When users access cardholder data, they need more than just a username to prove their identity. This extra security step is called multi-factor authentication.
Multi-factor authentication requires users to provide their unique ID plus at least one of these:
- Something you know – like a password or security phrase.
- Something you have – like a security token or smart card.
- Something you are – like a fingerprint or face scan.
Why is this important?
Using multiple forms of identification makes it much harder for unauthorized people to access sensitive data. Every user must have their unique ID, plus at least one additional authentication method, before they can view cardholder information.
This combination ensures that even if someone steals a password, they still can't access the data without the second form of verification.