Company continues to meet global industry standards and serve as an added layer of trusted security for connected payment devices
Keyfactor, the machine and IoT identity platform for modern enterprises, today announced it is now Payment Card Industry Data Security Standard (PCI DSS) v3.2 certified.
Keyfactor’s PKI-based digital identity and integrity capability supports every facet of digital trust for devices that process, store and/or transmit cardholder data. While Keyfactor does not directly handle sensitive cardholder data, many of its customers do. With this new certification, Keyfactor customers will continue to prevent data breaches and further protect their own customers’ sensitive credit card information.
“Our clients trust Keyfactor for its commitment to putting security first. Part of that commitment is upholding current and future global industry standards,” said Earl Siedlecki, Senior Vice President, Cloud Operations & Compliance, Keyfactor. “As a cybersecurity company working with enterprises in regulated industries, it’s our responsibility to assure data and systems are protected. This new PCI certification validates why we are the most trusted machine and IoT identity management solution in the market.”
The Payment Card Industry Security Standards Council (PCI SSC) has overseen the PCI DSS since 2004, when it was first established by American Express, Visa, Mastercard, Discover Financial Services and JCB International. PCI DSS v4.0, which goes into effect by March 31st, 2024, replaces PCI DSS version 3.2.1 to better address and combat emerging threats and technologies. As part of the upcoming changes for 4.0, the PCI council requires more robust authentication controls to be enforced. Other new requirements include:
- Access privileges must be reviewed twice a year;
- Multifactor authentication (MFA) should be used for all accounts with access to sensitive cardholder data, rather than just the security administrators;
- The use of strong, unique passwords for accounts, such as having at least 15 characters that include both numeric and alphabetic characters. PCI DSS indicates that prospective passwords be compared against a list of known bad passwords;
- Vendor or third-party accounts should only be used as needed and monitored for security risks;
- And more.