TRENDING:

Fraud Management & Cybercrime , Fraud Risk Management , PCI Standards

PCI DSS to Focus on Phishing-Resistant Authentication

PCI Security Standards Council's Yew Kuann Cheng on Moving to the Latest Version Suparna Goswami (gsuparna) • January 8, 2025    
Yew Kuann Cheng, regional vice president, Asia Pacific, PCI Security Standards Council

While PCI DSS 4.0 tackled evolving threats, the newly introduced version 4.0.1 focuses on phishing-resistant authentication factors. Yew Kuann Cheng, regional vice president for the Asia Pacific region at PCI Security Standards Council, shared insights on adapting to the new requirements and the role of MFA in security.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

"One very interesting update in version 4.0.1 is the recognition of phishing-resistant authentication factors," Cheng said. "For companies who have adopted leading technology to protect themselves from phishing attacks, these companies can use that as a way to satisfy MFA requirements more easily."

MFA works effectively only when implemented correctly, Cheng said. He urges organizations to follow the guidelines meticulously and move away from vulnerable methods such as SMS-based one-time passwords.

He advises companies not to wait until the April 2025 deadline to adopt the new requirements, as the updates are designed to address emerging threats proactively.

In this video interview with Information Security Media Group, Cheng also discussed:

  • The role of phishing-resistant MFA in meeting PCI DSS 4.0.1 requirements;
  • Best practices for implementing MFA to ensure robust security;
  • How organizations can prepare for compliance ahead.

Cheng leads PCI engagement activities in the region for the PCI Security Standards Council and is based in Singapore. He has more than 20 years of experience in risk management, payments and cybersecurity.

Previous
Longtime Tenable CEO, NetWitness Head Amit Yoran Dies at 54
Next
Patch Alert: Remotely Exploitable LDAP Flaws in Windows

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.



Around the Network

Contingency Planning for Attacks on Critical Third Parties
Contingency Planning for Attacks on Critical Third Parties
The Future of CISA in Healthcare in the New Administration
The Future of CISA in Healthcare in the New Administration
Protecting the C-Suite in the Wake of UHC CEO's Murder
Protecting the C-Suite in the Wake of UHC CEO's Murder
How Will Health Data Privacy, Cyber Regs Shape Up in 2025?
How Will Health Data Privacy, Cyber Regs Shape Up in 2025?
What's Ahead for Healthcare Cyber Regs, Legislation in 2025?
What's Ahead for Healthcare Cyber Regs, Legislation in 2025?
Why Hackers Love Weekend and Holiday Attacks
Why Hackers Love Weekend and Holiday Attacks
Addressing Gen AI Privacy, Security Governance in Healthcare
Addressing Gen AI Privacy, Security Governance in Healthcare
Wanted: An Incident Repository For Healthcare Nonprofits
Wanted: An Incident Repository For Healthcare Nonprofits
How Hackers Can Manipulate AI to Affect Health App Accuracy
How Hackers Can Manipulate AI to Affect Health App Accuracy
Protecting Highly Sensitive Health Data for Research
Protecting Highly Sensitive Health Data for Research

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.

  翻译: