reverse engineering
- Mitigations of side channel leakage of sensitive information
- Correct use of PCI approved cryptography
As an accredited PCI 3DS SDK lab, UL can support you at each stage of the evaluation process to optimize performance and efficiency.