Understanding PCI Compliance and Two-Factor Authentication (2FA)

    IT pros get the importance of proper security. The dangers are getting ever worse, and credit card breaches are one of the most expensive, dangerous and widespread of today’s exploits.

    This is where PCI compliance, along with two-factor authentication, or 2FA, comes in.

    What is PCI?

    PCI stands for the Payment Card Industry, and is often followed by the letters DSS, which stand for Data Security Standard. This s a set set of standards that all companies need to f adhere to if they do any of the following:

    • Accept credit card information
    • Process credit card information
    • Store credit card information
    • Transmit credit card information

    Enforcing PCI helps ensure secure environment for credit card customers, and offer these customers peace of mind. PCI began in 2006 as e-commerce exploded. The PCI group is aggressive in updating and strengthening the standard, making it the gold standard for credit card security. PCI DSS is administered by a body that includes all the major credit card companies. There are several different PCI compliance levels. Merchants fall into one of the four categories based on transaction volume over the course of a year. The merchant levels, defined by Visain this example, are Merchant Level 1 through Merchant Level 4.

    Merchant Level 1 outfits process more than six million Visa transactions a year. Visa determines who to categorize as Level 1, and these companies do not always have to meet that six million mark.

    Merchant Level 2 are those who process between one million and six million Visa transactions each year. Those processing between 20,000 and one million Visa e-commerce transactions a year are considered Level 3, and those who process fewer than 20,000 ecommerce transactions are Level 4.

    It makes sense to look up the latest requirements and the various levels to know where you fit into the system and see if this means any changes in how you handle credit cards.

    What Elements of Compliance Require 2FA?

    Two-factor authentication, which adds another layer of security to online payments, is a requirement of PCI compliance, and  is a part of meeting the minimum levels of security. 2FA protects remote access logins by offering strong authentication. According to PCI Requirement 8.0, organizations must have a unique ID for all persons with computer access. In addition, Requirement 8.3 says they need to use two-factor authentication processes for remote access to the network by third parties, employees, and administrators.

    What Should Your 2FA Solution Look Like?

    Since you need 2FA, use quality technologies that work well for your needs. You might need options for desktop and mobile users accessing your service.

    AuthAnvil to the Rescue

    When implemented correctly using a quality solution, 2 –factor authentication will keep  your digital infrastructure safe without inconveniencing employees, and serve as the basis of a security service.

    You may want to use 2FA in conjunction with single sign-on (SSO) to make it easier for employees to sign in safely to credit systems. SSO allows users to have direct access to all of the platforms they use, but they need only one credential to access them. It’s like having a single, very secure key to access 100 different doors with 100 individual locks.

    SSO is definitely something you’ll want to look for when considering your options for a 2FA vendor. However, remember that just offering SSO isn’t good enough – you must also do a deep dive to understand any 2FA vendor you are evaluating.

    Learn how AuthAnvil deepens security through 2FA here.

    Ready to Get Started?

    Let's Talk