The latest update to PCI DSS, version 4.0.1, introduces a critical focus on phishing-resistant authentication factors to combat evolving cyber threats. Yew Kuann Cheng, regional vice president for the Asia Pacific at the PCI Security Standards Council, emphasizes that businesses leveraging advanced anti-phishing technologies can more efficiently meet multi-factor authentication (MFA) requirements.

However, Cheng cautions that MFA only strengthens security when correctly implemented and advises moving away from vulnerable methods like SMS-based one-time passwords. He encourages organizations to adopt the new standards ahead of the April 2025 compliance deadline to proactively address emerging risks.

Cheng’s insights, shared in a video interview with Information Security Media Group, explore the significance of phishing-resistant MFA in PCI DSS 4.0.1 compliance, best practices for implementing robust authentication, and strategies for early preparation. With over two decades of experience in cybersecurity, payments, and risk management, Cheng leads regional PCI engagement efforts from Singapore. His guidance underscores the importance of adopting resilient security frameworks as the threat landscape continues to evolve.