Schellman Joins PCI 3DS Assessors

May 16, 2018 Jacob Ansari

Schellman & Company, LLC, a leading provider of attestation and compliance services, has become an assessor in the PCI Security Standards Council’s new 3-D Secure (3DS) program, and can assess entities against the PCI 3DS Core Security Standard. This includes entities performing functions of a 3DS Server, Access Control Server, or Directory Server.

The PCI 3DS Security Requirements implements EMVCo’s 3-D Secure standard to offer improved authentication between the cardholder and the issuer and reduce fraud for card-not-present transactions similarly to how EMV reduces fraud for card-present transactions. The PCI 3DS Core Security Standard helps organizations offering 3DS services to align their 3DS compliance with their PCI DSS compliance and provide rigorous security for their entire payment service environment.

About the Author

Jacob Ansari is a Senior Manager at Schellman & Company. Jacob performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS, P2PE, and 3DS. Jacob's career spans nearly 20 years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and assessment of cryptographic systems. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS.
More Content by Jacob Ansari

Welcome to our Hub

Schellman Joins PCI 3DS Assessors

About the Author

Previous Article

Next Article

Schellman Joins PCI 3DS Assessors

About the Author

Previous Article

Next Article

Other content in this Stream

Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor.

The SSF provides an objectives-based approach to assessing...

The 2019 PCI North America Community Meeting was held in beautiful Vancouver, British Columbia, Canada. The conference provided takeaways for PCI standards plus sneak peeks info PCI DSS v40.

The PCI SSC is preparing to issue a draft version of PCI DSS v4.0. It was apparent early in the presentation that the update to the PCI DSS is going to be the largest change since v3.0 in 2013.

Security Boulevard recently published a list of valuable PCI DSS compliance tips which Schellman's team of QSAs reviewed and have offered insight and commentary on.

Schellman & Company has become a Qualified PIN Assessor (QPA) for the PCI PIN Security Program.

Introduction Welcome! In the upcoming series of articles (this is Part 1), I’ll be discussing some things to consider if you want to use Kubernetes to host an application that is...

A fresh new release of the PCI SSC's flagship security standard PCI-DSS v 3.2.1

Schellman is pleased to announce that it will join the newly founded Global Executive Assessor Roundtable, the advisory group of senior executives at assessor companies for the payment...

There are some important PCI DSS deadlines coming up. Let’s start with the SSL/early TLS migration. Why is it important for organizations to migrate away from SSL/TLS?

Well over a year ago, the PCI Standards Council announced, in addition to other requirements, that a PCI charter would now be required for service providers after January 31, 2018. Few...

As a follow-up to the "What 2018 Means for Your PCI DSS Assessment" article I posted, a client of mine had a great question regarding the future date for the semi-annual segmentation...

Some of you may have just read the blog title and believe I made a typo on the year, but no, I am here to talk about PCI DSS in 2018. I know it seems crazy to be discussing 2018, as we...

Some of you may have just read the blog title and believe I made a typo on the year, but no, I am here to talk about PCI DSS in 2018. I know it seems crazy to be discussing 2018, as we...

Executive Summary Docker is an advanced framework for deploying applications--in particular, cloud applications. It is notably different than working within traditional virtualization...

The Payment Application Data Security Standard (PA-DSS) has been an instrumental part of the PCI family of standards from nearly the beginning of the PCI SSC.

Codifying Your Configuration Standards If you have already gone through a PCI DSS, SOC, HIPAA/HITECH, or ISO assessment, you already know that detailed configuration standards are a...

As we all were working hard, with holiday vacations and a new year in our reach, the PCI SSC released a guidance document that has been long awaited. The Guidance on Scoping and...