Frequently Asked Question

What is meant by “non-consumer users” in PCI DSS Requirement 8?

PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators.  The term “non-consumer user” refers to all individuals, excluding cardholders, who access system components, including employees, administrators, and third parties.
May 2014
Article Number: 1067