Starting November 2nd 2022 Shopify Payments will require all store owners to enable Two-Step Authentication for Shopify Payments. This is to increase account security and prevent account takeover by fraudsters, resulting in stolen payouts.
If you have not already enabled Two-Step authentication you will see a yellow banner in your admin home page asking you to complete the set up. As well you will receive an email about Two-Step authentication.
Two-Step Authentication (2SA), also referred to as multi factor authentication, makes it much more difficult for an unauthorized person to access your account. It requires you to enter your account credentials (email and password), then confirm your attempt to log in using a mobile device or a security key.
Data shows that enabling Two-Step Authentication can prevent 99.9% of account compromises as most breaches are caused by lost or stolen account information. Adding this extra layer of security will reduce the likelihood of a compromised account resulting in payouts being redirected to fraudulent bank accounts.
If you believe your account has been compromised or want to take precautions to prevent a compromised account here are some steps you can take:
Update or reset your password to one that hasn't been used before.
Enable Two-Step Authentication. App-based and biometric authentication are stronger than SMS authentication, where messages may be intercepted or redirected through the telecom network.
Update your password and enable Two-Step Authentication for your email account as well.
Check your banking details and update them if necessary. Keep in mind that updating banking requires entering the current bank details, so if they were unexpectedly updated, we can assume the original details were compromised. In this case, contact your bank for assistance with securing the bank account.
Review general account settings to make sure all information is correct.
Scan your device for any potential malware that may have been added.
Avoid clicking links or downloading attachments from emails where you are unsure of the sender. You can reach out to our support team if you’re unsure of any email that states it is from Shopify and read our phishing help center article for other tips.
You can also use the websitehaveibeenpwned.com to see if your email or phone number has been detected in a data breach.
If you would like to learn more about Two-Step Authentication and how to enable it, please review our help center article.
Jacqui | Community Moderator @ Shopify - Was my reply helpful? Click Like to let me know! - Was your question answered? Mark it as an Accepted Solution - To learn more visit the Shopify Help Center or the Shopify Blog