Table of Contents
Two-Factor Authentication, also known as 2FA, is a methodology that requires users to have not only a username and password to log in, but also an additional component (like a single-use code from an application or text message, a physical security key, or a fingerprint scan). In the event an account password is compromised, the 2FA component aides in preventing unauthorized users from logging in.
All Gateway accounts (affiliate and merchant level) have the ability to enable 2FA on their users, adding the need for a temporary code from a secure smartphone-based application to be submitted with a valid username and password before accessing the control panel. We highly recommend the use of this feature, as it vastly improves the security of your users.
As an affiliate, your account security not only protects your interests, but also those of your merchants/sub-affiliates. Even at the lower permission levels for affiliate users, there are still enhanced abilities to oversee large amounts of potentially sensitive information.
Enabling 2FA protection for all users accessing the control panel, especially for those with administrative abilities, is considered a best practice to provide a minimum level of security.
The guide "Two-Factor Auth - Affiliate Setup.docx" attached below walks through enabling 2FA for affiliate account users, as well as serves as a brandable document to provide to any sub-affiliates.
While merchant accounts can not access multiple sub-accounts, merchant users still have an extensive amount of access to information and abilities. 2FA is also recommended for merchant accounts to help reduce the risks of their user information being captured and used by a malicious third party.
Administrative users are an obvious target as they have many extra abilities, however, all individuals with access should consider using 2FA. For example, an attacker who obtains credentials for a merchant user who only has access to the Virtual Terminal could potentially spam the merchant account with thousands of fraudulent transactions, leaving the merchant on the hook for any incurred fees and other issues that arise.
The attached brandable guide "Two-Factor Auth - Merchant Setup.docx" walks configuring 2FA for merchant users.
**NOTE: Merchant accounts still using the “legacy” interface are unable to use 2FA authentication.