Multi-factor authentication (MFA) is an extra layer of protection against cyberthreats like phishing attacks and account takeovers. It verifies your identity with two different “factors” of authentication when you log in.
Your Merchant Portal password.
A one-time verification code sent to your email, phone, or authenticator app
We use MFA to help protect your account and secure sensitive payment data. You may already be familiar with MFA. It’s a common way for companies to implement strong identity verification and to comply with regulatory standards for data security and protection.
When you log in to Merchant Portal for the first time after we’ve enabled MFA, you’ll get a prompt to secure your account. Then, you need to designate your “primary” authentication method by selecting one of the following options:
Your verified email, which was used during the Merchant Portal registration process
A text message (SMS) to your mobile phone
An authenticator app installed on your device (such as Google Authenticator, Authy, Duo Mobile, or Microsoft Authenticator)
Once you select your primary method, you’ll receive a verification code. Just enter that code when you log in—and you’re done!
Select any one of these options as your primary authentication method:
Your verified email, which was used during the Merchant Portal registration process
A text message (SMS) to your mobile phone
An authenticator app installed on your device (such as Google Authenticator, Authy, Duo Mobile, or Microsoft Authenticator)
Once you set up MFA, you’ll need to enter the unique verification code you receive:
When you log in (or you can select to prompt MFA at login every 45 days instead)
When you log in from a new device or new web browser
When you need to view or download sensitive data (like full card numbers)
No. You’ll only need to authenticate once, and that will cover you for all the apps and systems in Merchant Portal for that login session. If you prefer, you can select to prompt MFA at login every 45 days instead.
However, you’ll need to authenticate with MFA when you log in from a new device or new web browser, and when you need to view or download sensitive data (like full card numbers).
Yes. You’ll need to set up MFA for each of your accounts, including elevated ones.
You can! You can make the switch in the Reporting or Accounts apps within the “Account Security” section.
An authenticator app will generate a verification code for you. Since the verification code generates from your device (generally your mobile phone), the MFA process may be even safer and more convenient for you.
If you choose this method during the MFA setup process, you’ll need to download an app first. We’ll provide you with download links to a few popular ones such as Google Authenticator, Authy, and Microsoft Authenticator. Then, you’ll need to verify your account using a one-time QR code.
If you haven’t received your verification code, try these troubleshooting methods:
Have a code sent to you again—a sent code expires after five minutes.
If this is your first time authenticating with your chosen method, a third-party security app on your mobile phone might be blocking the text message or phone call. Try disabling the security app temporarily while you go through the authentication process again.
If that doesn’t work, try selecting a new primary authentication method.
If you still don’t receive the code using another method, contact your local customer care representative.
No problem—contact your local customer care representative to add a new email address to your account.
We’re happy to help. Contact your local customer care representative to add a new phone number to your account.
Our team is on hand to assist. Contact your local customer care representative to reset your password.