3DS Assessor Qualification
The 3DS Assessor program teaches you to perform assessments of 3DS Environments in accordance with the PCI 3DS Core Security Standard. This training course will provide you with the understanding of the logical and physical security requirements as well as assessment procedures for performing PCI 3DS Assessments.
Upon completion of the course, you’ll be able to conduct PCI 3DS Assessments, validate and attest as to an entity’s PCI 3DS Core Security Standard compliance status, and prepare appropriate compliance reports (such as Reports on Compliance (RoC)) required by payment card brands and acquiring banks.
Course Highlights
The PCI 3DS Core Security Standard provides a set of logical and physical security requirements as well as assessment procedures for performing PCI 3DS Assessments. The training program is comprised of single-day instructor-led course and exam.
The 3DS Assessor training covers the PCI 3DS Core Security Standard requirements, and associated testing procedures. Candidates will learn how to:
- Validate and confirm 3DS Data Environment (3DE) scope as defined by the assessed entity.
- Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed.
- Evaluate compensating controls as applicable.
- Apply independent judgement about whether the assessed entity meets PCI 3DS Core Security Standard.
- Effectively use the PCI 3DS ROC Reporting Template to produce 3DS Reports on Compliance (3DS ROCs).
- Validate and attest as to an entity’s PCI 3DS Core Security Standard compliance status.
- Conduct follow-up assessments, as needed.
- Learn how to complete the 3DS ROC and 3DS AOC documentation that are required for submission of completed assessments.
- The qualification exam is taken immediately following in-person instructor-led training or within 30 days of vILT training.
Right for You?
You are a current QSA with at least 3 years’ experience, who is employed by a QSA company, possessing the required industry certifications.
Please contact your organization’s QSA Primary Contact to enroll in the 3DS Assessor program.
Digital Badging
When you become a 3DS Assessor, display your digital badge and represent your skills and gives you a way to share your abilities online in a way that is simple, trusted and can be easily verified in real time.
Schedule
-
21 Jan 2025
07:00-13:30 ET (12:00-18:30 UTC)
Virtual Instructor-Led (vILT)
-
6 May 2025
08:00-14:30 ET (12:00-18:30 UTC)
Virtual Instructor-Led (vILT)
-
5 Aug 2025
08:00-14:30 ET (12:00-18:30 UTC)
Virtual Instructor-Led (vILT)
-
4 Nov 2025
07:00-13:30 ET (12:00-18:30 UTC)
Virtual Instructor-Led (vILT)
Virtual Instructor Led (vILT) classes are a combination of eLearning and a live webinar.
Prices
Course | Price | |
$1,500 USD | ||
Requalification 3DS Assessor Training |
$1,200 USD | |
$1,000 USD | ||
$700 USD | ||
Training class change fee | $185 USD |
Please note: Unless otherwise specified the training and exam will be delivered in English.
Price does not include any applicable VAT/HST/GST which will appear on your invoice.
*Knowledge training does not lead to assessor status.
Training Formats and Exam Information
New Training Offerings:
- Instructor-led training (ILT): In-person, instructor-led classroom training with an exam to follow.
- Virtual Instructor-led training (vILT): Combination online training and instructor-led webinars with an exam to follow.
- Please see Schedule tab for dates of ILT and vILT trainings.
New Exam Specifics:
- All exams are closed book.
- Exam is 30 multiple choice questions with a 45-minute time limit.
- Results of in person exams are delivered within 10 business days.
- Results of Pearson Vue exams are delivered upon completion of the exam.
- 75% or higher to pass the exam; the only information that can be released concerning exams is your grade.
- If you fail the exam, you must retake the New 3DS training and exam again.
Registration Process
In order to attend 3DS Assessor training you must be a full-time employee of an active QSA Company. Please see the Qualification Requirements for 3DS Assessors for more details.
All candidates must apply to the 3DS Assessor program and be approved by the PCI Council in order to enroll in a training class. All training inquiries and assignments must be submitted through your company’s assigned Primary Contact. Other requirements include:
- Must be a QSA
- Have at least 3 years’ experience as a QSA Employee
- Possess a minimum of two industry-recognized certifications with at least one in each of information security and IT audit (as defined in QSA Qualification Requirements section 3.2)
How to Prepare for the Exam
Prior to the training class, you should familiarize yourself with these publications on the PCI website:
- Payment Card Industry (PCI) Security Requirements and Assessment Procedures for EMV® 3-D Core Secure Components: ACS, DS, and 3DS Server
- Payment Card Industry (PCI) 3DS Assessor Program Guide
- Payment Card Industry (PCI) 3DS Assessor Qualification Requirements
- Payment Card Industry (PCI) Data Security Standard Requirements and Security Assessment Procedures
- Payment Card Industry (PCI) Data Security Standard Qualification Requirements for Qualified Security Assessors (QSA)
- EMV® 3-D Secure Specification
Requalification Requirements
In order to maintain the high standards set for this certification, all 3DS assessors must pass a requalification exam every 12 months and sign and accept the terms of the PCI SSC Code of Responsibility in order to continue as an active 3DS Assessor for their company.
Requalification specifics:
- Approved assessors are allowed to register for requalification training as early as 90 days prior to their expiration date. Once registered, they will receive immediate access to the eLearning training.
- Registration must be submitted no later than the candidate’s expiration date.
- Exam access is given no earlier than four (4) weeks prior to expiration date AND invoice is paid.
- A 3DS Assessor who is not registered for requalification training before midnight Eastern Time on their qualification expiration date, or who does not achieve a passing score on the exam by the end of their qualification period, will be required to re-enroll as a new candidate.
Requalification exam:
- Non-proctored remote exam
- 30 multiple choice questions with a 45-minute time limit.
- 75% or higher to pass the exam; the only information that can be released concerning exams is the grade.
- If you fail the exam, please have the primary contact email coordinator@pcisecuritystandards for the next steps.
“I thought the instructor was excellent and his insights and experience greatly helped towards the overall understanding.”
Janet Edwards, K3DES, LLC
“It was very useful to see the QSA role from the perspective of the assessor rather than from the customer's viewpoint.”
Chris Leppard, Trustwave
“The way that the instructor was able to cover a vast amount of material in a relatively short time and make us remember it - without the training it would have taken weeks and weeks to get the same level of understanding.”