Login, Account Access Block and Inactivity Timer

Document purpose

This document is intended to provide a non-technical audience with an understanding of the Login, Account Access Block
and Inactivity Timer elements in the end-user journey.

Note: For illustrative purposes the Canvas app has been used to demonstrate the end user functionality of the SDK.

About the Login, Account Access Block and Inactivity Timer end-user journeys

The Login to a payment account requires 2 Factor (2FA) Strong Customer Authentication (SCA).

Account Access must be blocked if a customer exceeds a maximum number of failed authentications.

If a customer is inactive in their account for a certain period of time, they will be required to log in again.

Note: The Contis SDK can perform the 2nd factor of SCA for login in a client app, with the 1st factor being performed by the client’s own app and provided to Contis via the API.

Login, Account Access Block and Inactivity Timer workflow

The Login end-user journey

Step 1 – Customer opens the app

Customer opens the Canvas app.

Step 2 – SCA required

2FA SCA is required for the customer to log in. The example shown is Password with Biometrics.

Step 3 – Customer recognised/Not recognised

After the customer performs the SCA, there are two outcomes:

  • Success (Recognised) – continue to Step 6 – Login successfully completed.
  • Fail (Not recognised) – continue to Step 4 – Retry SCA factor.

Step 4 – Retry SCA factor

If the first attempt at the SCA fails, there are two possible outcomes

  • Try again – return to Step 2 – SCA required.
  • Fail (maximum attempts exceeded will result in an Account Access Block) – continue to Step
    5 – Account Access blocked.

Step 5 – Account Access blocked

After exceeding the maximum number of SCA attempts, the customer is directed to the Account Access
error screen – instructing them to ring customer services.

Note: Account access block means restricted access to the app – all other functionality, for
example, ATM card and POS transactions are still available.

Step 6 – Login successfully completed

The login has been successful, and the customer is directed to the Transactions landing screen.

Inactivity Timer

A customer is logged out of their account after a period of inactivity. For clients, an API method lets Contis know when
a customer remains active within the app. Once inactivate after a period of time, the customer will be logged out and
returned to Step 2 – SCA required (in the Login end-user journey).

Account Access blocked

Contis have an API method that allows the client to unblock a customer’s account access for reasons such as exceeding
the maximum authentication attempts e.g. OTP re-entry. The customer will be notified in the app and instructed to call
customer services.