Road Ninja integrates with Akahu to offer a secure and efficient way to pay for services directly from your linked bank accounts. A key component of this security is Multi-Factor Authentication (MFA), sometimes referred to as Two-Factor-Authentication (2FA).
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is a security measure that requires two or more verification factors to prove your identity when logging in or performing sensitive actions like making payments. Instead of just a password, MFA adds an extra layer of security, making it significantly harder for unauthorised users to access your account.
How Does MFA Work with Akahu Payments on Road Ninja?
For Akahu payments on Road Ninja, MFA primarily uses an authenticator app. Here’s how it works:
Linking Your Bank Account: When you link your bank account to Road Ninja via Akahu, you will be prompted to authenticate using your authenticator app. This typically involves scanning a QR code with an authenticator app (such as Google Authenticator or Authy) on your device. This app then generates time-based one-time passwords (TOTP).
Bank Portal Redirection: During the account-linking process, you may be temporarily redirected to your bank’s portal to provide login credentials. This step allows Akahu to securely access eligible accounts. Road Ninja never sees your bank login details.
Making Payments: Every payment made through Akahu on Road Ninja requires two-factor authentication. After selecting your bank account for payment, you must use your authenticator app to verify each transaction.
Verification Code Option: In some situations, particularly with certain banks, Akahu may send an email-based verification code to complete payment approval. If this applies, you'll receive instructions via email to finish the authentication process.
Managing Consent: You can manage or revoke the consent you've given to Akahu (and Road Ninja) at any time via the Akahu dashboard. This includes revoking ongoing authorisations, providing you control over your linked accounts and data sharing.
Secure Data Handling: Road Ninja only receives and stores your bank account number, while Akahu securely stores authentication tokens and uses bank-grade encryption. Akahu processes and enriches your account data before sharing only those details necessary for payment and categorisation.
User Responsibility for 2FA Method: You are responsible for securing your chosen authentication method (your app and the device itself). If you suspect unauthorised access or lose your phone, notify Road Ninja or Akahu promptly and reset your authentication app access as needed.
Before you start: You will need to have an authenticator app (such as Google Authenticator, Microsoft Authenticator, or Authy) installed on your device. This is a required first step to successfully complete the bank account linking process and helps keep your payments secure.
Setting Up Two-Factor Authentication (2FA) for Multi-User Payments
If more than one person in your organisation needs to make payments on Road Ninja, they'll also need to enable Two-Factor Authentication (2FA), everyone must scan the same QR code during the bank account linking process at the same time.
Each authenticator app must generate the same shared code for multi-user access to work correctly.
You can either:
Have all authorised users together, scanning the QR code from your screen simultaneously, or
Take a screenshot of the QR code and send it securely to each user so they can scan it immediately.
If you choose to take a screenshot, treat it as sensitive information. Store or share it only through secure company-approved channels, and delete it once everyone has completed their setup.
⚠️ Important: The QR code is only shown once during setup. Once the setup is complete, it can’t be re-generated. Make sure all users have scanned the code before moving to the next step.
After everyone has scanned the code, your authenticator app(s) will start generating 6-digit verification codes.
Enter the current code into Road Ninja and click Verify.
Your company’s payment account is now secured with 2FA, and all authorised users will be able to authenticate payments using their shared access code.