Our Thinking

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.

Password complexity and authentication has always been a subject of contention both for users and system  administrators. Many assume that forcing users to create more complex passwords, and changing them frequently,   will lead to greater system safety - in theory this may be true. Given human nature, things rarely go as planned and research has shown that forcing users to comply with these additional requirements has actually had a detrimental effect on system security.