Glossary / Verification & identity
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) requires two or more independent proofs of identity, such as a password plus a one-time code or biometric, before granting access, reducing account takeover risk.
What is multi-factor authentication?
MFA asks for more than one kind of proof before letting someone in: something they know (a password), something they have (a one-time code or hardware key), or something they are (a fingerprint or face). The idea is that a stolen password alone is not enough. A familiar Australian example: a finance manager logs into the banking portal, enters their password, then approves a prompt on their phone. If an attacker phished the password but does not hold the phone, the login fails.
Why it matters for Australian finance teams
Account takeover is a common on-ramp to payment fraud. Once a criminal controls a supplier’s or colleague’s email or banking login, they can send convincing bank detail changes and fake invoices from a genuine account, a pattern behind much business email compromise reported to Scamwatch and the ACCC. MFA closes the easiest door, but it protects the login; it does not confirm that the account details a verified user then enters actually belong to the intended payee.
How ezyshield helps
MFA and ezyshield solve different halves of the problem. MFA secures who can access your systems; ezyshield confirms the person, the business via ABN and ASIC records, and bank account ownership before money moves, so even a request from a genuine, authenticated user is checked against reality. ezyshield is a payment verification platform, not an authentication or single sign-on product, so it complements your MFA rather than replacing it. If payment details change, any change triggers re-verification, and every check is logged in an append-only audit trail that is never edited or deleted. See how it works and security at ezyshield.
Also known as: MFA, 2FA, two-factor authentication
Last updated: 7 July 2026
Related terms
- Account Takeover Account takeover is when a criminal gains unauthorised access to a legitimate user's account, such as an email or banking login, and uses it to commit fraud or redirect payments.
- Business Email Compromise (BEC) Business email compromise (BEC) is a scam in which an attacker hacks or impersonates a company email account to trick staff into transferring money or changing payment details.
- Identity Verification (IDV) Identity verification (IDV) is the process of confirming that a person is who they claim to be, using identity documents, biometrics, or trusted data sources.
See also: Security at ezyshield , Business email compromise
Stop payment fraud before money moves
Verify the person, business, and bank account before any payment leaves your account.