Skip to main content
×

Multi-factor Authentication in Kount 360

  • Updated

When a New Account Opening or Login request triggers a challenge in Policy Management, the customer must complete a real-time verification or authentication of the email address. This ensures that the user creating the account or signing in to the account has access to the registered email address by sending a one-time link to that email address.

You can create and manage messaging templates for the verification emails or text messages.

Then, enable change notifications by using the Verification Status Update event for a webhook. Go to the following documentation for additional webhook support:

For API specifications, go to Multi-factor Authentication API Specifications on our Developer website.

Email One-Time Hyperlink

When an Account Creation or Login request triggers a challenge in Kount 360 Policy Management, the customer can conduct a real-time verification of an email address. A verification email is sent to the email address being used to create or log in to the account. This ensures that the person logging in does have access to the email address.

Once you have email one-time hyperlink (OTH) activated for your Kount 360 account, you can create messaging templates with your company branding to send to customers in the API.

Then, to see status notifications, you can set up webhooks in Kount 360. Webhooks enable real-time data synchronization and automated workflows. They facilitate faster response times by pushing data instantly when an event triggers, removing the need for continuous API calling. This leads to improved efficiency, reduced latency, and enhanced responsiveness.

Adding a new domain for Multi-Factor Authentication or Verification emails

You must provide the domains you want to use to send Multi-Factor Authentication or Verification emails to your customers. You can use up to three email domains. If you need more than three domains, contact us at support@kount.com.

  1. Sign in to Kount 360.

  2. Select Admin.

  3. Select Messaging.

  4. Select Manage Domains.

  5. Select Add Email Domain.

  6. Enter the domain (up to 63 characters), then select Save. After you have added the domain, the CNAME values display.

  7. Copy the CNAME records and add them to your DNS provider.

    Note

    You must publish the CNAME records to your DNS provider. If they are not published, we cannot send the email on behalf of your domain. Go to Creating and verifying identities in Amazon SES for more information.

Enabling Multi-Factor Authentication for a Segment in Policy Management

You can enable Multi-Factor Authentication (MFA) for Login segments so that specific customers are required to use a second method of authentication. Enabling this option helps prevent login abuse fraud.

  1. Sign in to Kount 360.

  2. Select Policy Management.

    A list of policy sets displays.

  3. Find the policy set with the segment you want to edit, then select Edit.

  4. Find the segment you want to enable MFA for, then select Edit.

  5. Select MFA Enabled.

  6. Select Save.

    The segment now displays with MFA ON.

Enabling Verification for a Segment in Policy Management

You can enable verification for New Account Opening segments so that specific customers are required to verify their email address. Enabling this option, helps prevent account creation fraud.

  1. Sign in to Kount 360.

  2. Select Policy Management.

    A list of policy sets displays.

  3. Find the policy set with the segment you want to edit, then select Edit.

  4. Find the segment you want to enable Verification for, then select Edit.

  5. Select Verification Enabled.

  6. Select Save.

    The segment now displays with Verification ON.

Creating an Email Messaging Template

You can create messaging templates to customize what you send in your Multi-Factor Authentication/verification communications.

  1. Sign in to Kount 360.

  2. Select Admin.

  3. Select Messaging.

  4. Select Create Template.

  5. In the Template Type menu, select Email.

  6. Enter a name for the template. Use alphanumeric characters, hyphens, and underscores. Spaces and other special characters are not accepted.

  7. Select Create. The email message text editor displays:

    account_protection_template_1.png

  8. Fill out the following fields. All fields are required.

    Note

    End users have three attempts to enter the correct one-time password (OTP). If the correct OTP is entered within three attempts, the end user is redirected to the URL listed in the Success target URL field. If the end user fails all three attempts, they are redirected to the URL listed in the Error target URL field. If the OTP is used after it has expired, the end user is redirect to the URL listed in the Expired target URL field.

    • Subject: This is the subject line of your email.

    • Email Message: This is where you draft the body text for your email. The message must include the provided verification link, which can be embedded to any text by entering the hyperlink criteria as {{verification_link}}.

    • Sender's Email Address: This is the email address that you are sending from. Example: noreply@emaildomain.com

    • Error: This is the target URL when a user selects the verification link and an error occurs. Example: https://example.com/error

    • Expired: This is the target URL when a user selects the verification link and the link has expired. Example: https://example.com/expired

    • Success: This is the target URL when a user selects the verification link and the link is successfully executed. Example: https://example.com/success

    Example of a completed email template:

    account_protection_template_2.png

  9. Select Save.

The template is saved and available to send to end users.

SMS One-Time Hyperlink

When a New Account Opening or Login request triggers a challenge in Kount 360 Policy Management, the customer can conduct a real-time verification of a phone number. A one-time hyperlink is sent to the user's phone number. This ensures that the person logging in does have access to the phone number.

Once you have SMS one-time hyperlink (OTH) activated for your Kount 360 account, you can create messaging templates with your company branding to send to customers in the API.

Then, to see status notifications, you can set up webhooks in Kount 360. Webhooks enable real-time data synchronization and automated workflows. They facilitate faster response times by pushing data instantly when an event triggers, removing the need for continuous API calling. This leads to improved efficiency, reduced latency, and enhanced responsiveness.

Adding a new domain for Multi-Factor Authentication or Verification SMS messages

You must provide the domains you want to use to send Multi-Factor Authentication or Verification SMS messages to your customers. You can use up to three SMS domains. If you need more than three domains, contact us at support@kount.com.

  1. Sign in to Kount 360.

  2. Select Admin.

  3. Select Messaging.

  4. Select Manage Domains, then SMS Domains.

  5. Select Add SMS Domain.

  6. Enter the domain (up to 63 characters), then select Save. After you have added the domain, the CNAME values display.

  7. Copy the CNAME records and add them to your DNS provider.

    Note

    You must publish the CNAME records to your DNS provider. If they are not published and verified, we cannot send the SMS message on behalf of your domain. Go to Creating and verifying identities in Amazon SES for more information.

Enabling Multi-Factor Authentication for a Segment in Policy Management

You can enable Multi-Factor Authentication (MFA) for Login segments so that specific customers are required to use a second method of authentication. Enabling this option helps prevent login abuse fraud.

  1. Sign in to Kount 360.

  2. Select Policy Management.

    A list of policy sets displays.

  3. Find the policy set with the segment you want to edit, then select Edit.

  4. Find the segment you want to enable MFA for, then select Edit.

  5. Select MFA Enabled.

  6. Select Save.

    The segment now displays with MFA ON.

Enabling Verification for a Segment in Policy Management

You can enable verification for New Account Opening segments so that specific customers are required to verify their email address. Enabling this option, helps prevent account creation fraud.

  1. Sign in to Kount 360.

  2. Select Policy Management.

    A list of policy sets displays.

  3. Find the policy set with the segment you want to edit, then select Edit.

  4. Find the segment you want to enable Verification for, then select Edit.

  5. Select Verification Enabled.

  6. Select Save.

    The segment now displays with Verification ON.

Creating an SMS One-Time Hyperlink Messaging Template

You can create messaging templates to customize what you send in your Multi-Factor Authentication/Verification communications.

To create an SMS one-time hyperlink (OTH) messaging template:

  1. Sign in to Kount 360.

  2. Select Admin.

  3. Select Messaging.

  4. Select Create Template.

  5. In the Template Type menu, select SMS.

  6. Enter a name for the template. Use alphanumeric characters, hyphens, and underscores. Spaces and other special characters are not accepted.

  7. Select Create.

    The SMS message editor displays:

    account_protection_sms_template.png

  8. Fill in the following fields. All fields are required.

    Note

    End users have three attempts to enter the correct one-time password (OTP). If the correct OTP is entered within three attempts, the end user is redirected to the URL listed in the Success target URL field. If the end user fails all three attempts, they are redirected to the URL listed in the Error target URL field. If the OTP is used after it has expired, the end user is redirect to the URL listed in the Expired target URL field.

    • SMS Message: This is where you draft your SMS message. The message must include the provided verification link, which can be added to any text by entering the hyperlink criteria as {{verification_link}}.

    • Custom Sender Identity: Select the sender's domain identity. This is the domain from which the message is sent.

    • Error: This is the target URL when a user selects the verification link and an error occurs. Example: https://example.com/error

    • Expired: This is the target URL when a user selects the verification link and the link has expired. Example: https://example.com/expired

    • Success: This is the target URL when a user selects the verification link and the link is successfully executed. Example: https://example.com/success

    Example of a completed template:

    account_protection_sms_template_2.png

  9. Select Save.

The template is saved and is available to send to end users.

SMS One-Time Passcode

When an Account Creation or Login request triggers a challenge in Kount 360 Policy Management, the customer can conduct a real-time verification of a phone number. A verification message is sent to the phone number being used to create or log in to the account. This ensures that the person logging in does have access to the phone number.

Once you have SMS one-time passcode (OTP) activated for your Kount 360 account, you can create messaging templates with your company branding to send to customers in the API.

Then, to see status notifications, you can set up webhooks in Kount 360. Webhooks enable real-time data synchronization and automated workflows. They facilitate faster response times by pushing data instantly when an event triggers, removing the need for continuous API calling. This leads to improved efficiency, reduced latency, and enhanced responsiveness.

Adding a new domain for Multi-Factor Authentication or Verification SMS messages

You must provide the domains you want to use to send Multi-Factor Authentication or Verification SMS messages to your customers. You can use up to three SMS domains. If you need more than three domains, contact us at support@kount.com.

  1. Sign in to Kount 360.

  2. Select Admin.

  3. Select Messaging.

  4. Select Manage Domains, then SMS Domains.

  5. Select Add SMS Domain.

  6. Enter the domain (up to 63 characters), then select Save. After you have added the domain, the CNAME values display.

  7. Copy the CNAME records and add them to your DNS provider.

    Note

    You must publish the CNAME records to your DNS provider. If they are not published and verified, we cannot send the SMS message on behalf of your domain. Go to Creating and verifying identities in Amazon SES for more information.

Enabling Multi-Factor Authentication for a Segment in Policy Management

You can enable Multi-Factor Authentication (MFA) for Login segments so that specific customers are required to use a second method of authentication. Enabling this option helps prevent login abuse fraud.

  1. Sign in to Kount 360.

  2. Select Policy Management.

    A list of policy sets displays.

  3. Find the policy set with the segment you want to edit, then select Edit.

  4. Find the segment you want to enable MFA for, then select Edit.

  5. Select MFA Enabled.

  6. Select Save.

    The segment now displays with MFA ON.

Enabling Verification for a Segment in Policy Management

You can enable verification for New Account Opening segments so that specific customers are required to verify their email address. Enabling this option, helps prevent account creation fraud.

  1. Sign in to Kount 360.

  2. Select Policy Management.

    A list of policy sets displays.

  3. Find the policy set with the segment you want to edit, then select Edit.

  4. Find the segment you want to enable Verification for, then select Edit.

  5. Select Verification Enabled.

  6. Select Save.

    The segment now displays with Verification ON.

Create an SMS One-Time Passcode Messaging Template

You can create messaging templates to customize what you send in your Multi-Factor Authentication/Verification communications and what displays on the verification page that the end user is directed to. Verification results are delivered with webhooks to the customer's configured endpoint.

To create an SMS one-time passcode (OTP) messaging template:

  1. Sign in to Kount 360.

  2. Select Admin.

  3. Select Messaging.

  4. Select Create Template.

  5. In the Template Type menu, select SMS: OTP.

  6. Enter a name for the template. Use alphanumeric characters, hyphens, and underscores. Spaces and other special characters are not accepted.

  7. Select Create.

    The SMS template editor displays:

    messaging_sms-otp_template_1.png

  8. Fill in the following fields. All fields are required.

    Note

    End users have three attempts to enter the correct one-time password (OTP). If the correct OTP is entered within three attempts, the end user is redirected to the URL listed in the Success target URL field. If the end user fails all three attempts, they are redirected to the URL listed in the Error target URL field. If the OTP is used after it has expired, the end user is redirect to the URL listed in the Expired target URL field.

    • SMS Message: This is where you draft your SMS message. The message must include the one-time password, which can be added to any text by entering the hyperlink criteria as {{verification_token}}.

    • Error: This is the target URL when a user selects the verification link and an error occurs. Example: https://example.com/error

    • Expired: This is the target URL when a user selects the verification link and the link has expired. Example: https://example.com/expired

    • Success: This is the target URL when a user selects the verification link and the link is successfully executed. Example: https://example.com/success

      Note

      If you are hosting the verification page, then the redirect URI is not mandatory. The redirect URI is returned as part of /verify endpoint.

  9. In OTP Verification Configuration, fill out the following required fields to customize how your message displays to the end user.

    • Host: Select Kount as the SMS OTP messaging host. If you want to self-host, select Client.

    • Callback URI: Provide the callback URI.

    • Primary Color: Change the primary color to fit your branding guidelines. This changes the primary colors represented on the verification page.

    • Header Message: Enter the header text that you want displayed on the verification page under the company logo.

    • Consumer Message: Enter the message you want displayed on the verification page. This text is displayed above where the end user must enter the one-time password.

    • Logo: Enter the URL to the company logo that you want displayed on the verification page.

  10. Select Save.

    Example of a completed template:

    messaging_sms-otp_template_2.png

Your configured messaging displays in an example window in the OTP Verification Configuration section of the template. The template is available to send to end users.

Can’t find what you’re looking for?
Submit a Ticket
Contact Us
+1.866.919.2167