Three-Domain Secure (3DS or 3-D Secure) is a protocol designed to add additional security layer for card-not-present (CNP) transactions, reducing the likelihood of fraudulent usage of payment cards by providing abilities to authenticate cardholders with card issuers. The three domains consist of the acquirer domain, issuer domain, and the interoperability domain (e.g. payment systems). EMVCo developed a new industry specification, EMV 3-D Secure, which supports new payment channels other than traditional browser-based e-commerce transactions, like app-based transactions.

PCI 3DS is core security standard established by PCI Security Standards Council (PCI SSC), providing a framework for three critical EMV 3DS components - Access Control Server (ACS), Directory Server (DS), and 3DS Server (3DSS)- to implement physical and logical security controls to support the integrity and confidentiality of the 3DS transaction process. The PCI 3DS core security standard composes of baseline security requirements and 3DS security requirements, to protect 3DS data, technologies, and processes.

Alibaba Cloud demonstrated compliance with applicable PCI 3DS requirements based on the provided cloud computing products/services. Please refer to 3DS Attestation of Compliance (AOC) for detailed information. By complying with PCI 3DS core security standard, Alibaba Cloud assures the customers of providing cloud infrastructure and cloud products that can support them to build a secure environment where ACS, DS, and/or 3DSS functions are performed.

Please refer to PCI 3DS Core Security Standard for more details.