PCI DSS requires all organizations collecting payment card information to ensure that they use two-factor authentication to identify remote users that need to access resources, whether they are employees, administrators or third parties. While account name and password is typically the easiest and least expensive method of logon authentication, organizations have now started to realize the weaknesses of this method. Passwords can be guessed or cracked using dictionary attacks, or users can be tricked into disclosing their passwords to other people. Zfraudshield’s Anti-Fraud API supports a second out of band authentication method through telephone authentication. If users of your site are obligated to type in a password and provide additional information, such as enter a PIN or unique piece of information such as a birthday into a phone then a hacker or Fraudster would not be able to get into the network or use a fraudulent credit card with a password alone.