Two factor authentication?

In Prevent users seeing credit card numbers? we identified that we could perhaps satisfy PCI rules by having a separate admin account that alone had access to sensitive credit card data.

Normally I’d expect a sensitive account (and perhaps all our accounts) to have two-factor authentication, which stops all but the most determined and well-funded attackers dead in their tracks.

Will this be supported at some point, and if not, are there any work-arounds?

  • Charles

We are working on this for our PCI compliance as well. It is coming but not sure on the timeline. I read through the referenced thread, and seems strange that they would require you to jump through hoops for our software. We go through a PCI audit every year and I haven’t heard of this happening for one of our customers. I reached out to our main PCI guru to see if she can maybe help out and answer some of these questions on requirements.

1 Like