Frequently Asked Questions

< Back to search page

What is meant by “non-consumer users” in PCI DSS Requirement 8?

FAQ Response

PCI DSS Requirement 8 addresses secure authentication requirements and requires that all passwords and other authentication credentials be securely managed. These requirements apply to all non-consumer users and administrators.  The term “non-consumer user” refers to all individuals, excluding cardholders, who access system components, including employees, administrators, and third parties.

May 2014
Article Number 1067