8.3.10—Additional requirement for service providers only: If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data (i.
>Requirement Description
Additional requirement for service providers only: If passwords/passphrases are used as the only authentication factor for customer user access to cardholder data (i.e., in any single-factor authentication implementation), then guidance is provided to customer users including: Guidance for customers to change their user passwords/passphrases periodically. Guidance as to when, and under what circumstances, passwords/passphrases are to be changed. Applicability Notes This requirement applies only when the entity being assessed is a service provider. This requirement does not apply to accounts of consumer users accessing their own payment card information. This requirement for service providers will be superseded by Requirement 8.3.10.1 once 8.3.10.1 becomes effective.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.