PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1487 Published

Can a 3DS entity outsource the hosting and management of its HSMs to a third-party service provider?

Yes, a 3DS entity may choose to outsource the hosting and management of its HSM infrastructure to a third-party service provider as long as all applicable requirements are met.  The 3DS entity should work with their service provider to determine which requirements are covered by the service provider and which are covered by the 3DS entity.  The 3DS entity remains ultimately responsible for ensuring that all applicable requirements regarding the hosting and management of HSMs are met.  Please refer to the "Use of Third-Party Service Providers / Outsourcing" section in the PCI 3DS Core Security Standard for more information.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.