The recent PCI DSS 4.0 and Consumer Financial Protection Circular 2022-04 setting guidelines for phishing-resistant multi-factor authentication (MFA) for user access to critical systems and customer-facing digital services have set the stage to change how financial services organizations should be thinking about their security investments not just for today but for future regulatory changes.