PCI DSS 4.0 has evolved the Standard’s Multifactor Authentication (MFA) requirements. The updated Standard now calls for MFA for all access into the Cardholder Data Environment (CDE) as well as updating specifications on the functionality of the MFA solution.

These new MFA requirements are considered best practice until March 31st, 2025 after which they must be fully implemented for an entity that is maintaining compliance with PCI DSS and if the specific controls for multifactor authentication apply to their environment.

Account hacking and data breaches involving the use of lost or stolen credentials are the most  common security threats that users encounter in cyberspace, involved in over 80% of breaches. It is