Skip to content

Meeting Requirement 8 with Continuous MFA

While compliance tends to be complicated to interpret, the primary goal of PCI 4.0 as it pertains to multi-factor authentication is clear: deploy MFA to everyone.
Asset 4-4
Asset 1-4

What is the PCI SSC?

The Payment Card Industry Security Standards Council (PCI SSC) was formed in 2006 by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard.

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.

The PCI DSS set of requirements exists to ensure that organizations that are processing, storing, or transmitting credit card information maintain a secure environment to help prevent card payment fraud.

Meeting PCI DSS with Behavioral Biometrics

The Problem Implementation of PCI standards in the contact center environment has continued to prove difficult, leaving...

Is MFA Required for PCI DSS Compliance?

Administrators should always use MFA per PCI DSS Requirement 8 for access to the cardholder data environment (CDE). PCI SSC...

Meet PCI DSS Requirements with Behavioral Biometrics

PCI compliance appears to be nearly impossible to meet, and organizations are despairing at the daunting task of meeting the requirements.  However, the path to compliance is there, hidden in the PCI DSS documents, and it all points to behavioral biometrics. 

Multi-factor authentication is mandatory per PCI DSS Requirement 8. You can find a full analysis of PCI DSS compliance as it pertains to MFA here.

Twosense software takes into consideration the way a user types, the rhythm in which they use a keyboard, mouse movement, time patterns, app usage, and system flow. The biometric data is passed into a cloud-based machine learning system that builds a model of each user’s behavior, which is then used to authenticate users.

Yes. According to PCI SSC, NIST, and the European Commission, behavioral biometrics do meet PCI DSS Requirement 8 and PSD2 requirements for multi-factor authentication.

"MFA is something everyone loves to hate, but it's necessary and people get it. With Twosense we are able to make that necessary evil a little less evil."

- Taylor Highley, Director Information Systems