PCI (Payment Card Industry Security Standard)_Req 8.2.2
PCI (Payment Card Industry Security Standard) Identify and authenticate access to system components Req 8.2.2 8.2.2 Verify user identity before modifying any authentication credential-for example performing password resets provisioning new tokens or generating new keys. Many malicious individuals use “social engineering”-for example calling a help desk and acting as a legitimate user-to have a password changed so they can utilize a user ID. Consider use of a “secret question” that only the…