In Prevent users seeing credit card numbers? - #2 by James_Mefford we identified that we could perhaps satisfy PCI rules by having a separate admin account that alone had access to sensitive credit card data.
Normally I’d expect a sensitive account (and perhaps all our accounts) to have two-factor authentication, which stops all but the most determined and well-funded attackers dead in their tracks.
Will this be supported at some point, and if not, are there any work-arounds?
- Charles