Skip to content

Meeting PCI DSS MFA Standards

360_F_361341058_6Z4yEgkxanAITHUQwjM2xEj57brAteup (1)

What is the PCI SSC?

The Payment Card Industry Security Standards Council (PCI SSC) was formed in 2006 by American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard.

The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the Payment Card Industry Security Standards Council.

The PCI DSS set of requirements exists to ensure that organizations that are processing, storing, or transmitting credit card information maintain a secure environment to help prevent card payment fraud.

Meeting PCI DSS with Behavioral Biometrics

The Problem Implementation of PCI standards in the call center environment has continued to prove difficult, leaving...

Is MFA Required for PCI DSS Compliance?

Administrators should always use MFA per PCI DSS Requirement 8 for access to the cardholder data environment (CDE). PCI SSC...

Coming soon: The PCI DSS Whitepaper

Everything you need to know about PCI DSS requirements in the call center environment as it pertains to MFA...

Meet PCI DSS Requirements with Behavioral Biometrics

PCI compliance appears to be nearly impossible to meet, and organizations are despairing at the daunting task of meeting the requirements.  However, the path to compliance is there, hidden in the PCI DSS documents, and it all points to behavioral biometrics. 

Multi-factor authentication is mandatory per PCI DSS Requirement 8. You can find a full analysis of PCI DSS compliance as it pertains to MFA here.

Twosense software takes into consideration the way a user types, the rhythm in which they use a keyboard, mouse movement, time patterns, app usage, and system flow. The biometric data is passed into a cloud-based machine learning system that builds a model of each user’s behavior, which is then used to authenticate users.

Yes. According to PCI SSC, NIST, and the European Commission, behavioral biometrics do meet PCI DSS Requirement 8 and PSD2 requirements for multi-factor authentication.

360_F_408329121_A1nCCMegfWaHIV1Ermd87pP7hGz5cBvc
Understanding Behavioral Biometrics

Something You Are

Biometrics measure something that is intrinsically part of an individual. This includes how a user behaves when they interact with a computer. Without a viable “something you have” in the call center, biometrics is the only solution to PCI MFA compliance, including behavioral biometrics.

"MFA is something everyone loves to hate, but it's necessary and people get it. With Twosense we are able to make that necessary evil a little less evil."

- Taylor Highley, Director Information Systems