When they moved from Trustwave they said in their FAQ:

Can a merchant choose to remain with Trustwave directly?  

While we no longer offer Trustwave as our recommended PCI solution, customers can choose to work with any Qualified Security Assessor (QSA) company.

If the other company is a QSA then it would be taken off.

Has anyone implemented MFA with the Sage 100 client??? 

This was back in March 2019 and we got PCI Certified through Security Metrics SAQ C compliance. Paya said that wasn't good enough. I went back and forth several times with no resolution so I gave up.

I have seen users setup Unified login in Sage 100 so that security was based on the logged in user in windows. You can then  setup MFA with Windows and since unified login is based on windows you can say the client logged in with MFA. Personally, I do not consider this MFA with the application and in my humble opinion is less secure as the login is not challenged when going into the application, only when going into windows.