Overview
Two-Factor Authentication (2FA) adds an extra layer of security to your account by requiring a second form of verification when logging into the Merchant Portal. This helps protect your business from unauthorized access and reduces the risk of fraud. We strongly recommend enabling 2FA to help safeguard sensitive payment and customer data.
What Is Two-Factor Authentication?
Two-Factor Authentication (2FA) is a security feature that requires you to provide two forms of identification before accessing your account:
- Your password (something you know)
- A code from an authentication app (something you have)
Commonly used apps include Google Authenticator and Authy, which generate time-sensitive codes directly on your mobile device.
Why Use It? Merchant Benefits and Considerations
Using 2FA helps prevent unauthorized access even if your password is compromised. This can be especially important for merchants who:
- Use the Virtual Terminal to process card-not-present transactions
- View or export customer or transaction data
- Make account-level changes like creating users or updating settings
Example:
If a fraudster gains access to a standard user login with no 2FA, they could run hundreds of unauthorized transactions, potentially incurring fees and reputational damage.
Enabling 2FA helps ensure only authorized individuals can log in—even if login credentials are accidentally leaked or stolen.
Prerequisites
To enable 2FA, you’ll need:
- Access to your Merchant Portal login
- A smartphone with an authenticator app like Google Authenticator or Authy installed
How to Enable Two-Factor Authentication
For Admin and Standard Merchant Users (with Settings Access)
- Log in to your Merchant Portal
- On the left-hand side menu, select:
- Options → Settings
- Under General Options, click Two-Factor Authentication
- Follow the on-screen instructions to scan the QR code with your authenticator app
- Enter the generated code to confirm setup
For Users Without Settings Access
- Log in to the Merchant Portal
- Click on your name or profile icon in the top right corner
- Select My Settings
- Find the section labeled Two-Factor Auth and follow the setup instructions
Troubleshooting and Resetting 2FA
If you no longer have access to your authentication device (e.g., lost phone, deleted app), 2FA can be temporarily disabled.
Important: Only your Merchant Service Provider can disable 2FA if you're locked out. Contact them for assistance.
Common Questions
Do I have to set up 2FA for each user in my business?
No. Each user sets up their own 2FA individually. However, it’s highly recommended that all users enable it, especially those with administrative or transaction capabilities.
What happens if I change phones?
Before switching devices, log in and update your 2FA settings using the new authenticator app. If you forget to do this, contact your Merchant Service Provider for help.
Can I use SMS for authentication instead?
At this time, authentication must be completed through an authenticator app and not via text message.
Is 2FA mandatory?
2FA is not mandatory but is strongly recommended for all users to enhance account security.
Need Help?
If you have trouble setting up or accessing your Two-Factor Authentication, please contact Merchant Service Provider for assistance.