ProTips: Activate MFA for Strengthened Security and Compliance

Even the savviest procurement or AP professional can get tricked.

Phishing attempts targeting finance teams have become increasingly sophisticated. The email address from the source often looks legitimate. The message in the email could seem routine if you’re not on alert.

“The email could read, ‘Hey, it’s your administrator, please enter your email address and password, we need to verify something,’” said Felix Ottersbach, Product Manager for Customer Lifecycle and Integrations at Procurify. “The scam could happen quickly and create major problems for an organization.”

Combatting financial fraud and protecting sensitive data are top priorities for many organizations in highly regulated industries like:

Procurify’s new multi-factor authentication (MFA) feature is designed to provide those organizations with high security and meet stringent compliance requirements. Procurify MFA – powered by Auth0, one of the world’s largest authentication providers for MFA – prompts a one-time password sent to a secondary device to verify the authenticity of the user.

“We offer customers our MFA feature for free,” said Ottersbach. “In this day and age where fraud, phishing attempts, and scams are just so prevalent, we want to make sure that our customers feel secure about accessing Procurify and that everything happening in the platform is performed by authorized users.”

For existing Procurify customers who leverage Procurify Spending Cards or bill payments, Ottersbach strongly recommends activating MFA on their domain, “because you’re moving real money in Procurify and bad characters would love having access to it.”

Accessing your banking or email account often requires an extra layer of security such as MFA. Procurify empowers customers to fiercely protect who has access and visibility into their financial data – whether they’re internal team members or external bad actors. A recent Microsoft study stated that MFA reduces the risk of account takeover by over 99% compared to single-factor authentication.

“Implementation is straightforward from our perspective,” said Ottersbach. “Anybody with permission to the Manage Access section in settings can do it with two clicks.”

As soon as MFA is enabled, it is active for the entire domain. Users who log into Procurify are asked to enroll in MFA. Activating MFA – a free feature – is an efficient user experience that enables domain managers to:

“MFA provides that additional authentication to satisfy any security or compliance requirements,” said Ottersbach.