Timeline for PCI DSS 4.0: The Eighth Requirement and Strong Authentication

pci dss 4.0 featured

Moving through the requirements of PCI DSS 4.0, we’re well over halfway through. During this journey, we’ve touched on cryptography, security and perimeter management, network security, authorization, and other critical security considerations. Now, we come up against the authentication and identity management problem with the eighth requirement. 

Authentication isn’t simply about passwords and CAPTCHAs, however. Regarding payment processing and protecting cardholder data, retailers and processors are expected to implement strong and effective authentication at the point of purchase and in any system that holds PAN information. 

 

Read More

Timeline for PCI DSS 4.0: The Seventh Requirement and System Access

PCI DSS 4.0 featured

As we work through the requirements of PCI DSS, we’ve run into several calls for securing data against “unauthorized users.” Operationally, this makes sense–cardholder data should be protected against use or viewing by people that don’t have a reason to do so. However, any effective IT security system must have a method to ensure that only authorized individuals access resources. This is what the seventh requirement of PCI DSS 4.0 addresses–restricting access to system components and cardholder data. 

 

Read More

Timeline for PCI DSS 4.0: The Sixth Requirement and Maintaining Secure Systems

PCI DSS 4.0 sixth requirement featured

Software, whether a locale installation or a web application, carries the risk of attack. While phishing and other social engineering attacks are some of the most common forms of a system breach, hackers still go for open vulnerabilities in software, whether due to bugs or misconfigured settings. That’s why the sixth requirement of the PCI DSS 4.0 emphasizes the practices and policies that help maintain secure software. 

 

Read More