PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > PA-DSS - Payment Application Data Security Standards > [PA-DSS] 3. Provide secure authentication features

1. [PA-DSS] 3.1 The "out of the box" installation of the payment application in place at the completion of the installation process, must facilitate use of unique usernames and secure authentication (defined at PCI DSS Requirements 8.1, 8.2, and 8.5.8-8.5.15) for all administrative access and for all access to cardholder data
2. [PA-DSS] 3.2 Access to PCs, servers, and databases with payment applications must require a unique username and secure authentication
3. [PA-DSS] 3.3 Encrypt payment application passwords during transmission and storage, using strong cryptography based on approved standards (defined in PCI DSS Glossary, Abbreviations, and Acronyms)

vBulletin® v3.7.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.