Meeting PCI DSS MFA Standards
What is the PCI SSC?
The Payment Card Industry Security Standards Council (PCI SSC) was formed in 2006 by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard.
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.
The PCI DSS set of requirements exists to ensure that organizations that are processing, storing, or transmitting credit card information maintain a secure environment to help prevent card payment fraud.
Meeting PCI DSS with Behavioral Biometrics
The Problem Implementation of PCI standards in the contact center environment has continued to prove difficult, leaving...
Is MFA Required for PCI DSS Compliance?
Administrators should always use MFA per PCI DSS Requirement 8 for access to the cardholder data environment (CDE). PCI SSC...
Meet PCI DSS Requirements with Behavioral Biometrics
PCI compliance appears to be nearly impossible to meet, and organizations are despairing at the daunting task of meeting the requirements. However, the path to compliance is there, hidden in the PCI DSS documents, and it all points to behavioral biometrics.
Twosense software takes into consideration the way a user types, the rhythm in which they use a keyboard, mouse movement, time patterns, app usage, and system flow. The biometric data is passed into a cloud-based machine learning system that builds a model of each user’s behavior, which is then used to authenticate users.
Yes. According to PCI SSC, NIST, and the European Commission, behavioral biometrics do meet PCI DSS Requirement 8 and PSD2 requirements for multi-factor authentication.
Something You Are
Biometrics measure something that is intrinsically part of an individual. This includes how a user behaves when they interact with a computer. Without a viable “something you have” in the contact center, biometrics is the only solution to PCI MFA compliance, including behavioral biometrics.
"MFA is something everyone loves to hate, but it's necessary and people get it. With Twosense we are able to make that necessary evil a little less evil."
- Taylor Highley, Director Information Systems