Skip to main content

Setting Up Multi Factor Authentication

  • Updated

We have introduced Multi Factor Authentication (MFA) to Visa Commercial Pay products. This adds a layer of protection to the sign-in process. When MFA is enabled, you will be required to provide additional identity verification in the form of a time-based one-time passcode.

If your Issuer has enabled Multi Factor Authentication (MFA) you will be prompted to set it up at the first time login:

  1. You will be presented with the option to download the Visa Commercial Pay App, and you can also click to use your own authenticator app.

    VCP_MFA-05.png

  2. If you click to use your own authenticator, you will be presented with a QR code to scan.

    VCP_MFA-07.png

  3. Click View supported apps to see a list of compatible apps.

    VCP_MFA-10.png

  4. If you are unable to scan the QR Code, click the Unable to scan the QR code? link to get a manual key to enter. Enter this into the authenticator app, then click Continue.

    VCP_MFA-08.png

  5. Enter the code from your authenticator app and click Verify.

    VCP_MFA-09.png

  6. A confirmation message will be displayed. Click Continue to complete your login.

    VCP_MFA-06.png

Your Issuer can set a migration date in Visa Commercial Pay Online, which will allow you to skip setting up MFA and continue using the existing sign-in process until the migration date. If you do not enable MFA during the migration period, you will be forced to complete MFA set-up at your next login after the migration date has passed.

VCP_MFA-04.png

Until you set up MFA, you will follow the existing login process which uses a memorable word. Once MFA is set up, you will no longer need to enter characters from your memorable word. Once MFA is set up, the Forgotten Password process also uses a time-based one-time passcode in place of the security question and answer and your memorable word.

Authentication Apps

If you are a Visa Commercial Pay App user with MFA enabled, the app will automatically include a new ‘Authenticator’ menu option.

VCP_APP_AUTH_1.png

This Authenticator option is not visible to any app users who do not have MFA set up.

VCP_APP_AUTH_2.png

The passcode will refresh every 30 seconds, and a countdown timer is displayed to indicate how long is left before the code will refresh.

You can also use a 3rd-party authenticator. Click View supported apps at MFA setup to see a list of supported 3rd-party authenticators.

VCP_MFA-09.png
 

What if an end user loses or does not have access to their device?

If an end user cannot access their device to complete MFA at login, they will not be able to log in without having their account reset by one of the following:

  • Visa Commercial Pay Support

  • Corporate Administrator

  • Issuer Administrator

 
 

Related articles