developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a question

Authorize.net portal 2 factor authentication

Christophe
Contributor
‎04-30-2015 07:47 AM
Status: Accepted

Despite using best security practices to protect passwords, we consider the single form authentication to the Authorize.net portal to be a critical security concern.

 

The concern is especially high with regard to CIM. When CIM is enabled, anybody breaking into the Authorize.net account can do a lot of damage (like creating transactions).

 

We are in 2015 and two form factor authentication is widespread and easy to implement. It does not have to be a full blown 2-factor with MFA devices. A simple solution - for example using a mobile phone access code - would already be a huge improvement over the current system.

 

 

12 Comments
Christophe
Contributor
‎04-30-2015 03:25 PM
‎04-30-2015 03:25 PM
Another motivation is to protect our clients data (name, address, last 4 digits of CC) which is accessible in CIM. We owe our clients to do the best in protecting this data, and currently this data for hundreds of clients, is only protected by a single password...
Status changed to: Under Review
RichardH
Administrator Administrator
Administrator
‎08-13-2015 03:31 PM
‎08-13-2015 03:31 PM
 
merpro
Member
‎12-02-2015 10:21 AM
‎12-02-2015 10:21 AM

I second and third this. It is embarrassing that banks, credit cards, email accounts and even my kids school has 2 factor authentication and a payment gateway proccesing millions of dollars does not.

 

After implementing 2FA, please revisit whether forcing users to change their password every 90 days is truly adding security. It was a nice concept but the reality is that most customers are writing down the new password becuase they can't remember the changes so often.  

pat1498
Member
‎10-20-2016 09:07 AM
‎10-20-2016 09:07 AM

Not only is this embarassing, but it's a requirement for PCI compliance by Jan. 2018.  When will this be implemented?

Status changed to: Accepted
RichardH
Administrator Administrator
Administrator
‎07-19-2017 09:01 AM
‎07-19-2017 09:01 AM
 
Christophe
Contributor
‎12-22-2017 06:14 AM
‎12-22-2017 06:14 AM

Two factor is becoming widespread. How can Authorize.net be so far behind on this one ? Isn't security a primary concern ? Any update appreciated.

blackwood821
Contributor
‎06-22-2018 07:56 AM
‎06-22-2018 07:56 AM

Any update on this since it's now a requirement for PCI compliance?

Christophe
Contributor
‎01-10-2019 09:39 AM
‎01-10-2019 09:39 AM

2019 and this request is still pending. No updates. It is confounding that a company involved in managing payments online does not have an option for the users to authenticate more securely than with a single password.

 

I like Authorize.net in many respects, but security is paramount and I am considering switching to a more secure solution.

 

natesutherland2
Contributor
‎02-28-2020 09:08 AM
‎02-28-2020 09:08 AM
and now it's 2020. Any update on this Authorize.net?
Yetzederixx
Member
‎05-08-2020 11:48 AM
‎05-08-2020 11:48 AM

How has this been going on for 5... years. Your one-time email pin system is provably inadequate in the advent of a breached physical computer.

Copyright © 2025 Khoros, LLC
Top