Authenticated users changing personal details
We have a website where users authenticate with a username/password and also have the option of switching on two factor authentication
One of the options they have in our application is to amend their home address which is then immediately updated on our back-office database
One client has asked for an extra later of security (their words, not mine) for when the user does this.
We've discussed sending a PIN to the mobile number or email we have recorded for the user, - I was wondering what others have implemented (if anything at all!)
Feels a little overkill to me as they are not changing bank details or any sort of payment instruction
Thanks