PCI 3DS Core Security Standard

The PCI Security Standards Council is a global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The Standards Council was established by the major credit card associations (Visa, MasterCard, American Express, Discover, JCB) as a separate organization to define appropriate practices that merchants and service providers should follow to protect cardholder data.

The PCI 3DS (or Three Domain Secure, 3-D Secure) is a modern messaging protocol that enables consumer authentication with their card issuer when making online purchases. This additional layer of security helps prevent online fraud, making online shopping safer for merchants and consumers.

Google Cloud has undergone a third-party audit to certify individual products against the PCI 3DS Core Security Standard. This means that these products / cloud services provide an infrastructure upon which customers may build their own services or applications supporting 3DS environments (3DE). It is important to note that customers are still responsible for ensuring that their applications are PCI 3DS compliant. 

The following Google Cloud services have been reviewed by an independent 3DS Assessor and determined to meet applicable PCI 3DS controls. The 3DS Assessor issued an Attestation of Compliance (AoC) for the Google Cloud PCI 3DS environment. In addition, we have created a Shared Responsibility Summary and Whitepaper to help explain the shared responsibility between Google and its customers. 

Potential customers can reach out to sales for more information.