In order to protect our customers, we will be turning on Extended 2FA for all customers.
This is a mandatory requirement for all of our customers.
The extended 2FA enablement will mean for you:
- If standard 2FA is not already enabled then you and your payees will be asked to enter a phone number on login to Tipalti Hub / Supplier Hub. If you need to reset activation of a user's 2-step verification (e.g., if the user moves to a different country or changes the contact phone number), refer to Reset 2FA verification.
- Tipalti Hub: Whenever you attempt to login as a payee and try to change payments details, you will be prompted for 2FA. This 2FA SMS message will go to the payees phone number. Therefore any payee banking information change will require cooperation with the person who has first logged in to the payee account and set up 2FA.
- Suppliers Hub and the iFrame: Whenever your payees attempt to change payment details they will be required to use 2FA which is the phone number they will use to set up 2FA when they login for the first time.
What is 2FA?
For payees accessing the system, Tipalti utilizes Two-Factor Authentication (TFA): a knowledge factor (the username and password to access the payee dashboard on the payer’s website) with the possession factor (the payee‘s mobile phone to receive a validation PIN).
There are two levels of functionality:
Standard 2FA - on login to Tipalti Hub or Supplier Hub, which requires the following on each login attempt:
- A knowledge factor (the username and password to access the payee dashboard on the payer’s website)
- A possession factor (the mobile phone linked to the account to receive a validation PIN).
Extended 2FA:
- 2FA upon payment method changes of payees
- 2FA upon each login for specific payer user roles
What happens on extended 2FA enablement if my payees are unregistered in Supplier Hub or iFrame?
When extended 2FA is turned on - you will now be asked for your phone number when you log in as a payee and go to the change payment method area. This will then be the phone number associated with the account. If the payee then wishes to become active - they should log in to the Suppliers Hub and will be asked to set up 2FA on login. That phone number will then replace the payers phone number as the number associated with the 2FA needed for payment method change.
What happens on extended 2FA enablement if my payees have already registered in Supplier Hub or iFrame?
You will not be able to change payment details without the payee's cooperation, as they will need to send you the code sent to their phone when they log in.
If a registered payee requires their 2FA to be reset:
Required user roles View Payees & Update Payee
You can reset 2FA verification for already registered payees. The next time the payee logs in, the payee needs to type their mobile number again as part of the verification process.
1. Search for the payee.
2. At the top right of the screen, click "Actions" and select "Reset 2-step verification activation".
3. Click "Confirm".
What messaging can I provide to my payees?
Please direct your payees to the "2023 Extended 2FA Pilot rollout FAQs for Payees" page: Extended 2FA FAQs for Tipalti Payees
What are the benefits of 2FA?
Protects Against Password Attacks:
One of the primary benefits of 2FA is that it protects against password attacks. Password attacks, such as phishing scams or brute force attacks, can be used to steal passwords or gain access to accounts. However, 2FA provides an extra layer of protection that makes it more difficult for cybercriminals to gain access to accounts, even if they are able to steal a password.
Increases Security:
2FA increases security by requiring users to provide two forms of identification before granting access to an account or system. This makes it more difficult for cybercriminals to gain unauthorized access to accounts or systems, as they would need to provide both forms of identification.
Easy to Use:
2FA is easy to use and can be implemented in a variety of ways, including mobile apps and text messages. This makes it easy for users to access their accounts while still providing an extra layer of security.
Regulatory Compliance:
Many industries are required to comply with regulatory standards for data security, such as PCI DSS for payment processing. 2FA is often a requirement for compliance with these standards, making it an important component of overall data security.