When the PCI Security Council issues its new payments security requirements on Thursday (April 28), it is going to impose new rules about authentication and service providers. What is intriguing about the new edicts in 3.2 is the council’s new acknowledgment that to protect payment, protections have to happen in the larger corporate universe.

For quite some time, the rules have required multifactor authentication for people who work directly with any payments data. Bowing to real-world reality, PCI will, as of Thursday, insist on multifactor authentication for anyone whose network access privileges might possibly enable them to touch payments data, whether it’s their job or not. In other words, the universe of people who will have to abide by PCI rules just got a lot larger.

To read this article in full or to leave a comment, please click here