Category: PCI DSS Requirement 8
Identify Users and Authenticate Access to System Components
Establishing the identity of a person or process on a computer system and proving or verifying that the user associated with the identity is who the user claims to be are two fundamental principles of user identification and authentication.
An identifier, such as a user, system, or application ID, is used to associate an identity with a person or process on a computer system in order to identify them. These IDs, which are also referred to as “accounts,” fundamentally establish an individual’s or process’s identity by providing each person or process with a unique identifier that allows them to be distinguished from other users or processes. It ensures accountability for each identity’s actions when each user or process can be uniquely identified. When this kind of accountability is in place, actions can be traced back to processes and users who are known to be authorized.
The authentication factor is the component used to establish the identity. 1) Something you know, like a password or passphrase; 2) Something you have, like a token device or smart card; or 3) Something you are, like a biometric element are authentication factors.
To gain access to the rights and privileges that are associated with an account for a user, application, system, or service, the ID and the authentication factor together are referred to as authentication credentials.
To support the payment ecosystem, these identity and authentication requirements are based on industry-accepted security principles and best practices.
It should be noted that consumers/customers/individual cardholders do not have to meet these specific requirements.
Hostcomm Ltd
Hostcomm provides hosted telephony and contact centre services to businesses based on Voice over Internet Protocol (VoIP) technologies. Hostcomm enables…
- Rating
- Views
- 1598
Bomgar
Bomgar’s Secure Access solutions allow you to unleash the power of access because your connections are secure.
- Location
- Global PCI DSS Solutions
- Rating
- Views
- 3390
RSA
RSA SecurID provides world-leading two-factor authentication, protecting 25,000 organizations and 55 million users. RSA SecurID extends security to bring your…
- Location
- RSA World Headquarters174 Middlesex Turnpike Bedford, MA 01730, USA
- Rating
- Views
- 3045
CallPay
Our innovative patent-pending technology for contact centers enable merchants to accept card payments via their contact centers without agents ever…
- Location
- Unit 48, Eden on the Bay Centre, 7441 Big Bay
- Rating
- Views
- 2128
- Location
- Boston LogMeIn, Inc. 320 Summer Street Boston, MA 02210
- Rating
- Views
- 2613
Sycurio
We help organizations transform and simplify how they manage payment security, regulatory compliance and consumer data protection. Find out more about Sycurio here
- Location
- 101 Federal Street Suite 1900 Boston, MA 02110
- Rating
- Views
- 2345