We are introducing Multi Factor Authentication (MFA) to Visa Commercial Pay products. This adds a layer of protection to the sign-in process. When MFA is enabled, users will be required to provide additional identity verification in the form of a time-based one-time passcode.
If you have Multi Factor Authentication (MFA) enabled, end users will be prompted to set it up at the first time login. The set up process is listed below:
The end user will be presented with the option to download the Visa Commercial Pay App. They can also click to use their own authenticator app.
If they click to use their own authenticator, they will be presented with a QR code to scan.
Clicking View supported apps will display a list of apps that are compatible.
If the user is unable to scan the QR Code, they can click the Unable to scan the QR code? link, which will present them with a manual key to enter. When this has been entered into the authenticator app, they can click Continue.
They will be asked to enter the code from their authenticator app and click Verify.
A confirmation message will be displayed and the user can click Continue to complete their login.
You can set a migration date in Visa Commercial Pay Online, which will allow users to skip setting up MFA and continue using the existing sign-in process until your chosen migration date. If they do not enable MFA during the migration period, they will be forced to complete MFA set-up at their next login after the migration date has passed.
Until end users set up MFA, they will follow the existing process which uses a memorable word. Once MFA is set up, they will only need to enter characters from their memorable word at the very first login after completing set up. For all subsequent logins, they will only be asked to provide the code from their chosen authenticator.
Once enabled, the Forgotten Password process also uses a time-based one-time passcode in place of the security question and answer and your memorable word.
When a Visa Commercial Pay App user has set up MFA, the app will automatically include a new ‘Authenticator’ menu option when the user is logged in to the app with the same username and password that they use to log in to the Visa Commercial Pay web portals. This Authenticator option is not visible to any app users who have not started the MFA set-up process. The passcode will refresh every 30 seconds, and a countdown timer is displayed to indicate how long is left before the code will refresh.
You can also use a 3rd-party authenticator. Clicking View supported apps at MFA setup displays a list of supported 3rd-party authenticators.