More on Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) should be utilized by all Facilitators and Referrers to structure an additional layer of security to increase the security of your information and prevent hacks and malicious attacks on your accounts.

MFA Platform Requirements

MFA is required when using a Session ID within the Portal or Payrix API.

MFA Browser Compatibility

MFA works with most browsers, but be sure to review pop-up blockers that may prevent the MFA announcement or “Remember Me” message from displaying.

MFA Enablement Deadline

MFA must be enabled for all users within your portfolio by April 2024.

After this time, any user not enrolled or enabled will be prompted to enroll in MFA and select their preferred authentication option: SMS/Text or Authenticator App). This is an automated requirement and cannot be skipped.

MFA Enrollment Reset and Management

MFA reset and re-enrollment is only required for users who damage their device, lose their device, purchase a new device, or have their device stolen.

  • The new /mfa API endpoint allows users to manage or reset their MFA setup. (This requires users with the need to submit an Implementations Ticket to be enabled.)

  • No scenario exists that would require a User to re-enroll in MFA after initial successful enrollment.

MFA Login Flow Changes

  • The “Remember Me” login function is still available for all users, including partners and merchants.

  • The “Login As” Portal function is still available for users with enabled and validated MFA to log in.

  • Merchants using Single Sign-On (SSO) to login to the Portal through their Referrer are not required to use MFA.

API Use Flow Changes with MFA

Facilitators and Referrers setting up platforms with the sole purpose of API usage are not required to use MFA as their private API key will act as their authentication method.

  • For Facilitators and Referrers that choose this option, disable Portal Access and Login As Access from the User Profile of any API-only user or enroll them in MFA for maximum security as normal.