Payment Card Industry Data Security Standard (PCI DSS) compliant mode for MFA

Provides a brief introduction to PCI DSS MFA.

In multi-factor authentication (MFA), each piece of evidence needs to confirmed before the next piece of evidence is provided to the user. In Payment Card Industry Data Security Standard (PCI DSS) compliant mode of MFA, Enterprise Application Access (EAA) complies with the PCI DSS 2018 standard. For example, if an authentication error occurs with an incorrect username, password, or two factor authentication (2FA), the specific failure is not disclosed to the user. This makes it harder for malicious users to use brute-force attack mechanisms to recover usernames and passwords.

EAA supports PCI DSS MFA for Akamai IdP for additional security and works only with TOTP as 2FA. The PCI DSS MFA does not work with Integrated Windows Authentication (IWA) or certificate-based authentication. It must be configured at the identity provider level and not, for example, for each application or each directory.