One-Time Passcode(Formerly known as Multi-factor Authentication)

Last Modified on 12/01/2025 5:47 pm EST

Last Updated: 12/1/25

One-Time Passcode (OTP) is a security measure helps verify your users' identity and safeguard their personal information.  When this security feature is enabled (per the request of the client) on all GiveSmart Events locations where a user has the option to 'Add a Card'.  There are no steps or settings to configure for admin.  

Enabling One-Time Passcode (OTP)

This feature can be enabled within the Org Hub by Org Admins through the Settings option located on the top right. Once in the settings menu, select the drop down value for OTP to 'Yes' under settings. OTP is set to No by Default.

One-Time Passcode Trigger Locations

Users will be prompted with the OTP SMS or email verification applicable on all the paths for paying with a card/adding a card on file (Donate Now, Pay Tab, Order Forms (ticketing or custom), etc.)

    • Homepage Order Form
    • Custom Order Form
    • Donate Now Form
    • Champions P2P
    • MY INFO > Add Card on File
    • Self Check-In
    • PAY tab
    • Instant/Raffle/Vote items set to Immediate Checkout
    • Adding card on file in order to bid (Global Setting requiring card on file to bid)
    • Email/SMS with campaign link to add card on file

 

User Experience

Users will be prompted to enter the code they received via SMS to the number on file:

Users who have opted out of receiving SMS messages, no number on file or entered a landline phone will receive their code via email.


Step 1: User selects "Add Card On File" from one of the following locations:


My Info Tab: 

Item Description Page:Self Check-in:


When a Credit Card Link is sent by an admin to registered users:



Step 2: User enters their credit card information:A screenshot of a credit card registration formDescription automatically generatedStep 3: User selects 'Add Card', which generates an SMS or Email with a 6-digit code to be sent:

 

  • Email on file: An email is generated automatically.
  • No email on file:  A pop-up will appear prompting them to add one. Once entered and submitted, the email will be sent: A screenshot of a computer screenDescription automatically generated

Step 4: User copies the 6-digit code and enters in the validation popup:

A screenshot of a computer screenDescription automatically generated


The Importance of OTP for You and Your Donors

With a commitment to balancing ease of use with the highest level of security our customers and donors expect, One-Time Passcode (OTP) security measure is enabled for all GiveSmart customers.  This next level of protection enforces even more security for your donors’ identity and safeguards their personal information when completing payments on the GiveSmart platform.  


What This Means for You 
One-Time Passcode (OTP) will be enabled on all sites in your Events account. No additional action is needed on your part. 
 
What This Means for Your Donors 
When adding a card on file on Event sites, donors will be prompted to verify their identity through a one-time code sent to their email. At this time, SMS authentication is not available but will be included as an option at a later date. 

FAQs

If being checked in to an event, does the guest have to authenticate when swiping a card? 

  • No, when a volunteer or admin swipes a card with a volunteer during the checkin process, the OTP verification email step is not necessary. 

When an admin is adding a card on behalf of a guest, will the OTP authentication email be triggered? 

  • No, when a volunteer or admin enters a card on file on behalf of a guest, MFA is not required.  

What does the OTP email verification look like? 

  • The verification code email will be sent from no-reply@givesmart.com, and will contain the following information.

What happens if the user enters an incorrect code? 

  • If the code is entered incorrectly, the code is removed, the box turns red, and a message will appear noting the code is either invalid or has expired. A screen shot of a computerDescription automatically generated

Can a user resend a code if the code has expired? 

  • Yes, a user can simply click the Resend Code link located at the bottom of the verification window.  

Why is One-Time Passcode important? 

  • By enabling this additional step in the card adding process, this protects your organization from fraudulent credit card attempts on your payment forms. 
  • To learn more about card testing, click here

The donor didn't receive the text or email, where should they look? 

  • Ensure they have not opted out of receiving SMS messages and the number on file is correct.
  • The email will be received from no-reply@givesmart.com which might have been caught in their spam filter.  Please instruct the donor to search their spam file before resending the message. 
  • If still not received, verify the email on file by clicking their initials in the top right corner > Click Profile > Verify email on file.  Updated if necessary. 

Can our organization opt out of OTP? 

  • Yes. MFA is not automatically enabled. If you would like the feature to be enabled, please reach out to Support at support@givesmart.com.

Where can a user view/update the email on their account? 

  • Users can update the email on their account by clicking on their initials in the top right corner of an Events site > select Profile from the dropdown > update the email and save.

Is there a location where I can see users who didn't enter the code? 

  • No, we do not track users who did not enter the code.

If a user is prompted to enter an email via the popup, is the email entered saved to their profile? 

  • No, at this time the email entered on the popup is not saved to the user's profile. 

Related Articles

Copyright © GiveSmart. All rights reserved.