What is your experience with Visa 3DES Compliance?

Your answer was selected as Best Answer
Your Public Answer:
“Hi ...., You mentioned about 2 different programs. The first one is Visa Authenticated Payment Program - the The 3-D Secure protocol. 3-D secure (a.k.a. 3-Domain Secure) is a Visa program for "card not present" internet transactions. In US a similar program exists with the "Verified by Visa" name. As far as I know there are no compliance requirements for 3-D secure. The intend is the decrease the fraud rate with extented authentication. More information is available at: http://partnernetwork.visa.com/pf/3dsec/main.jsp On the other side all payment brands formed and organization called Payment Card Industry Security Standards Council (PCI SSC) to enforce higher level of standards for safe handling of sensitive information. The standard is called PCI DSS (Data Security Standard). Any organization that stores, processes, or transmits cardholder data is subject to 12 main requirements in the latest PCI DSS 1.1 standard. Compliance requirements vary by scale, operation type and the geographical region. The best starting point is : https://www.pcisecuritystandards.org I have been involved in actual audits so let me know if you have any specific questions. Regional payment brands web sites are good for getting local requirements (e.g. Visa, Mastercard) cheers, - yinal”