PCI DSS v. 3.2 went into effect this fall, although many requirements are only “best practices” until February 2018. Version 3.2 has been drafted to attempt to reconcile the challenges facing technology payments and the protecting consumer data. Version 3.2 contains a number of new requirements for organizations to follow. One is a requirement for organizations to require ‘multi-factor authentication’ for all ‘non-console’ administrative access and all non-remote access to the Cardholder Data Environment (‘CDE’).
Courtney Stout is quoted in Payments & FinTech Lawyer, discussing the changes in PCI DSS here.