MFA for End Users
MFA refers to Multi-Factor Authentication. This is a requirement set forth by the Payment Card Industry Data Security Standard or "PCI DSS".
Who will be affected?
To support the MFA requirement, Paymetric has implemented two-factor authentication for the following interfaces and user types:
| Interface | Users in scope |
|---|---|
|
Merchant Portal |
All Merchant Portal users must enroll in Duo and are then prompted for two-factor authentication upon each login. |
|
XiPay WebGUI |
All users with permissions to view raw card numbers must enroll in Duo. Users are prompted to enroll in Duo two-factor authentication the first time they attempt to view a raw number in a given session. Going forward, users are prompted to authenticate via Duo the first time they attempt to view a raw card number within a given session. You are not prompted per card number. |
|
Intercept Standalone and SAP |
All Organization Admin users and any end users with detokenization privileges must enroll in Duo. Users are prompted to enroll in two-factor authentication the first time they attempt to detokenize in a given session. Going forward, users are prompted to authenticate via Duo the first time they attempt to detokenize within a given session. |
Review the following bullet points to further understand when users are prompted for enrollment and ongoing two-factor authentication:
-
There are separate Paymetric Duo MFA accounts for QA and Production. A user only needs to enroll once for Paymetric Duo access for a given phone number, tablet, or hard token for a given environment, QA or Production.
-
So for example, if you are prompted when logging in to Merchant Portal to setup your Duo account. Then you later log in to XiPay WebGUI and have the Admin permission role, you will just be prompted for two-factor authentication login whenever logging into XiPay. You will not have to enroll via that interface as well.
-
Merchant Portal only has a Production environment. If you enroll in Duo via the Merchant Portal, you will automatically be enrolled in both XiPay WebGUI and Intercept Standalone/SAP Production environments and vice versa.
-
For XiPay WebGUI and Intercept Standalone/SAP interfaces, you will be prompted to enroll the first time you access either of the QA environments.
-
For SAP users that only launch Intercept from within SAP, you should not be affected.