Frequently Asked Question

What is meant by "non-consumer users" in PCI DSS Requirement 8?

PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators.  The term "non-consumer user" refers to all individuals, excluding cardholders, who access system components, including employees, administrators, and third parties.
Last updated: May 2014
Originally published: April 2012
Article Number: 1067

Featured FAQ Articles