
PCI Requirement 8.2.2 – Verify User Identity Before Modifying Any Authentication Credential
Preventing Social Engineering PCI Requirement 8.2.2 states, “Verify user identity before modifying any authentication credential.” How could this play out at your organization? Let’s imagine that you need a password reset, so you call a help desk and tell them the situation. If they unlocked your account and helped you reset the password, no questions asked, then what would stop an attacker from calling the help desk and asking the…



