The PCI Security Standards Council now requires better authentication, encryption and penetration testing by companies that accept consumer payments, improvements lauded by security experts.
“There are a lot of people who consider compliance to be policy for policy sake,” said Ryan O’Leary, vice president of the threat research center at WhiteHat Security. “But with these three recommendations, it is really security-industry standards that are finally being forced upon companies. I would say, absolutely, it will move the bar forward as far as security goes.”
Administrators with access to card data must now have two-factor authentication when they log in, either locally or remotely.