Category: PCI DSS Requirement 8
Identify Users and Authenticate Access to System Components
Establishing the identity of a person or process on a computer system and proving or verifying that the user associated with the identity is who the user claims to be are two fundamental principles of user identification and authentication.
An identifier, such as a user, system, or application ID, is used to associate an identity with a person or process on a computer system in order to identify them. These IDs, which are also referred to as “accounts,” fundamentally establish an individual’s or process’s identity by providing each person or process with a unique identifier that allows them to be distinguished from other users or processes. It ensures accountability for each identity’s actions when each user or process can be uniquely identified. When this kind of accountability is in place, actions can be traced back to processes and users who are known to be authorized.
The authentication factor is the component used to establish the identity. 1) Something you know, like a password or passphrase; 2) Something you have, like a token device or smart card; or 3) Something you are, like a biometric element are authentication factors.
To gain access to the rights and privileges that are associated with an account for a user, application, system, or service, the ID and the authentication factor together are referred to as authentication credentials.
To support the payment ecosystem, these identity and authentication requirements are based on industry-accepted security principles and best practices.
It should be noted that consumers/customers/individual cardholders do not have to meet these specific requirements.
RSA SecurID provides world-leading two-factor authentication, protecting 25,000 organizations and 55 million users. RSA SecurID extends security to bring your…
- RSA World Headquarters174 Middlesex Turnpike Bedford, MA 01730, USA
We help organizations transform and simplify how they manage payment security, regulatory compliance and consumer data protection. Find out more about Sycurio here
- 101 Federal Street Suite 1900 Boston, MA 02110