Reply
Highlighted
Moderator
Posts: 30
Registered: ‎03-05-2013

FAQ - Is 2FA required by governments or in industry standards?

Yes, in many regions and industries, 2FA is a requirement or a primary means to meet requirements.

The table below highlights some industries and areas where 2FA will fulfill security requirements:

Industry: Banking/Financial Institutions/Investing/Payments

Standard: PCI DSS 3.0

Requirement 8.3 requires two-factor authentication for remote access by personnel & third- party vendors accessing PCI environments systems

Industry: Healthcare

Standard: HIPAA HiTech

Implementing two-factor authentication is required for granting remote access to systems that contain EPHI.

Industry: Digital / Online Retail

With a recent string of retail industry breaches (Target, Neiman Marcus, Michaels, Home Depot, Sally Beauty, P.F. Chang’s, etc.), an official US-CERT alert has been released by the U.S. Department of Homeland Security warning against a new family of point-of-sale (POS) malware, and recommending the use of two-factor authentication for remote desktop access, including with VPNs.

Furthermore, for end-users accessing online/digital retail sites, the addition of 2FA for password resets and validation of transactions greatly reduce the incidence of fraud, both protecting the retailer and the end-user.

Government Regulations

The US White House signed an executive order last October, which requires agencies to use multiple factors of authentication whenever using web applications to provide citizens with personal data.

Indian central bank, RBI mandates the use of two factor authentication for all IVR and mobile-based online payments above 2,000 Indian rupee

Two-Factor Authentication (2FA) has been mandated in Singapore for online banking transactions since December 2006.

Proactive individual security: Avoiding breaches

 

2FA can avoid incidences like: 150M people had details stolen during Adobe breach, 6M people from LinkedIn, frequent Twitter & social media account hacks and Contactless card frauds where stolen data was used to order goods worth 3,000 British pounds.

Sources:

William Dudley Group Director, Mobile Evangelist and Global Solutions Strategy,
SAP Digital Interconnect