2020.3 Release 3, 2020.4 Release 1, 2 & 3

Comments

4 comments

  • Nathan

    Nice update. Couple of questions :

    1/ With regards to "We now support text based verification codes and give users choice when verifying device to use phone number or email" ... could this new functionality be adapted for front-end customer orders too? For example the rule engine determines that a newly placed order has an increased risk of fraud, the system would then present a 'please verify your contact phone number' on the order confirmation page? Admin could then see whether the customer phone number has/hasn't been verified as part of the fraud checking workflow.

    2/ Will the new "New Security Stuff' - confirming user accounts set up for the sole purpose of API integrations will not be negatively impacted? i.e. API integrations will not be broken due to forced password resets etc

    Cheers

    Ā 

    Ā 

    1
  • Kathy Sechrist

    I had similar questions about the new security stuff....

    What about passwords for ftp accounts? I currently have automated ftp uploads and downloads to resolve issues I have with the way AC tracks inventory. I hope I won't be seeing these fail every 3 months then need to stop everything and fix all my ftp scripts.

    0
  • Jeff Campbell

    Great questions!

    @Nathan

    1/ We are still evaluating front end user or store customer MFA. The fact that we had to build some specific tools for this to work properly for AmeriCommerce does lay good foundational pieces if we decide to roll something out for customer accounts. I would encourage you to upvote that feature request if you haven't already. However, mid-checkout phone number confirmations isn't something we've seen a lot of requests for. Do you have an example of this on another store? That would be interesting to dissect.

    2/ API integrations will not be broken due to this. We will be flagging SOAP API users as "Legacy API" users and will prevent admin logins with this user, but keep the API access unaffected. We will be warning users of this in the admin if they are attempting to login via a user with SOAP API access.

    @Kathy

    FTP accounts will not be affected by this rotation. Only user accounts. :)

    0
  • Nathan

    Thanks for the clarification.

    With regards to utilising MFA as a fraud mitigation tool on the front end, it would be something to implement AFTER the checkout has been completed, and only enacted on 'high risk' orders, determined by the store admin. (The store admin would determine what constitutes a 'high risk' orderĀ in the AC store rule engine.)

    I'll create a feature request for it now.

    Cheers

    1

Please sign in to leave a comment.

We're Here To Help


Standard Support Hours: Monday-Friday 8AM-5PM CST
Looking for Premium Support? Just ask!

Submit A Support Ticket
Submit Your Ticket Here