In line with PCI DSS 4.0.1 Requirement 8.3.6, our Payment Service Provider, Cardstream, will be updating the password policy for the Merchant Management System (MMS) to enforce a minimum password length of 12 characters.
From Tuesday 3rd June:
- MMS Users with passwords fewer than 12 characters will be prompted to update their password upon attempting to log in to MMS.
- Additionally, after periods of extended inactivity, User Accounts that have not logged in for 120 days will be temporarily suspended and made inactive within the Gateway.
All Users must ensure their password has been updated to meet the 12-character minimum length prior to Monday 4th August.
Please ensure that all staff members within your organisation are aware of these changes to prevent any inconvenience when attempting to log in to MMS.