What is Multi-Factor Authentication (MFA)?
MFA or Multi-Factor Authentication, also called Step-Up Authentication, is an approach to security authentication, in which the user of a system provides more than one form of verification to prove their identity and be granted access. Multi-factor authentication is so named because it leverages a combination of two or more factors of authentication. In the field of cybersecurity, the three major factors of authentication and verification are: 1) something a user knows (such as a password or the answer to a question), 2) something the user has (such as a smart card, a mobile phone or a security token), and something the user is (such as a unique biometric marker like a fingerprint).
Why is MFA Important?
Reducing risks is key for businesses organizations, no matter the size. As further organizations cultivate a digital workspace, credential harvesting is increasing. According to a report from Verizon, for example, over 80 percent of hacking-related breaches are caused by stolen or weak passwords. With this in mind, MFA becomes essential.
Fraud.net offers Multi-Factor Authentication as a feature within our Fraud Prevention Suite.
Here’s how it works:
Fraud.net’s multi-factor authentication feature gives fraud analysts the ability to send a verification text message to the phone number of a transaction. The purpose of this is to authenticate that the phone number within the transaction is owned by the person who actually placed the transaction. A Yes/No question will be sent to a phone and then based on the response the transaction, it can be auto-cancelled, auto-approved or sent to a queue for further review.
1. When a fraud analyst is reviewing a transaction, they can select the option to authenticate the transaction (Send MFA) from the dropdown menu in the top right corner:
2. The fraud analyst will then confirm that they would like that message sent:
3. The admin, from the business profile page, can manage what the message says and what action occurs based on the reply. The admin can also manage what happens when no reply is received and the time frame for the reply. The default question reads as “$business name$ here. We received a transaction from $firstname$ $lastname$ for $amount$ on $orderdate$. Was this you?”
Reply Yes or No”
4. The transaction remains in a pending authentication queue until there is a response or it expires.
