We have introduced Multi Factor Authentication (MFA) to Visa Commercial Pay products. This adds a layer of protection to the sign-in process. When MFA is enabled, you will be required to provide additional identity verification in the form of a time-based one-time passcode.
If your Corporate Administrator has enabled Multi Factor Authentication (MFA) you will be prompted to set it up at the first time login:
You will be presented with the option to download the Visa Commercial Pay App, and you can also click to use your own authenticator app.
If you click to use your own authenticator, you will be presented with a QR code to scan.
Click View supported apps to see a list of compatible apps.
If you are unable to scan the QR Code, click the Unable to scan the QR code? link to get a manual key to enter. Enter this into the authenticator app, then click Continue.
Enter the code from your authenticator app and click Verify.
A confirmation message will be displayed. Click Continue to complete your login.
Your Corporate Administrator can set a migration date in Visa Commercial Pay Online, which will allow you to skip setting up MFA and continue using the existing sign-in process until the migration date. If you do not enable MFA during the migration period, you will be forced to complete MFA set-up at your next login after the migration date has passed.
Until you set up MFA, you will follow the existing login process which uses a memorable word. Once MFA is set up, you will no longer need to enter characters from your memorable word. Once MFA is set up, the Forgotten Password process also uses a time-based one-time passcode in place of the security question and answer and your memorable word.
If you are a Visa Commercial Pay App user with MFA enabled, the app will automatically include a new ‘Authenticator’ menu option. This Authenticator option is not visible to any app users who do not have MFA set up. The passcode will refresh every 30 seconds, and a countdown timer is displayed to indicate how long is left before the code will refresh.
You can also use a 3rd-party authenticator. Click View supported apps at MFA setup to see a list of supported 3rd-party authenticators.