Most banking applications are built on earlier architectures and technologies and pose significant security challenges, especially under the new Payment Card Industry Data Security Standards 4.0 (PCI DSS). These applications face greater risk due to coding practices at development time and the absence of modern security features like Multi-Factor Authentication (MFA). Enhancing these applications with MFA is necessary to protect against unauthorized access and data breaches.
PCI DSS v4.0 Requirement 8.4.2 mandates at least two forms of user authentication into the CDE, such as a password and a generated passcode.
This significantly reduces the risk of unauthorized access, as the compromise of one factor alone is not enough to breach the system. For banking applications, incorporating MFA provides layers of security, aligning mature systems with new compliance standards.
On HPE NonStop systems, you meet this requirement with XYGATE User Authentication (XUA). XUA seamlessly integrates MFA with your RSA SecurID, Microsoft Authenticator, Active Directory, Google Authenticator, RADIUS, and more, making your systems and users secure and compliant.
For BASE24 customers looking to achieve PCI DSS 4.0 compliance, ACI Worldwide and XYPRO have partnered to extend this same capability to BASE24. This integration strengthens the security of your HPE NonStop applications, such as BASE24, through industry-leading multi-factor authentication. User access to the BASE24 CDE is currently provided by way of the BASE24 AFT screens. With this XYPRO MFA update, users are presented with an additional screen(s) to enter authentication details with MFA Authorization provided by XYPRO.
