Skip to main content

Multi Factor Authentication

  • Updated

We are introducing Multi Factor Authentication (MFA) to Visa Commercial Pay products. This adds a layer of protection to the sign-in process. When MFA is enabled, users will be required to provide additional identity verification in the form of a time-based one-time passcode.

If you have Multi Factor Authentication (MFA) enabled, end users will be prompted to set it up at the first time login. The set up process is listed below:

  1. The end user will be presented with the option to download the Visa Commercial Pay App. They can also click to use their own authenticator app.

    VCP_MFA-05.png

  2. If they click to use their own authenticator, they will be presented with a QR code to scan.

    VCP_MFA-07.png

  3. Clicking View supported apps will display a list of apps that are compatible.

    VCP_MFA-10.png

  4. If the user is unable to scan the QR Code, they can click the Unable to scan the QR code? link, which will present them with a manual key to enter. When this has been entered into the authenticator app, they can click Continue.

    VCP_MFA-08.png

  5. They will be asked to enter the code from their authenticator app and click Verify.

    VCP_MFA-06.png

  6. A confirmation message will be displayed and the user can click Continue to complete their login.

     
    mceclip0.png

You can set a migration date in Visa Commercial Pay Online, which will allow users to skip setting up MFA and continue using the existing sign-in process until your chosen migration date. If they do not enable MFA during the migration period, they will be forced to complete MFA set-up at their next login after the migration date has passed.

mceclip0.png

Until end users set up MFA, they will follow the existing process which uses a memorable word. Once MFA is set up, they will only need to enter characters from their memorable word at the very first login after completing set up.  For all subsequent logins, they will only be asked to provide the code from their chosen authenticator.

Once enabled, the Forgotten Password process also uses a time-based one-time passcode in place of the security question and answer and your memorable word.

Authentication Apps

When a Visa Commercial Pay App user has set up MFA, the app will automatically include a new ‘Authenticator’ menu option when the user is logged in to the app with the same username and password that they use to log in to the Visa Commercial Pay web portals.

VCP_APP_AUTH_1.pngVCP_APP_AUTH_2.png

This Authenticator option is not visible to any app users who have not started the MFA set-up process.

The passcode will refresh every 30 seconds, and a countdown timer is displayed to indicate how long is left before the code will refresh.

You can also use a 3rd-party authenticator. Clicking View supported apps at MFA setup displays a list of supported 3rd-party authenticators.

VCP_MFA-09.png
 
Visa Commercial Pay​ is unable to provide support relating to 3rd-party authentication apps. If you need assistance with setting up or using any 3rd-party authenticator, please refer to the provider's support documentation. For example, if you are using Google Authenticator, please refer to Google's support documentation for any assistance.
 
Note: The exact amount of time that an authentication code remains valid is controlled by the third party authenticator.  Although all passcodes are only valid for a short window of time, depending on the authenticator you choose, the passcode may remain valid for longer than 30 seconds. The exact expiry time is controlled by the third party authenticator. 
 
 

What if an end user loses or does not have access to their device?

If an end user cannot access their device to complete MFA at login, they will not be able to log in without having their account reset by one of the following:

  • Visa Commercial Pay Support

  • Corporate Administrator

  • Issuer Administrator

 
 

Related articles