To better protect against unauthorized refunds and other sensitive actions, we are introducing step-up authentication.
What is Step-Up Authentication?
Step-up authentication is a security mechanism that requires additional verification for certain high-risk or sensitive actions. While standard login credentials grant access to the system, some actions—such as issuing refunds, updating billing details, or managing user accounts—require an extra layer of authentication to ensure security. This provides enhanced protection for critical functions.
How It Works:
- User Logs In– A standard login with a username and password is sufficient for general actions.
- Sensitive Action Triggered– When a user attempts to perform a high-security action (e.g., issuing a refund), the system detects the need for extra verification.
- Additional Authentication Required– The user is prompted to complete Multi-Factor Authentication (e.g., enter an MFA code from an authentication app or SMS).
- Access Granted– Once the user successfully verifies their identity, they can proceed with the action.
This added layer of security ensures that critical actions are protected without adding unnecessary friction to everyday workflows.
How This Affects You
Starting now, when issuing a refund from the returns page, you may see a message like this:
This action requires a higher level of authentication. Multi-Factor Authentication (MFA) is not currently enabled on this account. While you can proceed for now, MFA will soon be required for actions requiring enhanced security. Please enable MFA in your account settings to ensure uninterrupted access to these features.
While MFA is not yet mandatory, we
strongly encourage
enabling it now to ensure continued access to key account functions. You can find instructions on how to enable MFA here. Refunds are just the beginning.
In the coming months, we will extend step-up authentication to other sensitive actions, such as user creation and billing changes. Stay ahead of security requirements—enable MFA today! 🚀