PCI Security Standards Council now requires better authentication, encryption and penetration testing by companies that accept consumer payments. Administrators with access to card data must now have two-factor authentication when they log in, either locally or remotely. Previously, passive vulnerability scans were sufficient to comply with the new rules, however, active penetration tests will be mandatory. The only complaint security experts had with new guidelines was that they didn’t always go far enough. Some browsers and servers are still using old, outdated versions of these standards.”]