The PCI 3DS certification ensures that an organization has implemented the appropriate safeguards to protect their customers' credit card data. It helps in reducing CNP payment frauds and assure security to payment service providers.  The client is a leading Indian payment software and service provider, serving multiple geographies in the financial industry segment. The application under review facilitated One Time Password (OTP) generation and verification functionality.  QRC Security Team created a Threat model to understand the client’s infrastructure, system components and the associated risks i.e. Public-facing systems such as Firewalls, Web Servers that process and transmit sensitive information from customers to internal systems were categorized into high severity systems, application servers and other infrastructure management servers that are performing critical tasks. Read the complete case study to know more.