PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
FAQ #1425 Deleted

What is the difference between "multi-factor" authentication and "two-factor" authentication?

The term “two-factor” was replaced with the term “multi-factor” in several requirements in PCI DSS v3.2 (Requirements 8.3, 8.3.1, 8.3.2, and 8.5.1). The intent of this change was to use more consistent terminology that accurately represents the meaning of the term. This is simply a change in naming convention and does not alter its definition, which is that at least two authentication factors are used in the authentication process.
 

View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.