Multi-Factor Authentication (MFA)

Last Updated: 12.19.24

Multi-Factor Authentication (MFA) is a security measure that will help verify your users' identity and safeguard their personal information.  This security feature is automatically enabled on all GiveSmart Events locations where a user has the option to 'Add a Card'.  There are no steps or settings to configure for admin.  

Multi Factor Authentication Trigger Locations

Users will be prompted with the MFA email verification when adding a card on file in the following locations: 

• My Info
• Item Description Page (Only if there is no card on file and Card Required to Bid is enabled)
• Self Checkin
• Credit Card Campaign Link (in SMS and email messages) 

User Experience

1. User selects add card on file from one of the following locations:
   • My Info
   • Item Description Page
   • Self Checkin
   • SMS/Email 'Credit Card' Campaign Link
2. Enters credit card information.
3. Selects 'Add Card', which generates an email with a 6-digit code to be sent.
   • Email on file: an email is generated  automatically.
   • No email on file: a popup will appear prompting them to add one.  Once entered and submitted, the email will be generated.
4. User copies the 6-digit code and enters in the validation popup. 
   

The Importance of MFA for You and Your Donors

FAQs

If being checked in to an event, does the guest have to authenticate when swiping a card? 

• No, when a volunteer or admin swipes a card with a volunteer during the checkin process, the MFA verification email step is not necessary. 

When an admin is adding a card on behalf of a guest, will the MFA authentication email be triggered? 

• No, when a volunteer or admin enters a card on file on behalf of a guest, MFA is not required.  

What does the MFA email verification look like? 

• The verification code email will be sent from noreply@givesmart.com, and will contain the following information.

What happens if the user enters an incorrect code? 

• If the code is entered incorrectly, the code is removed, the box turns red, and a message will appear prompting them to enter a valid code.

Can a user resend a code if the code has expired? 

• Yes, a user can simply click the Resend Code link located at the bottom of the verification popup. 

Why is multi-factor authentication important? 

• By enabling this additional step in the card adding process, this protects your organization from fraudulent credit card attempts on your payment forms. 
• To learn more about card testing, click here. 

The donor didn't receive the email, where should they look? 

• The email will be received from no-reply@givesmart.com which might have been caught in their spam filter.  Please instruct the donor to search their spam file before resending the message. 
• If still not received, verify the email on file by clicking their initials in the top right corner > Click Profile > Verify email on file.  Updated if necessary. 

Is there an option to receive the MFA via SMS (text message)?

• At this time, SMS authentication is not available but will be included as an option at a later date in 2025. 

Can our organization opt out of MFA? 

• No, given the sophistication of threat vectors in today’s era and across every industry, implementing MFA is essential for ensuring the security of your organization and protecting your donors’ card information.  

Where can a user view/update the email on their account? 

• Users can update the email on their account by clicking on their initials in the top right corner of an Events site > select Profile from the dropdown > update the email and save.

Is there a location where I can see users who didn't enter the code? 

• No, we do not track users who did not enter the code.

If a user is prompted to enter an email via the popup, is the email entered saved to their profile? 

• No, at this time the email entered on the popup is not saved to the user's profile.