April 12, 2019

Corporate Compliance Insights: Businesses Must Go Beyond MFA to Be PCI Compliant

Acceptto's CEO Shahrokh Shahidzadeh discusses why it is time to replace password-based credentials in Corporate Compliance Insights article.

As American consumers increasingly rely on cashless spending,  the Payment Card Industry Data Security Standard (PCI DSS) arose to develop a set of requirements applying to companies of any size that accept credit card payments.

The Payment Card Industry Security Standards Council (PCI SSC) has identified a three-step process to maximize the security of cardholder data. They recommend to continuously monitor and enforce the use of controls specified in the PCI DSS and suggest that organizers approach this as a process and not a one-time (or even just annual) project. The continuous process recommended is:

  • Assess: Identifying cardholder data, taking an inventory of IT assets and business processes for payment card processing and analyzing them for vulnerabilities.
  • Remediate: Fixing vulnerabilities and eliminating the storage of cardholder data unless absolutely necessary.
  • Report: Compiling and submitting required reports to the appropriate acquiring bank and card brands.

Read the full article here





cognitive authentication dataprivacyday PCI PCI compliance Payment Card Industry Security Standards